Malware Analysis Report

2025-08-05 16:48

Sample ID 240816-zk7qzazcqj
Target http://google.com
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Executes dropped EXE

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-16 20:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-16 20:47

Reported

2024-08-16 20:50

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

148s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A
File opened for modification C:\Windows\assembly C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683148777393150" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3960 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 1976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 1976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeb050cc40,0x7ffeb050cc4c,0x7ffeb050cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1584,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4672,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5072,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5312,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=208,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5704,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CMDWatcher_v0.4\" -spe -an -ai#7zMap1682:90:7zEvent16136

C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe

"C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5728,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4668,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5916,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea\" -spe -an -ai#7zMap21737:190:7zEvent649

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea\" -spe -an -ai#7zMap13105:190:7zEvent12489

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
FR 142.250.201.174:443 google.com tcp
FR 142.250.201.174:80 google.com tcp
FR 142.250.201.174:80 google.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 216.58.213.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 74.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
FR 142.250.201.174:443 google.com udp
FR 216.58.213.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
FR 172.217.18.206:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.179.99:443 id.google.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 www.kahusecurity.com udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
US 75.119.204.85:443 www.kahusecurity.com tcp
US 75.119.204.85:443 www.kahusecurity.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 85.204.119.75.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 142.250.179.99:443 id.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.130.49:443 bazaar.abuse.ch tcp
US 151.101.130.49:443 bazaar.abuse.ch tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 168.214.58.216.in-addr.arpa udp
FR 172.217.20.196:443 www.google.com tcp
FR 216.58.213.74:443 ogads-pa.googleapis.com tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
FR 142.250.201.174:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.58.20.217.in-addr.arpa udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 bazaar.abuse.ch udp
FR 216.58.213.74:443 ogads-pa.googleapis.com udp
FR 142.250.201.174:443 www.youtube.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_3960_PVIKGEYQXILKSXGP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\14f3c6d8-e340-442e-a3b4-02ad7fb81900.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 eeaa98d870d746ba7778dc2732baf2a7
SHA1 0d007244b82117c6a57c1a9f21f4b72fd5eeca88
SHA256 04b8f9ff7b4c48d69e352db457ea995ff94f17461a6bd6c5fab0ccfe80a1837c
SHA512 2ea0bb006227d608394933236b48c85128490d3b03c94ad137026875853fb510f39c1a7d77d764206c58dce321857e8380685c24246e3a7790c7cfecb6d723ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e386be16603ae048557c5cce3b1b0a91
SHA1 3c44bb98f827ccba76d01027180ad1379609478c
SHA256 66338935316ed15bdfcd82cef32a2819320b7052033dcfd584850c4c51e0cb81
SHA512 a21de73b5e393cd73ee4b26b0816ba43fdf592dbc569af22c333288985ad5b404a29bbb69ce28c0c599763fa1c43ee1cc2d56c3bfb90953a312e3e8a8b901fe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4856c24-a3ea-4462-a46f-e5659ce8d1e1.tmp

MD5 8d8c15fab72fb16518af3c404e82793c
SHA1 524c5fbb1c960b7a0375a4f7d212c17a1b706028
SHA256 5322c2081f44b72a6dc9364d2e7bf031b2fe6d3c23701e2b1b4b6f997213abce
SHA512 1201082871543708b0d58d7f904ab5d88cc48a41b5b2bea061bd6e315f47f98934de83c958d2c9ab02f243d7235703197757f9b55283e29ed9e64359c88ff81b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a39ec3a5a98a468a9e122d21efb779fb
SHA1 7d87efe33c440f1b881fa6f62fc68c109222b5b9
SHA256 155b05367c2ed7efb417cc97cbe9a4fcedf90728a33ba6037acc08ed3fad9a01
SHA512 7df0fd8f1277003405e4af911f867ac93330357630712dcac42cee2171f58ff52524e2188eeffb52bed40979ef0f56107794351f702be496a42a8deb43bf01a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 700b6ba09d4378ee16b424872086c638
SHA1 49a14fc8f213d568d87abe38825fae9b57b3f4db
SHA256 3e531032bb48427cd2614702576834de17a870c03736d813b548ffaaa625fde6
SHA512 f5872f0d7b5cde8a646f650dfa4a3629cafaf22b727d2365fbe1d5da50a129b894c5e78191bd4f61c61120e85bd09ccb46e547c0dcdfcdf779ec491d82a85120

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 410754658afec01e13a5afa518c283f3
SHA1 2a59a0db7e1bcd23406ec0ee8d3c77c784edc74a
SHA256 96752f6fe04ed7eaeab23980d22bf267aa3670105fc0f95e4effe189b17ee013
SHA512 637ddd0494b9f6fcdbb9ddc49b58472da9c9f2047ae9bc7c16cdaf8b088b08322a256739584c4aaa4ff4059de85323545fd227c67d39f1f5eec52d4bfbcf099b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a56772adefaf7079cb508de4bdaaed12
SHA1 a162e990482eb4951988eeeb22fdbf6049032bdd
SHA256 222fd64aecb046c88594df9fd794c7bfa722a4cbad520e396f495361f42277b1
SHA512 8439eeb5049c21e84d6bae04bdd312cb4e791a56b992bf727037083181c3ace8b8d2e95f44d61106593bf4d036b465515b04dfe057c262d9fe2488071a8f3093

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d8af1c388252271ddc792050d32d9d8
SHA1 3a0f5ab084c5d7a457455740486d95449d85417e
SHA256 9736a3613927a537734a9e05d109838b4855c9edc3244fb6ded8f0e613eac875
SHA512 ed993ca687e0d17ca9793be5dc94fde2a71bf794790fcf5a67a037fca91813dd94eb04eb287b08dc053bda3b2ec633a2b50ce214fe1cfecb4f01481e7797467c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba84a686a2d9f01825de6c379f8a31eb
SHA1 695c3292f90c097fd04212945c15146eac2fdf87
SHA256 8f914640e95a33f703febc12925057bba91dcf05416665997159d9d89563896e
SHA512 e778d9f76e2bbb96b2124a33cce1371fe7b727205c9753d378777a09e4254e82f1f68e65caf639dd032ad724fc841ddb71f3165a4f6763757464262ad593edf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f517cd13587654b467cb38b0156a5d04
SHA1 2d61b2fd7881fe8f0425175c619e34a3e68b9fed
SHA256 139d473f286398a80376b1d78263ac3cad245a95943bfd4d05b543c62084614c
SHA512 8f5010d06501e53296bc6b474b1ba8a9be4eaa3b7c32f697a258f0414ce32c584595c247440a75452eb58d5995d52390da2800230afd6dba8de3d9d31f39acb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d88581680d48ebf7ff18feab84691ffc
SHA1 b66a95ca05eee996df0477c094308366001396c1
SHA256 378b0d4ecc87226733775e01a6df872edbad9c1867c50f71c93608ce03a230a4
SHA512 ecb33a92ce5d520fe5a3746603a42e412abfe390eeca9829a2920cd82986e69ff2caee565b36ee6435ed09acf9763e9741371b178e4ac74362dd506f8d7acf8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cb1343dbb4651f3940b2364b404ce230
SHA1 9d151855dec1b6f787335ea89fce70a616b4b3b0
SHA256 451bc0767a87e9e5ff075e0214393e62b74da3addf98ef1b0c95c0539a226931
SHA512 4b80aa8f1631d40e8db80a3311c159f60c7c0e192f5d929a5e015462f9dccdabbf8d4f62f948d5704e9c3aedee50d0871fe61e9977bddd91c5f5157c07903305

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0710d1370404c8e73bbde1e2cf654a3d
SHA1 50bd0e0007706f02770128ec3fe990c3c3e0a192
SHA256 03efcf78e2f9a17742f1d6f88c8d1a7cc8451c7c7414785e750a6ca00b8a1571
SHA512 e4e3f7d5843ade9c4c3106311718dcfe399db8060f498daf01760320ed7e1254801d1124d0de47bb986a32fcb0bf0d7ba3480ed0c7b00e02cea047f93894a607

C:\Users\Admin\Downloads\CMDWatcher_v0.4.7z.crdownload

MD5 477266ec255352f3e1d183a628e48073
SHA1 902219e1756d3c7514d4e115c383658b716dd2b5
SHA256 df9da98c0e3e6ab223c4bc27290a51dba5628bf9468f4ea0bdd2cdaba673e9e1
SHA512 96216f54a2052e94f321bafba0bb62ed161fcc046eccf4e1005144a75e57f01db1cf3b7edeaf0a64e1b05aa1555f6bb27df32434f851e81a20bd06cf3fcac717

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13a818306cf49d17802d13713ba1fdf0
SHA1 7856d5a4f56c4816c4ca18507f7074c8725514ee
SHA256 dcd16989b91228638d76d6a6d6b0ad5b3c483e1930c88931955d0642edbd7e1a
SHA512 2ddceaa9e76640e53dcc6a70cb1f22d4126dbba680b78b56e24afebb78fbb5bad165bbd0486a5fed8da5ee740c5d178f98cc960ed569717f698caf3092d0af09

C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe

MD5 482abbf2fd84a712f565d48e286e034a
SHA1 7b33ec969cc501e1da26ade98309a544240636f2
SHA256 babbaa201e5e1bc3c68661e1c9f9a41430044446c127fb544b7294dab84ce6b7
SHA512 c06e49e0bdd91bff59a038bf466598717f7c7be49b06765a90642e0cce7d424a843939ea21035c53dd15a1a0e33f4e6ee4518f9a563fc0aec75d72cae1426431

memory/6060-343-0x0000000000680000-0x000000000157A000-memory.dmp

memory/6060-344-0x0000000000680000-0x000000000157A000-memory.dmp

memory/6060-345-0x0000000000680000-0x000000000157A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\B3ECAF7EF28870C436FCEB7E36B7B685\64\proccmdline64.dll

MD5 c591cb11e592d31487c528671d52cc3f
SHA1 10c424983eb5ef39621574ef9c049a50e9141006
SHA256 393b930e2968cd8f1f8cf7fc33645b9f6be24aa6f24d33bf962304b0448b3def
SHA512 a58655975d682c3ee8137f798afebe37bfad62d18d95b8a72fed3f72e31c0024f833bbcbf68e8baba84a59efe1ec91d3ffd36c0e31783662d71f4041bacc3497

memory/6060-352-0x000000001EE70000-0x000000001F33E000-memory.dmp

memory/6060-353-0x0000000005400000-0x000000000549C000-memory.dmp

memory/6060-354-0x00000000052A0000-0x00000000052A8000-memory.dmp

memory/6060-355-0x000000001F400000-0x000000001F416000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfec525c1586d3c8a96c71982f7182a7
SHA1 9776d037a581a216d4bb50470ca84f0b2972541f
SHA256 fc3dc898b7f34033d3f38ac2221fe157797972633370d9a879b66351f803a357
SHA512 93b34d4958c66ac86e13d1cb2d4a58c87c080c3cdf5125955edba138b52630709eef0d755ad6aa27eb38646cbaab556b1b26e349f094487cc707fd88a5eccae2

memory/6060-369-0x0000000000680000-0x000000000157A000-memory.dmp

memory/6060-376-0x0000000000680000-0x000000000157A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9627c9d5c242bf24d79fb51ad97a634e
SHA1 bfdd3898dd0e754d0951d74b4b3dd15b70204a1a
SHA256 6d6a732bb242c12d237658cf6bbc8f460cc5f1795b19ec4a2fa2e1419172ce3d
SHA512 129c5cf2b93546a33e6588d6fd9bbcea917382fded2e58f816d0af18472893b78afa2e8f2b17674650f00952be71a324c5e4da1cbdc94e0badf0ce27c265c112

memory/6060-409-0x0000000000680000-0x000000000157A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 be8473ddb50896abc7955c5f162ab80a
SHA1 61535f7917713bbe2d7b023b55c5bd07a6fe1a2b
SHA256 f2943a57d99477653a8ac0a0bba69820f4faa96c86bb8512ea47e41715eac04f
SHA512 4e4c39d8258fe5cc29350d08a23014ad2251aafb2f7b304a77aee0790d762c4f3a1e380a0426ff2c87b90b54393da16d5f291b4b349f8dd45d6edc1e9c950d73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40cb179bd9c6fa49736f015413267858
SHA1 b2021a124b504a1e93fafe861f62a5b801a3d8e6
SHA256 0094420d1416c205f3695b7a033ade7836a2b0e320878cb123cdd35dfc84dab7
SHA512 5f12ea87a9e7e53b2e15125d14bef89ca9d8be3390bda4db200a4e91a577810e440391e562cdb0349b3955938ea3a8fd7acd0ce79b1e383b6273f821f4f6b006

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fa446fae119d14516010724b8573943d
SHA1 a7961b79e1ce5dcfba9871a62aeff5faa7433f13
SHA256 e1d1f5e47e5cf82dd51b4a2c30ec5c6dafc5fa7129eef4b9563da94dc11e5d46
SHA512 91ec8a5effb8c45dbea522b20463a1af98cf6aa4f7965b0f0ed39b7d95a9f01297cc3642983a8a8567eebaebbefc931b64530b893aac4bb0e89f48058a0c1602

memory/6060-461-0x0000000000680000-0x000000000157A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b171bf11f63cf8cd63e6630e251e799c
SHA1 a7b091e374b537fbc2db2e769e0d6b240e5e4a68
SHA256 0a8644b9a5e1137441b25f40d9fdf0242ffdb753da04e7902743f2c2ece81382
SHA512 3186b369c9a3d393d17770743312ab84145ad80303f0107802cb04e53415d4fc26bdb14bfd08cc382a45778f54ea4f336a279b61a78017603bfc7a5c5301f1d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 da1d8cc389eec31590091b5b45aff4cd
SHA1 265d0ed70f6d53aec355a95b1904e60ba25a3540
SHA256 61684db092381a9cb699cbf39a4f9c9c78e6ad626baef32403f95d8643ef8920
SHA512 9c41d519f9dfbd901a4644ff37345ebb4bd82ed184e17494ec8afcbe72f1de0945884608d82c8bb2e04e5ad2856d03953535b8885644a192977c43de21bb00a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84ed943bd79ba4a11124bf4264719c8f
SHA1 a3d49b960a43d2dfa2b8d8ebd0b18975e2b0a37d
SHA256 7c1a5a17d9e540d081155b36b77f9f1ef193420b7c8eedfa8be7e5f248c97196
SHA512 d8d8bd0aa88e4a54f6aab32b988720bcaf9f3984d680971ce10bd8b2355dea6f7a785dd12e30eeffb9da857e4f0bd30273fce83c1b7349db402936a6aa9245d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1483cda5405b04296d4c3c0d4060b400
SHA1 229c100a7a03070dac1b45762aad7c9a3b9a4e69
SHA256 b8e2fd5a4d704e74e2cc8147e6e869d6abb25e4e3e031ec3b17c821f8f99e61a
SHA512 854c06683f131769281a1779703e6731551372f36f1134532712064f11bdc0bd518bcf3d72b1dfc4eb80902697044db551b2a7518a898d6075433d4a10d30074

memory/6060-501-0x0000000000680000-0x000000000157A000-memory.dmp

C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea.zip

MD5 4a7c384fe037944aa74b4302a40e6906
SHA1 5b4713cdb5f322e5cefb1adadb114db4254747dc
SHA256 51556e55d208f00cfe8ca645d7f49cedcd13835922f7b0e9a0fe1ba47e49f0d3
SHA512 172e7efe763e731762866266dfe3e2230663f366cfbddee7740772a7895753dc5e3e8fd13486b9e2eabe1e5038202e8f8a5ec11be4fe8f30c86f038d0cba35ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d264842c1e609c91cfd97240040d6a18
SHA1 fc87469f649efb38ea8d72a26137ee3ed56901fe
SHA256 2977a1f5a92c9d5ee28433544fc6992c356b748fc784ee0dec26dd87527e3436
SHA512 d4563addb9e0d4797c4424a3fccc6b4f9e734942bfe5f4bd29909f4848e83d022d7fb037f35e073bf133aa003aebcff37aff2483f4ddfa302f427313d08c00cd