Malware Analysis Report

2024-10-19 06:27

Sample ID 240915-21efgaxake
Target eeeeeeeeeeeeee.zip
SHA256 734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538
Tags
discovery evasion ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

Threat Level: Likely malicious

The file eeeeeeeeeeeeee.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion ransomware

Disables Task Manager via registry modification

Enumerates connected drives

Sets desktop wallpaper using registry

Drops file in Windows directory

Unsigned PE

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Enumerates system info in registry

Kills process with taskkill

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-15 23:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-15 23:02

Reported

2024-09-15 23:12

Platform

win11-20240802-en

Max time kernel

516s

Max time network

525s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee.zip

Signatures

Disables Task Manager via registry modification

evasion

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\S: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\J: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\W: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\U: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Control Panel\Desktop\Wallpaper C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709151193128621" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 02000000030000000000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "11" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\NodeSlot = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 = 66003100000000002f59a5b810004d414c5741527e3100004e0009000400efbe2f59a5b82f59a5b82e0000009b06000000000300000000000000000000000000000056c511004d0061006c0077006100720065005f007000610063006b005f003200000018000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\NodeSlot = "15" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected] N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 660 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 660 wrote to memory of 4876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbc1dcc40,0x7ffdbc1dcc4c,0x7ffdbc1dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1752 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2148 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4420,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4364,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5056,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3332 /prefetch:8

C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected]

"C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected]"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' set FullName='UR NEXT'

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' rename 'UR NEXT'

C:\Windows\SysWOW64\shutdown.exe

shutdown /f /r /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3a2b055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
GB 184.28.176.82:443 tcp
GB 184.28.176.82:443 tcp
GB 184.28.176.82:443 tcp
US 20.189.173.6:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
GB 184.28.176.82:443 tcp
GB 184.28.176.81:443 tcp
GB 184.28.176.81:443 tcp
GB 184.28.176.81:443 tcp
GB 184.28.176.81:443 tcp
GB 184.28.176.81:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.91:443 tcp
GB 184.28.176.91:443 tcp
GB 184.28.176.91:443 tcp
GB 184.28.176.91:443 tcp
GB 184.28.176.91:443 tcp
GB 184.28.176.91:443 tcp
GB 184.28.176.83:443 tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.187.227:443 recaptcha.net tcp
GB 142.250.187.227:443 recaptcha.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.227:443 recaptcha.net udp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.201.110:443 lens.google.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 lens.google.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_660_SYYTRFDGJHNWJKTB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1b34c6f396567bdabc793aae804455e2
SHA1 67a4c392ce124fdc9e9b967ca6e83020ecb6f48a
SHA256 5c4fa06bdb755eaf2cbd83eb8f975a2672098ac0e7afc575a9da46b7307aeafe
SHA512 b8908a718c6db06b459309ec4a8f3c4ad7761224cddf3f3fe60925099e5b69a4d174ef16ad98204e8497706c10464cf8bd5b17f4cf1b74b611f3fd6b6315b058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6af99c6a7b37e9b35c1ea51ad8c4bff5
SHA1 92c5d64bd0707fad44becf8eb14ac5afcb48207d
SHA256 d59b9511eff0852467d59d2094b4a319286ec40c20754942fcdf2d22b1b13f92
SHA512 dca3f0d9f77487e5483426796feb0fbbbd6ad7c8aa1fdf0ddb90bbca198d7c349889e48740a289f4666f48b808441b025043d13a1b103f9be6a7edce8489b5e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7992f4f5917248d7ffefdcf2b3f7273c
SHA1 9a7ff09c8dbe0c39ea84bb083ac31c85a7faf158
SHA256 3ff0430b4b825e003862c5d43a8730db55af5fcef756f443b954e1a52c0660a7
SHA512 e60938b6bc01b685dbc4017700bfa2e9f5f8f6d56ae68b020a2c6bba774375b9315533be2c98a1f27e56988a91ea29609c735e0d1027a0d06cf1a0294c23216d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 353fda60007e5c9f094e4a015687c121
SHA1 1efb501206d02c3ea37e35bf16d1cb8e20df3436
SHA256 11b9f4ba699d1f0095a3b65ff62d7a94564b244543d377e8b07513808bea3aba
SHA512 735a2cf7cbeb2071188354f2716adede9c37e3c4ec37426be11895f260e346ed9b3c2418d9296340d8b999c3638f788d2f9d429aa69802556c1c24f16f70313e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3c1c530e050e2c5999e7966edeacfdcb
SHA1 d8c0badbb21b1eca0b7c08b52d5912958f1ff8fd
SHA256 ebd66b276fc819ed179d51fbd76141a349d2885a59a48d32985bdcf6b3019bd7
SHA512 5288c63a24e6bcf32e0dbbbda9395fa98227c71fbdb91cca941d02003436377160539b32e9c517fd87634833afaa93465298c21ec9b11c55c0738f86d7dabef3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 746cecbf9321854732f92f16e902f756
SHA1 aa3320d8448c3886257e8b60e8b618a8c1f7febd
SHA256 95f1c94f0f0455ee23e61daada0cd8cc665b2c965385f7bd4cc3a47a45644fe8
SHA512 5c424a5b5433176406b7d6c56f72bc1f74064823c1032b95971ffb04b031ef9a32810e5f0a9d8e25c3c807db4cf047fcc7eca12823dfc1ab10ff020471e6c1d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80896937438b6a7b1930bfd5520ba191
SHA1 80492faa57a6c91c670aca1b0ea7bdf70004fe92
SHA256 2d4c7b10e12d8f5ccbb23176fc80ff9a50d510d85cd797e20d561df7d7ab1e46
SHA512 4a0bffc6b27add5b7176e4d2c6c33b292c636fc597c61202309091d3645fe9f1c2a9c7ff9751ea82735bd515928525a6d2876adbd2bc152b0bb207225aae0feb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c600e5941e5f2966f15d48ad84d8dde
SHA1 e489d565323408250efe5583182e2f2e070f33eb
SHA256 88a22343bf2c23bbc96c5fa7fac0a1e582eeb69c869c419c7f10dcab5aea9724
SHA512 83d0e40f0b692877b9a95395bb466ad21003f6677df86cb41f1cc1a9fa4e323ead40f54cbb1b883b869692edb12cea66cb6357d4fa2609d008f21e241ccf4a6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e23f2bbb8a650c8e95cb30ffb80d6c00
SHA1 ac5ee1aae308be06509023c0495fbad590fe52f5
SHA256 f9c0f598123608b4387eb973a7321770eb765a08140daed6ba8bf6e4e4c1821d
SHA512 64fa5099371ec020ccec9f38e221575b5ffde9b0b0d74b4f0006b432bc7614b16353d76be9ef52400bc6486ebe6f409cc961e80849b5854135ee681e9a7b2c16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 30419faf2cbb8760596ab43073e5bae2
SHA1 aa099d7a9c3255f640dfd918fa023c8c3bd692d2
SHA256 183d7abdc268be3870ad03b0bd7b6fdddf1094cc821d78127673b2c22591f014
SHA512 ccdd5472b6c208ce1dd444fca02e16a5b0e50abb8f111d12674d11c97aad1a1ab9e54f1752ec9a88aec723a5b06df83d2fd935539ec7b19a73d8e654b5e36f2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4d56682ff9e128cd17c21c0e1663114d
SHA1 b537c60188f1612d804070baf4a77cba41fbff24
SHA256 85a2781a795616cff807e21f7d3ce6fa853a07c48a85dbf1aef090b7da6f4703
SHA512 60d4029da389f3eccab803155a5c3e24bf8415e78ab6f67ddbfce5c8004c466e53aceffbdd9ba010877d5a8b8f9a63cd172df99b2f691bec5b952e7a974ac6eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de6ac8af1759f2a2407d73c71ab82171
SHA1 bed144cda34a28b3f24a4e835b52c39c604dea10
SHA256 7febe5b679ebf77a902271dc24208f884aaeed0784117f86487898b99b824131
SHA512 09490cc12816ba710a7f652a61a03c0c28a1f2b35fbdef12cd1ce66bb3a56dd55093c05863a2ded5d99db5877522981ad866f7d902b5fc66967e7550ae3c654b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d5dfdc2c6446c1ac58432fc8763e085
SHA1 5a289785c30dd42c62c74f7ea426c3ca96b7367e
SHA256 062d7b3fa28021539c5bcfd71c56829f38d192d78537ccef434b24032c1a1eb4
SHA512 1ecf123db3e859ad599fe18fdfe48062151416af5dc971936d289a5645c9f7473b500473eab5def2b81fca75f82a8ddb871c44fb0b7c759858d833774e94b89e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f758e2087b2a20501cb84dd349e382c4
SHA1 0281d51ea5c29e3bc3e859558f8d56e2731249ff
SHA256 dbc1f37ccdca62d33e95f4a842f0c012f327d4e9bf59697a4fbf5ae16901280d
SHA512 56bc2e991ce9b247ccf465efbb78e1e1ce79e6e14146b58e4468746f0ec2f3dc433cbf87785fa9a8f805ee242a19f76b46474149752c7faae083e7412abfcc56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6410ba4e239f21e3b39467e3ff85b8b9
SHA1 ba3a94f2f306a6a55f7c4af9fbd1d9c9b0e76cee
SHA256 861b9e7d77868bf8b4883b4a8cb8498c3c262f2c9c36008cbb588963250da0d4
SHA512 00d944190656979aec3fc0747ff02ba510db84a9eb92db830e31b9758f9c7b4e07f18871379f7e391c0a41e4ec719e24a1ce223dce1568a34f31199ae315408a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed142be3-067c-4313-92f4-c92e904bdd7c.tmp

MD5 1782485c842b9093525f922a88951fad
SHA1 d1ad444ed8377a198cd1057cc6afff115ce632dd
SHA256 52bd5d8b3ad01299f5b7147e1b22a3266d52045651ee419265965d3536048eee
SHA512 a052abd1418b329e503dda833cb1d444eab9bfcb99e42bfeb62caf77836a5640915627dab3b9727cb327d185fb2cadb123763ed229465ae5ecd4101f22d1144a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c56a7f0e765230f2781b5a98fed7820
SHA1 f17658ce488a56110fea32bc450dad41c7d11649
SHA256 dd98bd34f2be149bc2435b8e77c66adc126bcc78978b400add44dafd66e059c4
SHA512 01bea805f0a0551cc228ae0fb44e6b0097e65d0c0091c3c704712381a9363097bc4a1f21227cf66d88b43639db7161c9c60a445fba1e7fd4be1ca375c72dec88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c6788690c5be97e1e3372b886f8fd20
SHA1 3d5c3f33cb702fd45fa1ebce853afd327d64b0bb
SHA256 ce5244ccbc677a94f7ec4ed2ad365b4e6f3fa3ea099b836c8fb66ac9d8175261
SHA512 40e944a92a78c7fed59106e4109d179732af18af50783f01ef31bf5cf00b5945cc0eb03a74611ec331e03b878fa229287ef1b042d48f0f596c1cd60f810d3fb5

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7fadab9a064002b941986060ec3bd7f
SHA1 872ab071986ef89240c09110be312bfc9db8c790
SHA256 911378ed45031b953a46807b4770e0a26be3584e875e60a365738fd138635420
SHA512 d0e67d10ec8e48c77755d5fa3a75c3ef99acd1c0ab6c699f4d9ba310fdbbff6d548a4c0479712a0fcc4bd0be5ca093293bb18b5c229ff2268c07ea357f3f718c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c42b64a5a4b7f8e5900ddf3bfaa246a
SHA1 d222557ad70631f2cd813791b04837140f7d3611
SHA256 2f80ccd524a09858c3d9348aa215ac8b308c92211688be5bbd64f4c2e7721698
SHA512 1c9674cdd45e10e11102627b17f5d474725328c889c8334a183e61e8854f24eaaf059131d7a74b10f5502702b2ee224f03b614275b0d1802609683d59c790d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0dd980c5f42969603fb5680baed7d0e4
SHA1 b997d882942cbe7bd98072fae417bbfb1fc060a0
SHA256 6397e149ddf9b81a4f283971147899fb9ce6ceb8b02d17e0ff78829365da7396
SHA512 a39e2bd1d29559a1e44bddf3f457deb1f2d768f09b9e1c003988a1051fed9145f46d22697dd6cb6880a7bcc2245e84614de7289b177db33004987bd88e017973

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e13d48cd2f1d2387d14f21a5d5069ee7
SHA1 f014c25ad7a31ab5e840d6000f58af794aee7b00
SHA256 c02225e6e16e2eccea77f6b7f46dfa959733245ff90543e4934281f31db068dd
SHA512 d2b0bf3eb9457a24bd52b5d2cd0026deeae94b7dafc85d3b06d9963eeaba456586f9dddf62f31712328562722a41c75e078e13f4bc868a64b8fc11c2a86007eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c952547407444d676c9a87270be12809
SHA1 34f5672e2c70f89502610fc5143c28bf396c9ecf
SHA256 a021da68b6c34a3975fdbc17f3c4939a556af28e36675095ee4bcb5121b8a11b
SHA512 8144d8506cd9dd5a1ec402b1aef027a84cd9cf40929676050e1bafffa2ba1434085331f678d812ba015d621e677747ee60cb2e5a13f6ba3892c1f9468d07666c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21b573fa93b08376298bf6f2caf12a9d
SHA1 e0b1694790f9a624ddc9aff3f1514823c3547d78
SHA256 372a40cae31d197e5ff12c798c238ff2ae7b0615fd45f4b441282744301c58ee
SHA512 86e287762d5b3c8a1812250aff7ac6458b0447cb4cf6c61ac699c97219700d1b657e2baac92ca236f5b8057c7225aee2e1c2eb594152c9d2fd0fa47e37cc3f15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1ec656a54bcf5c08cd943a6215ea69d
SHA1 62752a5858ebd7eb81ae2a3ff3a13d7cad82a1ba
SHA256 802324b908c0489ea1aa8e1b0993b0f8f400d7f8dafe68485e569a60bc24a45e
SHA512 31c303f994e38f7e347b589e63a177248f8d4d66915628ae96f68d507d647457cb591047992dcaa11d86ef9c8ab746114fb24f3a3ce0449d8e5ad894b120a15c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2b677d220f549f2dda30f52848ca22a
SHA1 75d1eec559e9d57c471ab6469c91391158173a36
SHA256 3124de35dedc260c9f2eaee0a4b415a5c953f9d77057f0e8324cada3dbb151c1
SHA512 aae9d795da1a369e7739d2bb381a8d69915060eb034d408acd8966febcecc9acff997fba49b44cea9770b59ea5764b68c069d9f9cf1820cd524cbecaa2a75b77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92f82f93a9dd63c50395cc5ddf997131
SHA1 5f935bd0c89d91d7c4f1e2cb3f0ab90a93d75054
SHA256 03c4353d6fb5fdc005286638727c5d58bae12b6dbbbf2ac1d197c749f4f50899
SHA512 092379f748daa7b960669105d09eebe62f43f3e165edf8c353a54769e1c57508725ba857b79a859474e25e47e4f92755f0178c049df81b447669503259e9e757

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee52b54c1932ed8e8d04a06247c52681
SHA1 75d6f408b94f82139ad6fa154785bc263d7321b9
SHA256 b39ff11c0b3cc61030acee1aee616dcebc6ea6280cbeff4a1a5f0914148dfb38
SHA512 f4c092a98ea894dd522429c2d5203c5c92e28b26606f0fb4d1b095d004287ee9df43f2c34c7d3db66cc4b27f72c7a5e174ad358e97b2990310aa94d09eb587c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 316b509483cade954371e42687f33262
SHA1 c6619c13518256afc9dea244edf9fc6bb95d317c
SHA256 1d7c5daa9c34e36ea264d17ce4b40de13e2042e7dd36401458ece17305935201
SHA512 c3801f57bb52cdc8685642ecc0b408d320b5468917bc2693e378debf0ee7b94561b10837efc4193e1debd7d0961eef020eda4b9502d4eb6b2f1813a308aa55bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d5e9301d7c1a7fb9e8153af3a55a5f4
SHA1 d38b66db6dcfc76e7a9eae67dde0fd58608004bd
SHA256 4fb8f343f5d81e3a4ac891ce08b2630296c34b7a08a92cd0f5b0306339f848b8
SHA512 4bd60d453303b8a6e68096b83b3cc2dff49b2da09814faaba6fab849bbc7e7d19c0189be9f87ba6f5a6391f12699552bffd664ebb0cd6e8ac8457f83cd1b8b2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06958956e863fafb880d54b0d62329df
SHA1 350db43a6851938904e5160fe9c15e54d23b045b
SHA256 3946a6e444ac65d408ed8db5b7d24f6c1f16053c6d5ebc90cdd044931f3326a4
SHA512 9748447c174e23a7cd800404fde8c8e63bc238ce1f1dcc35bf3c50c1a2a30ff1d900d181b634e7b68515292a2f5810c349334f9581cbd101eb16507177c9c818

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e92f2e20b289808b188db2574b18addc
SHA1 98489885b4e3f405e5c1d1fd6799907661fbd317
SHA256 b7581a2c578be9e6f90644176f3ccf6d2ae24fb11cb5a0c9a2bbf573fe8e4bfc
SHA512 90933409f9d3ea802bb1cddb501d52c61d697540da670d9bd3ea0c65e9e952f2e42ee24ee302a642f763920f648f3bbdd3deb5cfa3216dab20908aeb6009e920

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67d3e6506525e3e2f27bd35b3ccfd839
SHA1 4553b8b4d50e03eb3809e4616efd0bdd017e4326
SHA256 0b414b11b7de02a30b9618b0ce8e7aa975299ff494f26570622091dfa7c39318
SHA512 61087b83b3f9c8260e0c47da96c3e468db366994e6ef0a264212db150285c2009b4f8368d1ec96f3b2939a49e7a45992724f6a0d3419fa2afd4a11983e7d4f02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34118e7dfe0d1dcdcde3fc71d5bb36f3
SHA1 51463c11a965b518862583b7cbc4b0f9313bd3bf
SHA256 d08c5f83614835333bd7974ad951b6966534e62fa8a14656674d98d0d94f73ef
SHA512 6b81d1447eeb42e453ee1c94236c8c28c748f26d30fea07611ba490cdeb9576fef48f981b77dc23c54b1aca4ee0d70323eaf98530bdcb7170521b7b29a2610b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 060b038971d9beedee84e4281bd1fe4e
SHA1 fb4ad3ba006116e2b5bf4cb3acb386b58d8a7b0e
SHA256 9f9431f5bcea2f697c07c263fb47850b276e960b5f7792957968b3910ac74545
SHA512 a9cdca44cfb9a53ae9260be1a89044a87a392f558b3b595c1fba8dc08f6824608cc793ea9dd1aded11dbc0b09547261c7393db8de9131e5c7a52d8878f77441b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 83c8f3afc5fbcfa564052054e50f8def
SHA1 aeefebccc1f6d1fb9378b9b8752bf13dae31bb38
SHA256 7a0c327ba648dcda26bb099f5d85e24c60999aa7d764a0fab2b919f6cf913680
SHA512 af78275f5474b3ca5ed491018f21173712a5d33f15107a785f36d2074168c201b67ba4fe44746d8db38dd0287ce83f782ecb451b321cfdf1289f203be7b7dce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\115f12b2-d011-4a1d-9372-62e5306b9ce0.tmp

MD5 af4318310aa3148292ea02595431e984
SHA1 8e5d5b34d4d7f1f4661be13b70ea860e4e5d52b0
SHA256 fe7e2baaeb0a823e154c14fdd96fb5b79bec07b038249749f4defc77f087ee4f
SHA512 76d835681407e5a33ee2faa8e603d098528f7dcc0284db879eeb89b4d19d88aea4d0ee85b770f25e594b7b3787433dc6d862d2b2f94628e90ae4c8207960cebc

memory/2632-540-0x0000000000860000-0x0000000000F0E000-memory.dmp

memory/2632-541-0x0000000006050000-0x00000000065F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\windl.bat

MD5 a9401e260d9856d1134692759d636e92
SHA1 4141d3c60173741e14f36dfe41588bb2716d2867
SHA256 b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA512 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/2632-559-0x000000000BCB0000-0x000000000BCE8000-memory.dmp

memory/2632-560-0x0000000009350000-0x000000000935E000-memory.dmp

memory/2632-564-0x000000000BDF0000-0x000000000BE00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rniw.exe

MD5 9232120b6ff11d48a90069b25aa30abc
SHA1 97bb45f4076083fca037eee15d001fd284e53e47
SHA256 70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512 b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

memory/2632-565-0x000000000BDF0000-0x000000000BE00000-memory.dmp

memory/2632-566-0x000000000BDF0000-0x000000000BE00000-memory.dmp

memory/2632-563-0x000000000BDF0000-0x000000000BE00000-memory.dmp

memory/2632-570-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

memory/2632-573-0x000000000BDF0000-0x000000000BE00000-memory.dmp

memory/2632-574-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

memory/2632-572-0x000000000BDF0000-0x000000000BE00000-memory.dmp

memory/2632-571-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 a195f69f5994676e2aabd2d04ba1c078
SHA1 a698dbb9012169995d28417eb1845f8539411384
SHA256 a59b13b3eb4b4f53724952ff36503acc752a6bd1fc20c87ec15f812f3e0f3da6
SHA512 bd6dff6ee450c9dfd43b700a9d020eae34d273674fd9c13a48ad9b4d66d82e4d86d9ce0b62a4d922f6c53c38ffcf7c4ab42c3006ea22546e08de2d11bb892988

C:\Users\Admin\AppData\Local\Temp\text.txt

MD5 9037ebf0a18a1c17537832bc73739109
SHA1 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA256 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA512 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

C:\Users\Admin\AppData\Local\Temp\one.rtf

MD5 6fbd6ce25307749d6e0a66ebbc0264e7
SHA1 faee71e2eac4c03b96aabecde91336a6510fff60
SHA256 e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA512 35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52783dceec448365d092b79e76ef8f53
SHA1 9fe90e995d6a7632dfea6b7b90356388f562a730
SHA256 6f14a1a0ead0041a45e2486b1a381325991c797fb7f6fb5e7e87225119717c35
SHA512 07dcf07f84503bbf7cf62006c27f21d84700c7195e679c35d69ab55e5479248de019069f79cda41083aed7038660e41866b7807f32d9dec74d8a93d5c7a58b02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb4cb129029f138d17bb562d30e14ead
SHA1 5638d75d5ba4a5e3c3f7726a13bd8c3327460006
SHA256 77389107a0958831ab5d8ae0e809720d015880f43a0e425ee7383a9ff39bda45
SHA512 c4e9e04d3025804fe5fd6989aab2ddbdbf672442539ebb7e5bed865f3a0fe5d116877cc272b6fd555b8c8466a901c38a1de62307410b97d3c14b610cdc5268e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e257b7a019de4a72491b0930f7875a2c
SHA1 010fd95193ea90e40608f7ae7cc70fcfd6d65af2
SHA256 07747790c822820d413204a7d3289f844eadcf06752f79a91b7cfe7f41b38946
SHA512 1a5bfc09b42e6a6db58164f9f06b54515cb551c8408bd11ae6f07b6f19729d106671c46d97f47a31629de447ac5ab2e62e12ac1faf34bc9baf0f0bd63457279d