Malware Analysis Report

2024-09-22 12:33

Sample ID 240731-sh3kxazbrl
Target https://github.com/Endermanch/MalwareDatabase
Tags
troldesh discovery persistence ransomware trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Endermanch/MalwareDatabase was found to be: Known bad.

Malicious Activity Summary

troldesh discovery persistence ransomware trojan upx

Modifies WinLogon for persistence

Troldesh, Shade, Encoder.858

UPX packed file

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-31 15:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-31 15:08

Reported

2024-07-31 15:16

Platform

win11-20240730-en

Max time kernel

479s

Max time network

476s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe" C:\Windows\system32\msiexec.exe N/A

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Downloads\NoMoreRansom\[email protected] N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\J: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\W: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFBEAC62AE4AE4D4C6.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB545.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED65.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF885AE72C17D8EBD0.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3BE0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB474.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB534.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\sys.job C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE77.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEF44.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED86.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEDF8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE27.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB1A44C1576B9ED69.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59b31e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB435.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Tasks\sys.job C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI3C4E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59b31e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEEE5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF46EA6D4C91B868B4.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3B4F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSIB387.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB4E5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59b31a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI3B00.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB5A4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB6C0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A7F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3ACF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3B81.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Tasks\sys.job C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D1A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFE826BCDBFE7913BD.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIECE5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEDE7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A5F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3B50.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB4A5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C452D4E2-DE24-48B6-B5C3-ACB240A01606} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3BCCBC3D78812ADC.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEDE6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3AE0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF39AFD4CBE8D886C0.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED45.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEDA6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFC93DED4854FBBBC9.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD268A2C25DA1847D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59b323.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3AAF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB3D6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A2F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3B70.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB4A4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB74D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0243A1EB83FA44B8.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59b323.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59b31a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB565.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NoMoreRansom\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xyeta\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NoMoreRansom\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Windows\system32\taskmgr.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Winlocker.VB6.Blacksod.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Xyeta.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\ViraLock.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4092 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff999aecc40,0x7ff999aecc4c,0x7ff999aecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1828 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2152 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4540 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3084,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4648,i,8782955076270733176,13664414662635694211,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\Desktop\[email protected] SETUPEXEDIR=C:\Users\Admin\Desktop\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BBCEFDA13C0011641418EBC74CF0C0C8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9CF8888EBB8338C2903FA95F8D53C9A9 E Global\MSI0000

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\Desktop\[email protected] SETUPEXEDIR=C:\Users\Admin\Desktop\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 29C0BB3A0409CCA276305B7D374D97B7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8D7A14D870A0FE504676F4E203364154 E Global\MSI0000

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\System32\6i_kzm.exe

"C:\Windows\System32\6i_kzm.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff999aecc40,0x7ff999aecc4c,0x7ff999aecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1768 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1388,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2172 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4288,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4824,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4984 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4652,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3160,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5604,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3416,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3452 /prefetch:8

C:\Users\Admin\Downloads\Xyeta\[email protected]

"C:\Users\Admin\Downloads\Xyeta\[email protected]"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4628 -ip 4628

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 472

C:\Users\Admin\Downloads\Xyeta\[email protected]

"C:\Users\Admin\Downloads\Xyeta\[email protected]"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3304 -ip 3304

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 440

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\Desktop\[email protected] SETUPEXEDIR=C:\Users\Admin\Desktop\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AF1602EE44ED1A88A2BB5E260FD9161E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6B668A6D8D99DA4A4D676321E58CA69E E Global\MSI0000

C:\Users\Admin\Downloads\Xyeta\[email protected]

"C:\Users\Admin\Downloads\Xyeta\[email protected]"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3264 -ip 3264

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 456

C:\Users\Admin\Downloads\Xyeta\[email protected]

"C:\Users\Admin\Downloads\Xyeta\[email protected]"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1920 -ip 1920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 448

C:\Users\Admin\Downloads\Xyeta\[email protected]

"C:\Users\Admin\Downloads\Xyeta\[email protected]"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1124 -ip 1124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 440

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=2984,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5300,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3172 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4956,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5408 /prefetch:8

C:\Users\Admin\Downloads\NoMoreRansom\[email protected]

"C:\Users\Admin\Downloads\NoMoreRansom\[email protected]"

C:\Users\Admin\Downloads\NoMoreRansom\[email protected]

"C:\Users\Admin\Downloads\NoMoreRansom\[email protected]"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5176,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3012,i,354846173654805451,5932854377836457648,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3440 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 185.199.108.133:443 private-user-images.githubusercontent.com tcp
US 52.54.161.79:80 collect.installeranalytics.com tcp
US 52.54.161.79:80 collect.installeranalytics.com tcp
GB 95.101.143.195:443 tcp
GB 104.98.2.187:443 r.bing.com tcp
GB 104.98.2.187:443 r.bing.com tcp
GB 104.98.2.187:443 r.bing.com tcp
GB 104.98.2.187:443 r.bing.com tcp
GB 104.98.2.187:443 r.bing.com tcp
US 52.168.112.67:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 54.167.177.111:80 collect.installeranalytics.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:51754 tcp
DE 131.188.40.189:443 tcp
N/A 127.0.0.1:51761 tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 collector.github.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
NL 194.109.206.212:443 tcp
GB 95.101.143.195:443 tcp
US 52.168.112.67:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 arc-ring.msedge.net udp
US 172.202.65.254:443 arc-ring.msedge.net tcp
US 8.8.8.8:53 spo-ring.msedge.net udp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 8.8.8.8:53 a-ring-fallback.msedge.net udp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 8.8.8.8:53 254.65.202.172.in-addr.arpa udp
US 8.8.8.8:53 254.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 254.33.253.131.in-addr.arpa udp

Files

\??\pipe\crashpad_4092_VBZSXSDFLPSJLIWQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1baabc9167115b3208d0737568c180a
SHA1 21e7f41ee97979c5d2c1cdabe7973636a446a442
SHA256 77882dba80f715cdf0a136802e54989ea2c113f6e7313c04d624e14856c53657
SHA512 766749dd73dd4d20fd5838f5576ca5b14fb7e73e2b0e1bd5c099c40b99ff7a6a9aa728e2c6814f6203d1148a20e7249c240c9bdb7e37a9c4d9fea7ac8555d471

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94d00bb415b27a7c516a45bf9eb3bc55
SHA1 5327d2331b10b2a9de36aec0bb1c82a055746325
SHA256 a20355bf6a089704b49ce352da77c367ad2e2e4411f3e32e2c0322ea778a1f11
SHA512 ade6dc32dc29baf1ecc0ec14d0d2562d06b142731d9a7f75567c0eadd795443d3b7cdc4a8d770fbd3d955fb5bffd27066da70796aa968a2507780915eb0df59c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0dc8411254a3b92ca5831d9648be85d1
SHA1 de2fd6eca70a0c7bc08aa8364766d9c58df2453b
SHA256 ed01c2e65a5cdad33aff1831f98ecb80b1de321928f46a29c5f50f89575276bc
SHA512 4af9c19d4925320bc5eb1071052a200efbf9791fbed73258c6e0efb728bf5815517d74c341a3027122f4e74450f241a7e5360fbbf343c38965fdc700e999f3e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a0ef9791975f50f274c8381e0f842be
SHA1 06b929b475c143bd05a5e8a3b970498b48924231
SHA256 57c76b187efc6b8e7c7c00504a8d5d8ad9a860ea3fa78d95cea015c2243d990c
SHA512 c44c86b26261ac95e4b70d9f7aca1f98bd804ddf3d896846763e58e0bcf8fc9903016999eee306e4b82ebaabb207646b21b61ec2f531b8e93d3e5b799a176d69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 edc196d94e7d5209732d67281346ae52
SHA1 a29e29e30f1b84d9fbf59a06ab18d64d56d4c4b3
SHA256 87b44ad6ad3f808bc4bbd99aefc5ef2fe592fe965fd10f3d2b9336192665793a
SHA512 e57c9dd6304a9f280cfd38b947571398ef382a8c6279b64eb80cedbb1a5848e1795ee2327a50cd91d4bde57ccf433aa8f722adc6c273e3120028d8a8c8d3b30b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23ace2f36ca0329ed9943af2c4c6f9cc
SHA1 671eba9fd97e477c378e10cefc7921a9801561ea
SHA256 939f60a953a8dd8915108cfdf0d7eb6118af002951268705dd4b9b4488af0fec
SHA512 91bbc478cb03ec8ec36a345cf87410d911b8ef7a1619b054d5722780d4388654e4ea454e1ed0c1361ac7ae5f227d9186504f37561469064ee8ed59a8e5b057f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a8c348d7f689bbeb9b5af17ff7484508
SHA1 2ab5a8e946b391e07a6de65089c67c21982ecd98
SHA256 3aa8a73513e7bbd5ac0d0af74e9136a84073cde17dca24dfd4cbebc7c2c8edfd
SHA512 cf143a8f1676aa8911c5b456866b0a1c919c488f3feeb585a2b9a60936d6186cdbf09dbcfd7e5c372485c27dadbdffa9f61877e884f6504a18abbff7055f42a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b14c6e8dfefd80fcd31c6841d3792e8
SHA1 7e9018c0627c73d4d465c0c221ae0970c839a8a4
SHA256 9893ab78feb816b127e21f346c5a0ce292a85964060daa2493846195bcf8bcef
SHA512 0551f4467866a04463a7473f0eac1d1dc8a60b17124a05aed427395c1706a54e98a8276252a74e549c4203d97f0976633d7a3fea70bfd232e9743ab9a94f5178

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a877ca8f7755d5349834e7694b7dfe5
SHA1 917e9c7429708290932baad09996e945139cb50a
SHA256 97f89357e4e69a040c4ce4119ce9aa502bc3c41e68da9605e0052139fd14efb2
SHA512 12a5bd25f47a5dc1996c863290a864253f6da75c7d0f04a6d59e1fc87aa8ec7e8bfcda22c821e8d103283931389faa45f2b314f58e51f89ddc1bdedafcea1c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5185f76353ec3f1355160032c038cac4
SHA1 d88e76b2c5020e0cb826e4c883a773e639a3949e
SHA256 165ca63cf56cf0901f772d7a08c00ee13e9c0b838a31a54e494c561cbe37466f
SHA512 d24c4315d9bd5d78870f8e48e8516ac5a729f3dc0c5e369f88a35661523736ef9767baf77bbb963fb125386bcb8c9e9959d680bafe3e78774058676166bfc85a

C:\Users\Admin\Downloads\Winlocker.VB6.Blacksod.zip

MD5 713f3673049a096ea23787a9bcb63329
SHA1 b6dad889f46dc19ae8a444b93b0a14248404c11d
SHA256 a62c54fefde2762426208c6e6c7f01ef2066fc837f94f5f36d11a36b3ecddd5f
SHA512 810bdf865a25bde85096e95c697ba7c1b79130b5e589c84ab93b21055b7341b5446d4e15905f7aa4cc242127d9ed1cf6f078b43fe452ad2e40695e5ab2bf8a18

C:\Users\Admin\Downloads\Winlocker.VB6.Blacksod.zip:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73bea4fa0ee5966751e332974c1b583a
SHA1 329b3268a5e599970011438c86ecadafaae69aae
SHA256 14e6627f2127f94c50564fe7e396de84ebf25e1874f76dba12e7b447ec2b4f78
SHA512 233099de00270054774d79c515dea32ec381edfcc7ac29c979843609b7924a63136b6c4ad52cfd95cd32edf5e6e9adf603b9c1ff7a4637420900d2f6f7c47bca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b28f6f2b01b99ae231b08f8ab184677
SHA1 6dc48e8aaff9320bcc5271a48fc4bb20c6f0df21
SHA256 d75f4fd549ab4f5d964498cbbe8eca2077491dfaa6543199b15d8c1bfa452773
SHA512 5632175a5be89271d3df7a9eb1e5b6e07c13d4eee1cc48a844979b71aa43a8f1753f61e21d454eeb933b02ebd8ce2e363e71a756c5342bf74b4f6e028f57f30c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c02080a45700cc178af256f2d25b9c09
SHA1 e58f8d97b8f98193be830ac106941ae6e82c0d32
SHA256 aaed8adea17ac0ed62bd60a3a831330ecd5d4bbb4dc3b006875f6db5a9f748fa
SHA512 ef812078d019ab4498c4450d5cbae11a90b2242b7650d0cf222cd69600fc5873373a715f95c1d1dd7b1710f3aea4b0ea025e60903e5bf6aa12e4293adbb8ac0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e14b1e7704c41328f17fa191300064a6
SHA1 ea839b4e194a8d6e0a7772f0999231e824d2e497
SHA256 acea76139f67139baa6e24db25e5cd1e098f4eba10bd27a3083c47208d0628ae
SHA512 cf246adce9b3c3a62d762082c17514ea7a841986a768a1e16fab325e0359ed0dbbcec08058d76cc6e61444febd50f7c4b445e413f3b5a4bbb660034e26447fb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de7203eac18fba5b09ab81eb923dd5e6
SHA1 14e4936f26384c5de309bceb2457235cfca1d9d7
SHA256 f0780f863553f82938096aa33545c6601e119420056c80baa402902ec8d65c8c
SHA512 3344aba9bb566e64e3738e5fade57f4888f94bc781554cd52f070d2a2468c164b29bf157e9dea28a6433285531b9dd93e389237f28db702f6598125ff13389c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9dc988b120687b939b46a9748691faba
SHA1 01c231101153bb9e6732f93e139cecb490945212
SHA256 308ea81cca297bd42d42e6ae74abbfdb380d2e377536b774530591e133e04994
SHA512 4c78f90f67f5e8c9e345d7fd725eb44f535a9d45c9147c41ecf2cb415d55aab36adc7d9bbef9df73a3db385a938799b8d5cf65116056e7050cf554d27a93e9f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5655b50c4a481a057f0f5a361a99d2ce
SHA1 a60f522a3d9a2628261ff6839eb1bde33d428862
SHA256 11679fd683f30ab7c1aed830ba4aa8201b84f090876b390e81902fb0ed5e7ad3
SHA512 d43362ce22d9fbd34c1ddcb3978dda0be515a3cc481a0cbfbfde3e0595beac90fcbf0b32840e287fc3198eea92ec8d3793d5a0fe6a7cb418cb350f71766f8be0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 618f7dceaf0277790ea676eced0977a3
SHA1 57ff830d81ef92ab1d1335eb51529e7a3c1c2fcb
SHA256 dce7eae56cf520fba26e7f095d64ff2c7ce0919dfafd0e09891e062da50b9553
SHA512 147246b00f1c681687fddb63d2ed84a55f2b6991b7e0c85dc98ecb9f1219737f6f9bdab5e16012bfb7ac2012a050ac72b606d29207a83991bd7902f535f50e59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 0e922137312395b393c0b95fe10cccac
SHA1 f511afd47cfb30c669523a1391896f72978d993c
SHA256 bf942f7f57b6555a79f6b7bdfe53d47315d792297e4d86e6856e8e5d8f820802
SHA512 a92bfd3f54de54347205dbb27b35ef0b8a1b4130d04f3efcd10e2b042809cc10c48922691430d86f6d1352ecccc858936aa6915030437d2e132594d057bb19fe

C:\Users\Public\Desktop\VLC media player.lnk

MD5 049dcea33e0bd10d6524e2b14a5e7323
SHA1 01d4f55e729c744dc5e9c7702ca5f1848c8f4a82
SHA256 d32db750eca7287dffc1b3137b87609b2051cf6846c0d51eb5b67a8a4be4ea6b
SHA512 b8814a36530f7e5dcefdbfe07f32e284b8323b039efdecf20dfcc01f7aec32fe54addc25c50b475fe7b4144c1e530925b236ae4d046a1d012a345ce7ba6ab2db

C:\Users\Admin\Desktop\BackupMount.inf

MD5 27f1f1507eec6d5bd6fc3a615fcd68a3
SHA1 554b8ba065afb0dda65e2315eabd820cf52db973
SHA256 629f2333aedc28766b5ffc15c22d12dafacedb9ff08e88f86573bccf1d1b0c99
SHA512 c1b4e51efbb126c61f9d4ad7c6fa8bf2d6f1215d37616864def77eb2b2ed789a2b17c73addbe807374abbcc563c3fc60ee520fba8d79a81dd4adb64e534a6bc2

C:\Users\Admin\Desktop\OpenUpdate.docx

MD5 e42044f175752b132e2b3bfbd444164e
SHA1 efcc3cdc0ef51629c2f12a8689a8c5f0182bfe2f
SHA256 94bba10deb84c28a3989417ab2ca28da2a08ee7456bd027313c1f16d1a60dbfd
SHA512 74fb0134ae0bd04f9eb8c21d12b98bcbc61fcf0fed88f7e7b92f2682cbd15d5008920128037569b35aafe23ba7308d60e433737b81f4bc74ea1f3bba7bbf48e5

C:\Users\Admin\Desktop\GetMount.gif

MD5 a42241a5588d84f689054bddfbece6d3
SHA1 12c35b1f8943772fee84582715855d2be8c8c263
SHA256 9704e1008055c5117d4caabbfad2dcdef45f45c01cd63480f5a5e01dccabd806
SHA512 9999e9168a5ac12d298f3b71d05f7a7c0051cc27b182d705976478d5c12b8ff259a2d6cbc23d1a5d83546073e35db3c0e5a9cace99caaebc599d144c828e0810

C:\Users\Admin\Desktop\EnableOpen.gif

MD5 c609fd7cef0a303e8ee6eedc3cf4e884
SHA1 500a81784a81ab1a42ff4518dcf51b12d3722ec1
SHA256 c3b71ee5f29f4205f429210375c3e2a7821635d92231f1a48e4a84985dabf7ff
SHA512 4c70845b5bd3a624c44b23b2caa61dff869495d2cffbf2aff25b31d6866ac03cee5ef5b7557cb2b8890c046489cd9980ff0417da95a8d0397d33c203be2e9b9b

C:\Users\Admin\Desktop\ConvertRequest.wmx

MD5 32f9e02c5b1e98c5ddb1f758979589e8
SHA1 3672a446f63f3f8fdd0f953a49834f8b4b87b5d0
SHA256 5a76e7fb061e95171eb04585006904b63f0bc70c4bf9bc9425a15bc17af735cf
SHA512 4dd441d7fa81eaae82ceca5db03dc061c3fd2dc71074937699bbb77581c5cfbf7991c453a5ecbbd94d4f6c8749cb82d2c708a512a302aa58f10d655d4f125f25

C:\Users\Admin\Desktop\ConvertFromRead.au

MD5 913c167116e45d0ca903e420bd058c4c
SHA1 2081a144ec1d8dc8d89e532a8882a0d22cd9539f
SHA256 e62cf172bc735ab8ce6525979f03725714787f9b4e623b71674e8cf93cf0f432
SHA512 ef615ae149bfc6a01671380fea9443c80fee3d290465982c6d60b8fe1863f4c7ba715d64e0379a260494f2069f24f062bb1d78e25b4d185de63cff0c2fd8f88a

C:\Users\Admin\Desktop\SearchResume.tif

MD5 e7312eee5286533acf1675efd7122631
SHA1 4acc5d4d6cc5dc43b1c043dc95f64c6c5bb4fee7
SHA256 4b6e5a209bf404c435f6c1fb9d5212292782456765110f47343fe4e47576b0df
SHA512 e1a9adafce99f3ebbb9599ba86c30baf50ccd13cbcc7e0bb31769bc94de36dc1e65db1465de9135f72b0c5d07c54e006be133800ebb9773902d5c2be51436e7b

C:\Users\Admin\Desktop\PingInstall.mhtml

MD5 512d1a0487cf4f94853d47940f81a20f
SHA1 c1564cba95193eab724a8d0ac6b4605d19336245
SHA256 b9e645e28dd879dd743e9a36c21383a82c884a7000a9135e664ba0384d5dd037
SHA512 bf7622e928ab55abaab13ca337d2f5d3d133e90b6fd33fd0a79d7253bc53f6bb4bc2f555b8c65e7420c0a5843129ba1df253be87900b87ffee4f5c2eb67be985

C:\Users\Admin\Desktop\StepComplete.rle

MD5 9bce265968a3e36eaeada51da0c5a7f7
SHA1 8a9539cf62a6d41adeb3b72d899b70c2c97ac72d
SHA256 1cadc14ecda621759a8b78ffe08ffc1617d64b712603172ef2341211b87364f7
SHA512 0905d5ff1a3db13d339e72872da607fa18169eefc7f9d19fe9ce5368c64f6b42655e9844b2cb8c21b3bbabe9f70bc68cebaf585e1b84bd69fb3917c7c5a6706f

C:\Users\Admin\Desktop\UnprotectStop.ADTS

MD5 9b4e4cb3f6489c5dfc97bd60bb0b46a9
SHA1 c2c9821d5f80b29debf36dac527318d46ecd73d3
SHA256 4913dffedc8f346e4ba0ef1e0d645e6ecb9ab6367ba8f692bf183264dc364fe6
SHA512 a66ec603437dcbffe4d6f8864eba7b76cbd90afc6073c1b372a4edc86f6822f1c8e28b4df21f9155da5eb59e971e518835e98909f17a585c6920f4f8a99d76ef

C:\Users\Admin\Desktop\WaitExit.xltm

MD5 a34e2eb119516e5f41bfbcacd45d8397
SHA1 15a184a02f7d7a07289b569d702fce4eabaa67ec
SHA256 756a548f6496725e121ceaef7faad43df0e8042c56604357fd7ab9e62485896d
SHA512 eb26da742b8fc9dec7e1e5f9d01aa2b44ccaa9db13379c02322290afb5689652c9de18274ba1edec2fcfd0e1848f22751b0b3c856b2a183d5d361a07fc4a2961

C:\Users\Admin\Desktop\ClearDeny.txt

MD5 6c74b8b85a493eac00e799d842d06663
SHA1 36034db65aba5e60fd41133d6dd8502ea80cd5e3
SHA256 096f7d98782c82cfd443d3c0b2b6732e0dad39119beb14bcf7422213b00f5134
SHA512 c7b78407551b0dfe96f2b4a8d278386ff4dffcf7778eb5f5d1f8d3fa766e9fb0effbdfa19be7fa165e3172543a67e14ab1eb9c4887ce4579cf9906fba95c32f6

C:\Users\Admin\Desktop\CompleteWait.ex_

MD5 2476b63ce196a8eb5763a045a516fd22
SHA1 d4a83325230094ecc03799db9a22e1004bad76c5
SHA256 d904f71f418748a55126d8613280807133abbda132f3237951f49d9d754397c7
SHA512 1c52b3d36d9c6f3bacf472496a19ea320ec1c1b5a5634eaf26d473481d6e815b1d2facb05548b99ef2c050fbee89fbcff3cf5002d3893d0b03c6f32bf54a764d

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 ef5d8dd55abcf6b67999cb8e87724213
SHA1 c6a00c0615b49e370d59cd30fc829bef8c977349
SHA256 727ada1c0cecb3f026aab5d0753c203eb328681571c6cc4c3064187e83168e80
SHA512 6dd91aa6977ac2fea640f586810579a5f1bbc2c9604d98f565a093ca19ad3a5914b23705bf3efb08b3a83127da3fef7088cb6551f9cd671e928479fdbdfca5fb

C:\Users\Admin\Desktop\RegisterEdit.mpg

MD5 3444abce7f02f968a5abdd6b7d639dd4
SHA1 548a25e333534f9226b3feb4a09f9d457b096af0
SHA256 6182ec00008aa9e2e2a3f150edb34e82eb18621d93a1010df3f574c434657880
SHA512 6cb2f1044f01939ac4110a68a4fb2ccc65824a8571fc7a79f1041ba734a3465e0fe55805be6a3737982814054b5576e8166d4b5b4456e57bca9e4a61f24519aa

C:\Users\Admin\Desktop\ResizeShow.mhtml

MD5 56415e7f3587fa9f53eaa830828f0c0c
SHA1 126c800579ecde631d37d8c965e485a52431b683
SHA256 03dc50baf3753ecf00ea9fbe01c4334358d226dbcb2bc73b6c6372f83b943a34
SHA512 11202b2dd4253774568000a20a6a07da743a2a5ea8b00867f2d57d50837f506a7cdfafb7bf2a984504e40fbc07a12c8b4ac7d1460586c53f73584faf06b2e38f

C:\Users\Admin\Desktop\UndoAdd.rtf

MD5 36e7d008a73756c778f8d23a495f2206
SHA1 60e45bd9efa88acea6ebd192de402b1a76456cbd
SHA256 327d5529dc91fcb2b4ce8525b8bb2e44cde7ffa2b36d1f4c3cce6c9686d93f42
SHA512 5e2771397cfa7825caad6e4c19410a0350a915efaf562fa52c3061097c936ed7e2611f4a559dbce588ba4e1afd0e6b4fcbd208205be8483d918b3aa8314f8e39

C:\Users\Admin\Desktop\UnblockSubmit.mpeg

MD5 15c2c0b487d36f9b6e601f44fe5f78fa
SHA1 08ccb582bf29873da29fe972f0c9dc0c9c69695f
SHA256 1d400f27b647fe3116b3b1133b6552b7a6d870fd7e4bbf3d75b186fd1912b2c4
SHA512 49426aad0ec617dbc711731653c8e107906bb072131a9f20071506b343af2d9efff91f5294348851b8dbcd3994dabd8a0d5a140e6896776ce68c6611ea732115

C:\Users\Admin\Desktop\SuspendGrant.xlt

MD5 9500ed2975653f14cfb0e63db7a5b56c
SHA1 61d1f35fb25b299714f4666396032d518429a8b9
SHA256 f7907edc0b04fcd5b3863b3b26edb9a71e891236cc12d0151d2e516c52836a30
SHA512 277fbcf52608f6b81a1cbd9a82be6895e9ea8a10abb2aa95cf7e61d6f20c0de22112dd41d3f7bc73e2f0930f5d6c0dddd413b871909dfcfc6f8e225a3a48a16a

C:\Users\Admin\Desktop\StopCheckpoint.xps

MD5 a2ddabbe34d73d7511454edfd27ff68f
SHA1 d1c576727661c51404084d2d85d10e2b9aaaeda4
SHA256 e74b0ae15fbfc69c83f1b20e11aec282ac7a79a904588ca4d568284fd00d7a16
SHA512 1e4e25691f580bba9b660280ab46a0d61c24b965cbb98c60c23b2e7ba22ec1a6844bfc3c5ed523c1746efebe8fdb1e64a574bbf3ad197da261bca61320ec94e7

C:\Users\Admin\Desktop\ReceiveRemove.eps

MD5 c322eb30513d5318428b466c2e55b3b6
SHA1 8b3e176ace14385d29906acdf03d827efc6bd291
SHA256 2833ca4bca4d38bd2d9ea35a0659076657635bf4b12322bac67bfd42c696b366
SHA512 e5f3114227fbb55cf8f6cdd7792bc979d7c8396d40a37b3825700181c1bc40031eb33c69b9540232a0813e00b0bf949865892ea766f69369b47464e2b42a4476

C:\Users\Admin\Desktop\ReadNew.rtf

MD5 3961d2248a3cae22c624bd602faa1257
SHA1 41f706f58828e02313618126407e7cad2755dcb9
SHA256 f743cc3b1e273440a9bcc1df210fe5298401f53318ec944f98c6286b37f02d9a
SHA512 8d85291a9bea876d2b15bda80d01426b5a4417b8c5dbedeec7fc63808b8febf8d3903272f9a133ea0f241a2726609aab6163b86ef34a93958cdc35d3868859dd

C:\Users\Admin\Desktop\OpenResolve.mpv2

MD5 406c7705cba0ff52ff36b78dc0ad25ac
SHA1 5cf1dcdf160fdee3f22cd8bffbe555959146c128
SHA256 a4b14c9ad3b5f4e37c65d9fdf3111ec0945ca95f6bc2a6b11cac9723d74ae7de
SHA512 d5508026b94dc961705484406123cad3782bb55d2ed0a23beb24afa9dab957f2a32ab983af86a93ecfaf7858f63f64ccd483ab035c35befa8170d5a9aebc9528

C:\Users\Admin\Desktop\NewPop.htm

MD5 030583705e68bef30e26939f1ccfaf71
SHA1 9cd66877e09704e66b48df6621efd1ab3e888b2e
SHA256 51a00d9b95cb903cf9758a008a8c590b694a211a5a57696e904dd7c93ca6a1c9
SHA512 613bf9227366b06dc5baec04d6c682a97ce419c8549d7e8b8f58b317b986325309185addc58bcf4ecfd13680f028d84cd058a74f3b0e6ae8d123fac7bab5fbb2

C:\Users\Admin\Desktop\GetRead.jtx

MD5 da737c39b2a45791a34405e7ee6ea75f
SHA1 4e1ee2b256052b5df923a55c272001549ea35096
SHA256 a138ace3f49f864cb45ddda9ce5cd74c50726fd210582458f78709b624133fe1
SHA512 ec4f7370e75fb88abcaa841967f50811f229b81446a14319e6859a66f893ca28ab6b16760c2a61eac291b0f4d81b20c9567e1f3a3887e3d32850abbcc6abab04

C:\Users\Admin\Desktop\EditApprove.docx

MD5 eb0040b68c4ac1465243506b088b172b
SHA1 dad4b68879f12fa1c3b5192e9d54668d132fde63
SHA256 1d6d46d139549e4f27a6c74bf762d8d57cb8a0adc408977edc66375d9c686d4c
SHA512 d4a52011e291187dd4622b3a5a1cc905a648c45418a811725545a4422c506af8f156e6d0b75588f562796a13c6dbbbc1fcb4cfccc98949ee8400d26c0fb48dd6

C:\Users\Admin\Desktop\DisconnectRequest.vdw

MD5 3c758ab6d2daf2a38f08febd95f189e9
SHA1 9ec0baf717a62396c69a82ff0be149c7da210241
SHA256 d5a43fbc2d1f69593817b7d85dbdd2c351ad59e06043d6ae8179114843333a82
SHA512 c0b80bffaf5b8d60852070a1bfb4208b231bbb5aefe4e8ea459836794d05dff46c0d186f1c2c58cbac17a26a15c9fa2b0d502b895f673837770ca053fd3e853b

C:\Users\Admin\Desktop\DisconnectGet.DVR-MS

MD5 3e0d70bbf04e25c43eff3dcec08df7c4
SHA1 39210b2eec1812e1371074b0d7b4e1f9ebf537d1
SHA256 ce801743a64337c21a597b8c0a03adefbd84a4399ab5577e92f6b1c436caa396
SHA512 305f3ca351148f0b04fd90360540eed7331b0062f2e7126c5e61c0f10fd8985917a27d1abe923461c34018c7fa12faef66ced31a1f8042e49adfa2a9d3868722

C:\Users\Admin\Desktop\CopyUndo.docx

MD5 7a9598172429cff108014e62b70c69ee
SHA1 7fe03c39aa6446ea08886a76d1317ac7dbaae81a
SHA256 c3482126b2898c676863638cd4706b6565f88cbe770ba1b7203724d9bc206929
SHA512 75899d7f0b6b4d3862d54ce5a97196cab78a69dc503c3ea5acd9e5149ecae7a1c16ae51d1f1492498897927edaf682e1d3fd5edd031c907be5093eeb1285759d

C:\Users\Admin\Desktop\ConvertFromCompress.docx

MD5 043dd54ceb06d87e026dcbd3297369cc
SHA1 d3efb8cc88a534d453b8e32b696e0daef9ecfe8c
SHA256 a0fed954497960f510027107d5f1a36a9d19dcf9290059ed9c103b8347c67afb
SHA512 78ba04b84798d878f6c9f6133cb209998025058aa652ca2bd81a557e62bfedbbe9fac85b9df5ea647c9b9e0051fa35236b2686297f4556b382679a4f8536deee

C:\Users\Admin\Desktop\ConnectRequest.clr

MD5 59e6fde56357a0737abb9ba9c06aa507
SHA1 427b1e078c0b6a974dbb4cf45ed30b5ad5ec00cb
SHA256 914f1aadf4b3e0f3fde5ffbf9833874eb963106a333c3c795e0f78eac5376605
SHA512 b6a3ee85a7a2b824e454127696158de786a7912e6db2f76ff9929514f56be0996ec5474cc5ad7e606f53a0a77d827f96024ac53b27c8b2e308ce1d6535757dc9

C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll

MD5 3531cf7755b16d38d5e9e3c43280e7d2
SHA1 19981b17ae35b6e9a0007551e69d3e50aa1afffe
SHA256 76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089
SHA512 7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd

C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi

MD5 27bc9540828c59e1ca1997cf04f6c467
SHA1 bfa6d1ce9d4df8beba2bedf59f86a698de0215f3
SHA256 05c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a
SHA512 a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848

C:\Windows\Installer\MSIB387.tmp

MD5 4083cb0f45a747d8e8ab0d3e060616f2
SHA1 dcec8efa7a15fa432af2ea0445c4b346fef2a4d6
SHA256 252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a
SHA512 26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133

C:\Windows\Installer\MSIB3D6.tmp

MD5 d552dd4108b5665d306b4a8bd6083dde
SHA1 dae55ccba7adb6690b27fa9623eeeed7a57f8da1
SHA256 a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5
SHA512 e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{36045E4F-3D3F-454C-BBA3-A6B731AA4B6C}.session

MD5 e582d4d778faf54729a5f84d4d09a545
SHA1 330235ed514b89c9d7045c02005f07de015ab090
SHA256 1fae3e4fe844bbe02cf6fc614196fed096db486c858db47c61739f3c9076a19c
SHA512 4af2982c2c4d2b5532727bf6e1f5fe08b8556a881af177442d369931d3da51d7ba8bcfa7c3f633bf0ee431db9885753508ad9c6675fc8feb88d31ff9b9db0405

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 58f13ba7c10eb030f024517d2b0f6282
SHA1 e51c69351aa23bb7912369d37a98a4a6cb94ee7a
SHA256 065b2b5246c922516f28e60afa9de94f5cc38073883a4095dcabedb5ce090ef4
SHA512 bb32aa08dfc0c3b43d8c2c7d8bee372b39bd8eb9e3c725327cd00865ec0fc3ed4ae20ddc1fa642fd168925b2e28536d0c11dabc7fc60b90873da1b8b4c3ffc50

C:\Windows\Installer\MSIB545.tmp

MD5 3cab78d0dc84883be2335788d387601e
SHA1 14745df9595f190008c7e5c190660361f998d824
SHA256 604e79fe970c5ed044517a9a35e4690ea6f7d959d21173ebef45cdd3d3a22bdd
SHA512 df6b49f2b5cddebd7e23e81b0f89e4883fc12d95735a9b3f84d2f402f4996c54b5fdea8adb9eaa98e8c973b089656d18d6b322bd71cb42d7807f7fa8a7348820

C:\Windows\Installer\MSIB565.tmp

MD5 7e6b88f7bb59ec4573711255f60656b5
SHA1 5e7a159825a2d2cb263a161e247e9db93454d4f6
SHA256 59ff5bc12b155cc2e666bd8bc34195c3750eb742542374fc5e53fb22d11e862f
SHA512 294a379c99403f928d476e04668717cdabc7dc3e33bcf6bcad5c3d93d4268971811ff7303aa5b4b2ed2b59d59c8eba350a9a30888d4b5b3064708521ac21439c

C:\Config.Msi\e59b31d.rbs

MD5 5c7e78085abca2fc2aee0b70764a3aea
SHA1 e6aaa4353e518ce36ee81433dc02126c6cdfbc60
SHA256 43c85877b442c03bd6d184131e7f77b14907f085fb5427ab8674cf1fc11b4a46
SHA512 a3b06b8823b6211b687eb2c4442faa42c36059777cc5f3fe65fda7f8a7ebc5e0e45a5cfa2806b142e6d5fa0e09686878d7e66e7eea9827291d238f8ca20f3fc0

C:\Users\Admin\AppData\Local\Temp\shiEB50.tmp

MD5 b5b6aec8ad531f3d05a3db60f6a6ef6d
SHA1 894b0afe1435a314332e139ac34e0484e83b15ff
SHA256 3ad943fdc99b66365bd323fd59a3db6477a0b2692347e0ce26b4f0578ae99502
SHA512 07d2a90b21214e5d6d3dcb269beab5f9cabf181a54c76b0d9bcff4e7608d92a17b9e297da968848a506ff896a337b934c2e308b0a41675726780513838b44715

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{BA16353F-3207-4490-AF56-FA13AAE33E0A}.session

MD5 d382490535b87092d17236d11e616c60
SHA1 f05674708d6747ba7d09f8dcb00846bf10749d0c
SHA256 0de160dccaa8f56b163cd0fa1af3ba8abb27dab427694c039082f6e0588908cd
SHA512 447a6b6d67c23ba78e6d16f72b4a69fca827daedc30c0b16b632b157287d1b8c2b2055603e40d6cd2062911bf0afb9756bf1424a6a97f0dc9c7377a8fffbad72

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{BA16353F-3207-4490-AF56-FA13AAE33E0A}.session

MD5 dc8fb7adff2d20fc6864d06dc8bf0551
SHA1 0524533e8a57e1dd57b3162f1c33573a052a44db
SHA256 790bde2c6753eae1bc028eba0e903fa0a22709d1ea060fcf9dc23535f6881be6
SHA512 67ebac9ade2a1240a6b96eaaf983def38aee5fb0d99d3a925659555a39bfdc3087ea68dfed311d48f4061c739e007142dd1e5f93bf0ed51618fb60ebf5982aee

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 1eb63bff2f2806af9c96281fd3ed7698
SHA1 51657bb971052fb3d708a6ac6aaa564f1ef5b8ef
SHA256 c44b24a699fc15254cb211c66a693d07e622041a51f45a44bdda5a2042af9864
SHA512 726603288ffc83990ab9a1f836f2f7506c5e09036315e0d2b594d4ee2703afe75c202da127411c72315433b053e9f2a42a5f4e82d714afd2aec4a2462ca10382

C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav

MD5 bab1293f4cf987216af8051acddaf97f
SHA1 00abe5cfb050b4276c3dd2426e883cd9e1cde683
SHA256 bc26b1b97eeb45995bbd5f854db19f994cce1bb9ac9fb625eb207302dccdf344
SHA512 3b44371756f069be4f70113a09761a855d80e96c23c8cd76d0c19a43e93d1a159af079ba5189b88b5ee2c093099a02b00ea4dc20a498c9c0c2df7dc95e5ddd49

C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe

MD5 e579c5b3c386262e3dd4150eb2b13898
SHA1 5ab7b37956511ea618bf8552abc88f8e652827d3
SHA256 e9573a3041e5a45ed8133576d199eb8d12f8922bbe47d194fef9ac166a96b9e2
SHA512 9cf947bad87a701f0e0ad970681767e64b7588089cd9064c72bf24ba6ca0a922988f95b141b29a68ae0e0097f03a66d9b25b9d52197ff71f6e369cde0438e0bb

C:\Windows\Installer\MSIEE27.tmp

MD5 aa82345a8f360804ea1d8d935f0377aa
SHA1 c09cf3b1666d9192fa524c801bb2e3542c0840e2
SHA256 9c155d4214cebda186647c035ada552963dcac8f88a6b38a23ea34f9ecd1d437
SHA512 c051a381d87ba933ea7929c899fb01af2207cb2462dcb2b55c28cff65596b27bdb05a48207624eeea40fddb85003133ad7af09ca93cfb2426c155daea5a9a6db

C:\Config.Msi\e59b321.rbs

MD5 cbb3426583ed605a5c31380f958c3523
SHA1 14f616ab4e9dede9e5c91f4a8df906697c903263
SHA256 8072f063cf96716fe10f276041313ac1a7bc9560b0a3c223b6a646f691dd3fcd
SHA512 4a45f00344eb625d5601da429b01905209dd9db46a0fab494eb7968a86abd31b4ea0fdd83fdf1bbbd67896adee20b36581e760aead39b1c64f09f87cf7ec919b

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 50a084a824ffd950bff5be7037f88fe5
SHA1 52f53e3c17dcb70d34804ed77749e99147c3e0c7
SHA256 9b11fc1bbb5c168598d1e8d7e4bcf7a66cf7c6227827a702561ef44a041b5bea
SHA512 65d63193679bb64475469f8b825f1594cb6f1a4fed07a3007f6fc0d3c5fec5e0127f1bd3fc6346c84aa574f795228a19afaeffe6039f09079b8176170df2bddd

memory/1436-1225-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1224-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1223-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1231-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1235-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1234-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1233-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1232-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1230-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

memory/1436-1229-0x000001E4D1630000-0x000001E4D1631000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 b31162055326f9c5b60d1d3e0f1bbf34
SHA1 53cf7035cd77503098cc80981db652447c64c8ea
SHA256 d8288f6c88819f0d64ad9bfcd9011d32177b5016b63a886f1e371c7a755c9b14
SHA512 7b47260730756444ea39270d2bb6733307b549f5ca460f5eb6e129dd2f9bc73deffe80b344be6ed29a3d9f0058fe383e59c30f91a80febfb121b75ce19a093fa

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

MD5 b1566e0bffda070b1eab1740bf6c17c6
SHA1 29a605989803a121814396e7997819e7fd71507f
SHA256 1ee04fa15df3a15ec5e8fe423d5cb7fafe3881eb9ece51be15f0de526ac560fb
SHA512 e259e9d4d7fe578c18456f00a361b97c03fd04098ba5e96c15b3a936bab824f99a04b9aab2baddb11e180a4b2e6b00d239d27387b3ad10eb236203afb56e24b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 29a033f3cf0e1862f384abe844e7e7e3
SHA1 67d7d5020e8a8dc396b3c35fc7ef53f70bfd7550
SHA256 368583cf6fab10131d72715e73da26fcdc93a41afa8c8cd64cced84288c89bdf
SHA512 5c518af86516318d54d402f7c374e83cec2da09f927b0ed7007555675d1f87ab22540423bcd01e2d6eb64bc37cb8af85d9833e2b853f6f4ba946806eed903e1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f3a6641c636e87e38a0ee333ca6edcb2
SHA1 9e737a401ffd243e8e842ca7e8d5454dc1065859
SHA256 840778db9c5451e8c6fcc0ebbe585cb5942b2bead8d2c248f35dcdde840ceacd
SHA512 ad64da5160e88d1ccb092135e687b56a802feb73398168e0d6aa221050df8f1307f68cdbdae11a507eb534a28ad9895fceb461ea0f3dedea14bdd7f23c58e809

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9998d23add5d91869130fbc31f0b75a5
SHA1 e13f07a471bd9e0dc15df45765eca43fced6e02f
SHA256 84a11a261055f3ce7542e097f167ecb1fee841ebf4e1ffe7678621d3031447a9
SHA512 494dad65f13dc41a3037791b31063bed5d95968b72c4df9966dd980be3b5747ad9975701600cde4ab9581efd9111c35569418482b373254b098041fa493b751e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3aa1e3c9827813c7c590e9fc837d8e2a
SHA1 349517072afd3ef1ca92b6bb7f4c586d102bbf2b
SHA256 4f64a561ecbfe9fcea362ba5c16dd13b9764ac8be93d7ede280d958cb75efed1
SHA512 44e6589503fdd14801f09dd02ff6fb20e0fad131d1c473d49a25f33e297a7815820bc4b47fe11e5738b3e6717e2ca94a4a068d08b3f0a1965e4989a514ca799d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e4866f1a863d51a3004b54aa491b5df8
SHA1 a595161ccb919065302162043692aaf4a16f26a5
SHA256 c95e01849f65fc58d66deddbc8116a25d4ee99234d63f5c84ae3baaab9d03d2f
SHA512 2f3c74e8f4107ab2f20e4b6c6ccfc7d43f1e83b85c9870232fbf5482897651986dcb98d1ba17a2f72b250fb5c72ec2871afbf4d96379364fd6f181a3e693b0ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7b6b90ed224c5dafd799c9717bb7adf
SHA1 a22e9a222dfaa518aa371e1314765115b47f5d33
SHA256 c1eeee282099dbe966a1f7876e94e266abe942aecda393338b705a600947b980
SHA512 8e701d8b7abfbb710876efbb9acadeed6513129945b39b75681ee2bad3e7f1c5283cb4910189cdac8b8a29d9c0384cd5034c8f3fb04cdb0ac3c390cff8d4c962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2bbc31e932d4975d6803b02023c59f97
SHA1 dd8d7f5a801a8daa4c7324c187953422402510b4
SHA256 2ea97cf49e8fedf96326948d32a7885939db0ecdb567a51f86abe9d111973ab6
SHA512 5f4dcd5edae4eabfd24c3a2c07b8bbcf7e1cdd297c9a3611f6677169b971558ae273c206bed0fdbc1a633432d5dbecffe489333f76167e19df240b9770988c48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d5405ee3840407925111aa089f87f4ac
SHA1 ac9630b7cb184c99fbe2e5b96663cbd13106e121
SHA256 f3bce9c815c8b5bbac82ac9d9f729e7bc39096255f41dbb1ebbf873502aeab24
SHA512 fe8c5a71f16df95e6c58c62470bcbb0897a3e01b41d3fa5901260396aa2cfc99695a150529c84290b27efd5785e08ef95bfcdf9f708e451397bccf8220b49eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bad17944096dd51650e4c8ec96480f08
SHA1 a5ea2a303bda471c2f0eced4366b2106e46573f7
SHA256 858b9f84c2bb2ae66ea410bc93314eecd11b45bc07e62e6d73fd5bd820fb667e
SHA512 0f1673b4e787c9fb0d3dffe7cabe26610d3112100c4adb3b4113b9257daea06798c58853f1ba98ef9a3269b110fe992331ead979c01f0cfc749cefb916ce5514

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 40ecc6bebbd51c777fb909655be832f3
SHA1 83b19ee3066a2500d77b2df2e9a5f20dc0fa0a82
SHA256 bdf46a4a0a5d75cac585beeb8ab62f577a8c876264cc5bbb5cb8449e41e44df4
SHA512 5411c053943b025434eb9a7e5c25079f997ff5afc6c2f5db8c3b7c4ba44cfe56bd243b348a6b0db79e3aa425e665977f73193ecd0502cef830425018720460bd

C:\Users\Admin\Downloads\Xyeta.zip

MD5 213743564d240175e53f5c1feb800820
SHA1 5a64c9771d2e0a8faf569f1d0fb1a43d289e157c
SHA256 65f5d46ed07c5b5d44f1b96088226e1473f4a6341f7510495fe108fef2a74575
SHA512 8e6b1822b93df21dd87bf850cf97e1906a4416a20fc91039dd41fd96d97e3e61cefcd98eeef325adbd722d375c257a68f13c4fbcc511057922a37c688cb39d75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd4b9388de76e88c225a539479ba1a41
SHA1 c2e072d52c93532b2783be1987b48a12da9ef51f
SHA256 162649fb018b231d549c893a9dd43997f45451f70c4bd4b66c4ddc336c09708d
SHA512 143b53f3bee5fe223a7011ed4bd843705012ae4876790bfaec5ec937110f5b8e7670c48a8338708e8a08dbf776109927de3c09de1298ac547c21959cdb178662

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 653d5e1ccf81d53bce2e745e1bca3d59
SHA1 8c12279f09779fda2819d10f74316b3b67d67daa
SHA256 5653d29797d171d8e89e983c3aa4d627ed04880d80d886f1da9d7216727890d4
SHA512 e822f5d0eb18e1c43a4fbe1a9711b6c9e37b69317e932343fb7e824ea81b31ee8e5ba097a462f9f74ce9674aa7ae0381cc3fdd33f1bc082a88cc411070855d7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abbdfb10f2546f38e5534ef48f484047
SHA1 9292705d9881f02a780de82f7badb4a33cbc349b
SHA256 13fc9e8bf5ef31c4590e406c53ae46198e708b448b3223ea01c63c764c440f4f
SHA512 97680b53aafabd8732973729b7e5b51756d1179e3e96c683615228fd7b5b5d6ae8ae47b2c26576b9f0a9540169f0d4c3167647a463072fe5b6816e300b26fa0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 68aaea6840bf89c1bf9634d1c6b9bb65
SHA1 89693ada3084f8c42c21e39a0181afddbf1c1892
SHA256 7a5964965a0b72b9c0063953c3d7f95474ed783523a577ed76b49f903be96544
SHA512 8daf2b90187350e672ed360b483a2b32cd18b3645626034cfee24ced16e045d60b9cc6aa8e77280217248387295ec9d7630f7706419afd00bacb72602b1e4e24

memory/4628-1436-0x0000000000400000-0x000000000044F000-memory.dmp

memory/4628-1437-0x0000000000400000-0x000000000044F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a298a09bfd3c1786e5395e3e61458a1d
SHA1 dd7099bc924e5b8ad7e9f5878481873e1d8639c8
SHA256 7d16f25c9da0b05c62c73d4199e9a017eeec4d480e84465971b3e0a00653e054
SHA512 e300ad4a256411c261d6eb0872d567c1964b809b03f51713f2dcc448249034f4a597b8716aabc8686b1966e3180c75f6735e795aad1fa2c1fdcd2571697f18f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 80770ff965d12c02ffc7b6caac528c07
SHA1 bbb795cbbec0411df5d9ad39309294d9130fef73
SHA256 145f8f3a505b8e3d3658038585433b0034d70ccddde3f6e9bb5424168f50af8a
SHA512 9eef1a27d25811bf4c61e903cc73892516f33c4bdb31524ea9e41e8a5ddb8dea6d55e03a97d1567e5fe8b5ead3f01bfcbc926810c2bbd35cb9eaeaf4a088c408

memory/3304-1452-0x0000000000400000-0x000000000044F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{15CF2B43-5D04-4EC3-A2F0-07207461A014}.session

MD5 6d7e85c034ee109c6c904b259342c252
SHA1 9b53c1e1950a227501161b0a1ec4f7a7ca991291
SHA256 9663a3b8af9bbb4cdf1aaf37c04220ebc271e4ab43e920d0d7242ff8a1d3e673
SHA512 16689966f62271ce57fbd3139dcf8af2dff8c9efe066e216b9f27d1c0862ca7840d3e4a4202180b2e6cb8b759ec8e2fef643dc018a87f3e2af4bf1a36e944d7c

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{15CF2B43-5D04-4EC3-A2F0-07207461A014}.session

MD5 387c072a28d9c9b8d3822b86dd4a43ee
SHA1 ee6530af8adc29e214abe3498e5f72e5a11975e9
SHA256 edf827b8f7060a1d2ca5c53b99deedab96bb875089a5497e2327d3677bda2e76
SHA512 91ac0ce28ffe410aa8e9ec7b953e363bc5e07f4d3bb3a72adc5bbfa4f8850a7323e265aeff7422db956d6716d9a0951b0d9d8a916ac08aa0103106c17c9d3f27

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{15CF2B43-5D04-4EC3-A2F0-07207461A014}.session

MD5 ee5c532e3193e33053298e7784b656f0
SHA1 a1e2de5a088085eb9057d1f470989ee4b003984d
SHA256 3819708e2c5aac066d33b1879d229c15be2e3983aaf8c9b77eb708a4901165f7
SHA512 c1741a17f5054039ed37b0a16841d8ba86ba309fb7dae6e6d54e3f2e8e459ee12270b6fbb21d2e724db1ed4bfaa38f34b227fde5679d71c212b0c4a5ec7ba462

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{15CF2B43-5D04-4EC3-A2F0-07207461A014}.session

MD5 150c9d0521546efb963b4be9a09895f4
SHA1 8de27055c10cff178df19e2da031cda5cbf866eb
SHA256 15dec16457e073844f2989cb5fe34af3739b99a11c075aa786fa3e0e16eb7c3a
SHA512 5c12e7bfa5546171859f5c9f7c110e5ce23e9dd819b5634d6d2ea09614512622d9721342b21d36f19989bb3b22cdb92547a87862c93896d65b82b3c82b5b4511

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 88d8c806f25a969b6375e307b730b2e0
SHA1 293a73858e183943241fddc6fad305e73ac60e8b
SHA256 588c98d02dcc7446479895eccfb10ae5195f950304358f5621b31d850795a7ef
SHA512 ccca4db47e56bfc00463238b4f3f1a774efda1fe1a95b8ddc125818e97cbc067de63c533333232501dafaee8d4333f0448ad8182d83001edc0c3d5ebc7d09c8d

C:\Config.Msi\e59b326.rbs

MD5 4711f1915459f38d5d0b5be5422e46ac
SHA1 9924f91eada01ff9be1f6e7d8c73870df8f25190
SHA256 e8bdf3c0af60f03fda8e1bdae3e0b5f611f432c18c9f97360c3add897e9755a0
SHA512 fe4891636485c21301fa94483e0d0ff2bfb4e8ecfd796cc47c0bd2de147918eee878d8ba754246dd23a420d8bf627d3f4989ec0a749ecffd45d1ab12c73a13da

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 ca2ca7c9b5d2d584684dffa7b2f992dd
SHA1 468b8cdfb3881d8637eb14f90690643ea644d57b
SHA256 939cb7f27ddfb92dd6a6f0b50e7eea44d2d4d1f91438efe643260bbed1752fab
SHA512 25e563acf53ca45a81a8cefdbd34cd0c3ddf31f842730e6aa5a2cd942fdf80f6b24b5fc89348201c0765a3a911d8150e37a526af74f28a95f03f1950b9c74971

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 6bc190dd42a169dfa14515484427fc8e
SHA1 b53bd614a834416e4a20292aa291a6d2fc221a5e
SHA256 b3395b660eb1edb00ff91ece4596e3abe99fa558b149200f50aabf2cb77f5087
SHA512 5b7011ed628b673217695809a38a800e9c8a42ceb0c54ab6f8bc39dba0745297a4fbd66d6b09188fcc952c08217152844dfc3ada7cf468c3aafcec379c0b16b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60079dd3bd46d493208c74dce4ce0a6a
SHA1 81115b46e3b8cf8b8bd1e778521f6998d8880a93
SHA256 25f939e0eae3c46f6b3e23582e396bbd102e41b9750a561e7644c105090ace38
SHA512 d2725c530add7b13ec04cab76ad36c42ff5d2c2d3775cb7a9226a3c6d74d6c120f13ae30ef6ad1be1f96bb0b275e3d229dc1fdf6ee192999955c057292bfd12a

memory/3264-1756-0x0000000000400000-0x000000000044F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0faac54892ff29fa7513153e196cf7a9
SHA1 9a0827d01ce12f8adcbd7f36ca3db38a40ac344b
SHA256 8d38a6018ccc535b4d56a6a043e2e61d81ee8e83dcf1a709532a4e7f1cfef8de
SHA512 5d34b1b2c0a5ee6291a28a26c6db65e56b64706354edc69d96319eeebc4afc79483e77b8ecb7919ad842bb23c538f7408cfbbae918f36a526ac708796d4926a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b574e45f6abf4a9db8c6d735a20713e
SHA1 df1a826f575cab719f33153fc365195b8a786a51
SHA256 fae424198d06a0824cfaba220f7e5063ae3bdaa0844d1efc6925b784e236e453
SHA512 c2666d849113c5c08be4a20aa967d573b2cafcc3f770cc74f0ecc2b0b370ebc6d863955dd8dd2e86dd702d6f6cce4b321dd21387bf35aca3e89becc3ea207553

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3fbf4de6-ca9b-4def-b9ec-7fc3024f1c90.tmp

MD5 41774fca95621a7898505aa925c0c7f3
SHA1 0b77c26befad8156fe3eba17ee0a1b14b5ea37a5
SHA256 e991945bede9afbe64d34cba05769f52253be1d6ac821c2e76baf061bdf6dd91
SHA512 7ab0d49de6138b748e0509bda620a18ecc0e02a7e6cb33b1e7aff35389d9fd1d5d14f7107dedf0c020e2ab74260fd672aa70fdc8159f13b6a0a71e00d7db41ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ca1793bce020d4d307c242dd1e2e037f
SHA1 494d1984d7379c65bc21a7a9f66d995e6ec618b5
SHA256 5b3980a53bbaf92243c00d90eb48257ffc4feb0a544c7ef8cebb9f06c2cceee7
SHA512 f05c424355aec296148a7c83abf3c6b93b11c5d4e89b9d307f2dd58ddf2c26f67ba4e83c4c78cc157ebeea12b5409f27219086d9953e736927ccc0cf3e1c733d

C:\Users\Admin\Downloads\NoMoreRansom.zip

MD5 f315e49d46914e3989a160bbcfc5de85
SHA1 99654bfeaad090d95deef3a2e9d5d021d2dc5f63
SHA256 5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7
SHA512 224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86f20bc8ec863700fce4538769da560d
SHA1 5ea93fe4b12affb44f113e2c85ed7aef8fc66ee1
SHA256 bbd66d97d20c1e6ff699009d22e9ae97748be1ac5dbeb0a7a12ce43acd69ae28
SHA512 03fa8c97d3c6b76163a7c06cbb46f9e160906c4585f147ba6fe7ad03cc3b3a0c881fe14feb32d1880114b128a9ffa10d15438730cbf40ac149f121c04b6ea018

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 226da0b2f8f72dad316e108f99c78aa3
SHA1 3ba57235216ea6636d14c43d842a76fddc73e08b
SHA256 f6e921903df3e5fb8f6d1bffd32b4bbe5dcaaa46738c6ee5e6efbb0f4adb98d7
SHA512 e07e7f92aa4d9b8895274dfa0fbc04895273d352f45417099ae6da3cad88a7ed75bd00b472fd5be4314e4cddcb15900f0bddff54a01ba0ab8165a2ddf333c1e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 182c2b1999b4374df552135896b5155c
SHA1 6ef065c201b35dff55d2e7e58fad54b883028963
SHA256 a7194447d852aa78a62f5972654cfc4b43bf57ba2990534d07beb0d4dcdd5cee
SHA512 821c2dbf0568c46cf5034e3a7ba8baeab7913adbdb159363fddaad71c3c719295fa35d8d1d6813b033952d1fff4e290f301b718171cca074793625e521488161

memory/2304-1855-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2304-1856-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2304-1858-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2304-1857-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1216-1862-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1216-1863-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2304-1865-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffda490f6935a6b5d24926763597ff26
SHA1 98f0a389792703564b27ae31f8375623fffa462d
SHA256 34ead690b5e0c85ca41bdd9ad36b4d43ac280e6826b07855bd58db151ef8ab49
SHA512 bcecdcd0f57eba373954bb1789c5c836fa2b68caa39f2a158a1f2ddd8f70a8a06d15fb5f745b4bd95e4eb759a8d994671c7bafadc437f71e9c577516e4562946

memory/1216-1875-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2304-1879-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 908d1e2272b40994869c277fb4172d20
SHA1 6f5da1659bf15aff336f7755f96022f9759c1489
SHA256 c027510cd8cd7193c3cb2d31deb341f7664c0a552d10a888fb5be5803a47ba7a
SHA512 479b464d973fee5ecdb33affaaac9bcf708b3ff20cd4521ddea5d4785d4fbdce8f60a3c8b7752c59e231ee8717af4e62aa3dc8397e4d2c2b889bb65e35292e2f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 0c055a8d3aea59405f21fb2e87518a52
SHA1 402660b28873852fe79e76e91bd2c5de9eaa699a
SHA256 7311d1601a1a3ad239a84efa0aa4b389f73e45ba26c4e586cdae0925212c1dc2
SHA512 e46ef9fe176f849db4f59b0ed4663078d0d4d639aa4b2623dc9342a28e714485c05663c93f64520518238323ccea2b2d14c461f4819be50ec6499d2bf8084f4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2e175d34b5fd08a03ba4809a097b72d
SHA1 32b4787cdd2b7f1f8115ebc5bfbf7aa2b4f14e97
SHA256 21c783ed176a31c3012ffda60391d884505ab097e4097f6469306cd32f2084eb
SHA512 0c8d314c4a2f486a2cd6cf366ba4a93f0bca8eaf6821eeacde6e7b916c1ea6ce085f80713d794ebf3b3bc8702d022742e2086e5df8210f0b08f12ccd230f2e29

memory/2304-1904-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 759b0da0d741643de2c2cbe9e68d4773
SHA1 4f36afd1713bac10e17409cd03d7b7b61049c3ad
SHA256 f5e4c88280eabbd14f9b60e16d9246cb566f935199610d6a438c808c7cfa7f34
SHA512 3c7af003895daa5be766ca224549f3d66bf2a4c9f70ff8082c91264f2c6ae92e62e2000aabb33a6b3e15d2a2f56cccdd756b2106f713f2f43585d3a077867927

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78b14a7317e95cffbacc46543105526e
SHA1 aee814de06047c6b312e51ee16c5f8183124e7fa
SHA256 4bbcb4c1e096706093fb8cb8e532e2b22f83fa0ffe95b71046c9cf54a07a24d8
SHA512 132835ed298f3aa9777eefa4fb4161784b1e44755947228edf0a7ee4543a68874c4e9ec6a12b4e1257e26ee7982a916561a340b2e7005696bcacfb5becebd8ab

C:\Users\Admin\Downloads\ViraLock.zip

MD5 6a47990541c573d44444f9ad5aa61774
SHA1 f230fff199a57a07a972e2ee7169bc074d9e0cd5
SHA256 b161c762c5894d820cc10d9027f2404a6fec3bc9f8fd84d23ff1daef98493115
SHA512 fe8a4fd268106817efc0222c94cb26ad4ae0a39f99aacaa86880b8a2caa83767ffe8a3dd5b0cdcc38b61f1b4d0196064856bd0191b9c2d7a8d8297c864a7716d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a655ffae53f78f08b7107abb9dd02d3e
SHA1 d6dda2eb15fc9170ae8fceab54e7e6202285bd59
SHA256 db06cdeb72ad41d4bcc04dbc514bb78681e5cd48ce354611952a1e22b58641c3
SHA512 ddfce358df8327bf38ad2816efc2bb11aed18f4a51b50edc627ee622e34ee11b2f525398c861d342654cfb035f5016c7028d4a0039705ac7660c9c6eab79c89b

memory/2304-1940-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e554277a73f77cf6366cfefc4b79f2ec
SHA1 432ea3f748aad64e5796d1d727f8c256fd406c6d
SHA256 4eeadfa1e87997296b1da052e9d1baeb698c1389518daa66046140a36f417a45
SHA512 ed5f69816b486a9ff70eb63a3d378b432994647d977ba9fa4726e389265740e98ff1536ded5a42dcbe8436ce527776d0dab804162bb5a7342b21500a10da2785

memory/2304-1950-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b96b8fbc46962d46e5539e50be5f1211
SHA1 10989fed71d7e1e2fc30b0b596d06111452785f3
SHA256 bb8261acbe87aaccbddeed641f0c72c90cfe790aca134a37dd64bca270085aeb
SHA512 141483cc2b4176dfff2ee55c620c7da77461564b7ae93df5a5de56d045d7095adf7b6e1797cc67706293e5ffbffbc8c369e948952170eb20a21a39afa5774b49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24ac06e4e7d9fe6a4a5b4aa2001ddbf1
SHA1 43d5fff7b87b802077107b49cf12599d8cccd3d7
SHA256 b40ed5bb05b9091605e73fff9d875106f26ea64d6746c9b40457f4ebd93ccf71
SHA512 9ebbcb1e7f86306244c7749de9fe6525afde92ca6b443c22c06e99d4941db0adade59c8cbbd75916a64bf316a6115e152758273d5114e80add59f842a00cfe53

memory/2304-1971-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2304-1972-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b5f7fa05b1c5a6a6110369e2cf18507
SHA1 55629961aff94a62d7a0e67bf24c7a307f875598
SHA256 158f2e2e3e9b4146e662aa575a8bc5a611ec8a62f22ef5982d50eef186f2597a
SHA512 2d1ad60a4c69883f5d1430003d85c36d475bcd4ec2e88becbb884b4044d9b3c3aee2f5437c33b889841e4db10ed8ac16600c89e17800c9f59edc63342205a1a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8df2f6514711f50ab06ed2c8c287c56f
SHA1 6cf3afe875a720d9e1147287c09922dd380f2168
SHA256 ad5739aafe5db36314fe60123131056bc127160c04133d21128ae2835cf06695
SHA512 fb4b5561abda651d1d74c9dbb860f38d77c4372320833675eb64af0190c1225aeb722187686ff800e2b6ea0e1bc6f41525d9aad83112195ca2831ac9348e280a

memory/2304-1991-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2848-1994-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-1993-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-1992-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-1996-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-2001-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-2000-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-1999-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-1998-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2848-1997-0x0000022563730000-0x0000022563731000-memory.dmp

memory/2304-2003-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1ea5388d4601ce91b212943c3b10ba7
SHA1 818e080b08da8f4fdf49a72c3a1368074dfa040f
SHA256 83e9d7c791660a629f5eb0ac93bf107700ce80cf013336b2003e9c6a3bd6954a
SHA512 d5c0a8e294ebc7ec0c640892dc6285d8df82ffbde61851d69c444c65c0a1b31266cc8e612838db3fe4dfb33c899c0a69d6f206c8dd256a636341ec5c2364ecf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25e7403e2cae81e7159c976b124c7f8e
SHA1 dcdeb75d2284159b56d7ac5de03b3666330adfda
SHA256 6039649da413cdf7c20cdfee2d14e46691f3c35cb6d6432ecab4492c36c05661
SHA512 43cdf2826af88a50af8c0ee52f61f74c3d208423a55468f2a29856d7982e2d8d1682f162451fdcd0fdb42a917b03e54b092c4bf1df894fa8c11789c088e0800a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17d5afed065586ac1984bafd36cf84c9
SHA1 a5973423796eae3a0b5748e81de46b35052e37fd
SHA256 b8461c6171177688634061f2f1019c00338b2afad35d5b498346c37217480459
SHA512 8c7316917530eb2c48f9b8837832b2423e043ed394c7f6a5e60fbb004d59bddae472ea313455859cb101e50716089ed47f03eaff926dc56c152ad557280426c5