Malware Analysis Report

2024-11-15 06:02

Sample ID 240922-kkh1aa1bnh
Target https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
Tags
rhadamanthys discovery persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1 was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery persistence stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Adds Run key to start application

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 08:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 08:39

Reported

2024-09-22 08:45

Platform

win10v2004-20240802-en

Max time kernel

300s

Max time network

301s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714680364902202" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000007393172d7e4da016c8d6520e4e4da01cea2c53ccb0cdb0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2744 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2744 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffade90cc40,0x7ffade90cc4c,0x7ffade90cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2464 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2104,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1984 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5100,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4960 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5084,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5256,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5228,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5024,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5516,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5604 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5400,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5764,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5756,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4536,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=972,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4584,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4976,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5264,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5776 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Revocation of copyright for The Music School\rename_me.rename_me

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Revocation of copyright for The Music School\msimg32.dll

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2140 -ip 2140

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2140 -ip 2140

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 460

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6160,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5584 /prefetch:8

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4044 -ip 4044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 436

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4044 -ip 4044

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 432

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6140,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6216,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5560,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5856,i,10644711880161580796,417683317169620698,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5716 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 uc32c0425de9bdb23310b16810b4.dl.dropboxusercontent.com udp
GB 162.125.64.15:443 uc32c0425de9bdb23310b16810b4.dl.dropboxusercontent.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:443 virustotal.com tcp
US 216.239.34.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.178.3:443 recaptcha.net tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 142.250.178.3:443 recaptcha.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.178.3:443 recaptcha.net udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
GB 216.58.201.106:443 ajax.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.204.68:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 tip.neiki.dev udp
US 172.67.166.30:443 tip.neiki.dev tcp
US 172.67.166.30:443 tip.neiki.dev tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 30.166.67.172.in-addr.arpa udp
US 172.67.166.30:443 tip.neiki.dev udp
US 8.8.8.8:53 api.iconify.design udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 8.8.8.8:53 159.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp

Files

\??\pipe\crashpad_2744_QOOYZULGOFFWZNYR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 c72b3b5436cf63037d98f14282e8d8ed
SHA1 99adf62b16b75a715ed3d5374805bb2eb275ee58
SHA256 0c1624b7cbe438981c4fc6edb816f3e6db5456362c0cf510d5d0b0b0d11e807e
SHA512 6f921714a7759bc10559bb9b8f64be57996096b7b6b950675a6e3139436741d57768886a4fced6b5947d41bd209faeb11a69011802c87c8295cdc76578872f50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dd90d1d14fe6ac6b233b40da3803035e
SHA1 1bfe2b574ed99dd35c26c5339c3eb9276dec6f6a
SHA256 3ac0d24c66b1441afab7f981b0f5890063e887f92d7ec1a3847152b253894c31
SHA512 1382a2a75445166af7978086b72436d141c1410f2da82cd0dc94273201e27dfe1973335be604e23d974a4cf01d56e0a071ab97dd17f4baf12a6020f82787a87c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3e27b6205c42cb6c5e7c691ce6c6db0
SHA1 08ae98c72c4484b6310631bf07cc31bb24733818
SHA256 902774f90562ec9d677b5d216f36697cdcbaffccd55f1c54a832caa23153c0b0
SHA512 a3c9d61038d21b7e3682003428864aca2eef8001bdc869e64760495d554c18c9f621f2064b7fbcb30bed0dd2e9f37949ac9114908e89227b3152cbffe1cd4a98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2b8a935826fd6be19cce6f12d5982a73
SHA1 2bca80657b3909a518dd391611c2f6bfe109af6e
SHA256 d3e581ed469cae8e9e010c8f11ee002c11e784461cebaa66c82093e7092fa918
SHA512 f36d068aba3bfbe837ec128876170bd55d2e6c54694b8dbfda4364bff74742c8faf4a56f3a48cd476d146181adb8bbcbfba69fa1cb83b1f78eb917482996270c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 405335500ed2a44c55875593abbd804c
SHA1 2f30ce9fb8a345b4054fb7a37f9e78a30eba2921
SHA256 c12d019f68ed3d944268de7a0f5c343928cbc9cba6041d9955e86f6f493524c4
SHA512 dad822cef6e31c7a0dfc2fad925dea9666b167073262c2451f3049597208ec06b701032cea3f336f7cabbb35b673fa0aa6e3cc21756b57552c2dce9e0656c323

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d018935e5f2aaa81c52cdf1761759340
SHA1 3b89dd40525389ecd764dadc5ea2c6edf2d88cd2
SHA256 5b8d462ee2a1e062ceaaf7d41bf63342d9523e98080ce2ae0a566b2ee98fcf86
SHA512 96e174b1484ee7de6c0cadf2df832adf5553ab8528f1f78136e425be0ec2423c093948d7a6d0f1747c5ff8e2ac20382a0b44a5baf72f9c279ae4e4d3ca9e8bd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 02e8c766cf071d4741f6e1e5d3d1554a
SHA1 58c10d00412c18376b1fbb8fcad2ce2aecf798ed
SHA256 3ea191b2f9cd7802d70bc8c44b0cea317a782a9343519516f8cc3ebba51b3ac4
SHA512 34e76875a676e683e51df2ad9c7023108ab599ec8b853d37fa5d73c9d409886c46e739286e19257b3fb7e3046db24d8f8cac433bdef9a7d09379b48d40142f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cddaba951068ecbeda5008ceb8f1a489
SHA1 48581f4e860d5c84211440b0151a9c3a955926b2
SHA256 d39dc397885929c6d8b2cab7c63d9e00a36ad0b36449789f2e63c41abea34422
SHA512 47a0e0aee1b6ca0654b18a587708c6f49300ef6b4285511b16a24599d306df9936c687e15efdff7bccfbbde95213b963b5c3498775f3ea36a2ea9c3d8d2b93ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb790890b6c9e07c9b9c0ec29974b07b
SHA1 7e080310453300758f539c1b91d208b31a4164a1
SHA256 d7d82512663bcf275d6f7e6484855935ec94351d2f273101b18c14965916c73c
SHA512 cadf31ce16f8f8ec91513773982847831731eb1ed03527232bdb0f5fa425b270357019d65d836c793383a80643782b5ae3f13a5bd62a2c65c98a07a72d384af0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ddfcd0c24a92682b09302c66de732c87
SHA1 c40c59b5dfd5ca6feaec8b88504ee5a7c5017663
SHA256 37d172fb73ddf74471e711104c24c2b97d6a901ea975d7781deb9f653172600a
SHA512 e14c60ef55f2b9cf60ae0b41191df566de0800a238cd6cda0618255773e7bdfb5e536934e10a3b6f1dd1adf06c011f574b0f733df4fabf672da4ec23934ed4cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 75bf68cade9007e6d40e8f688e782888
SHA1 35222f646b9b8234b85300314d5fb52302d53e58
SHA256 9924a52f089a64d90c408aea9d38ff5e5e32e1186a41319daba8cdee5c15fcc4
SHA512 7f1654103442ff45ebc073ac516d2862cf12ecc29078f8d21ebef73ae7f4efe91a7ec9a6f400c4bbaa0694aec4fce61bc33d10854556a0c8d2a7693b9ed879c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dd1acd1db3e6ba192dd8cb657f993c78
SHA1 074067779d48471bdd138515b54775dae21f9109
SHA256 1e5583229e06124a710c4527e4a632938a4b018b62cecf623ac7598e7015408c
SHA512 987817fc6aea8bfd0ef77cc4f80a472c355697acc0b738c31427fb2936f1dcdfdd08c5e1c598873c7f92c8ee5c50559fda5466c3c8eeab00f38e534f13f52b95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1593ca0b2da5b59e23e7924e347ff3a5
SHA1 54b762d7315292f32e947e3cf2748cfb747b4bf3
SHA256 3ad467952212288c672df5aea50dfee381bcaa6c49abc2ef9394acb5004f290a
SHA512 cf0aa688bfe5ad2053e162156e7a61ca150b9ff5fa7667d3bc5f05a10822f4520613ccf27da8edcd4f311645004038e7d16a994d9a9db7263e39057948129b06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 cd1bfcd9aab93c5ec8880913f48443ed
SHA1 1343a6aa12bc4a8d43fae43e8bea0a674195ae9d
SHA256 17960fc6ac40cdc6c2f8e6bee9d68f0d7fbfcef5dda1453f65958b30c1d21196
SHA512 d7f1cb15a4795da5a13158b13ab8acf53ec24b8f83f910bcdd5a3fab0daaf4f5c1ba9ee3cbf20588a904cb6fa439af10b8df65107a049d2c54b391c048204ef8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3437423a60e8ea3423d4ac9a86cc5c09
SHA1 46675de4a43ebe8b939774207da0c491c1cd267b
SHA256 4ff59b3e6d4b8af510a8307cfe17ed19acd92cfaca9c15431285b04926697a04
SHA512 491da1ad58aceaef97bfc0ad512ed01b0925de54b1e566bb62d0197f573529153194d398753a651aba34696faa3678167c289856759ff191867f59f572f61508

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 6b5c5bc3ac6e12eaa80c654e675f72df
SHA1 9e7124ce24650bc44dc734b5dc4356a245763845
SHA256 d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81
SHA512 66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a223f0a370e39a618d7747ac50e3aac4
SHA1 c5bf9de0d823f0442418b2ef1a7eb4fb01ed5366
SHA256 c23d660a4e32f73846075c10c5620f1fd570b2f336c9b6a487fb21ef5e42361b
SHA512 f40d6bb1f095b6e04c22e19a0800f7e56a9187fc7d8ef9335a767acddbe78c9470b9feb24f4a9c52f5ae118f64b0cec7d2d3833e17f99aa49c2011ed15c1f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9eccd2f65c4a68b45bc4be60d78bba0b
SHA1 c384b0dad0de83bbdb7c9da73bbaa042880e5135
SHA256 436aaefc014c64b64fad41414282786e6ec51fe8d47c4ec1ebb7cef2a7501aa1
SHA512 fd7184424887743fdef3cfa52203211e11f81ec246e131a4db5e951b623672dfc5e3732f02cdfef5f6a2bfe9d50ea6876b14b4b2a1fefa4ae4d02340183ca4e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5be7e85e8cf798f7654774b248e63ae2
SHA1 efd039c96464cad1c576e9b230c277455b489b0a
SHA256 8e905921bfb6f628142e8df099a2cdf2b8a1e8edc41dfe1e8672a226d8d3c4fc
SHA512 6760fdb458da1a8786b7659f27183c1a66b62f811e368be5774199429e8890675fac2ba9515bea24ee19e96e341d203bd083fbe6fe2b2fb09a79304396d53d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 42c1a8b3b2d2d9ac94c5e09299730d65
SHA1 0b171aedbe86377aab51b89f38ac341b5ee3793e
SHA256 5732c86af5a760f1e4c267504e0560ea9f4daa21b7c2994a90a78fb53352ce37
SHA512 f953e983d23b014c7d9e2492f62b707cd132245015b7000fa2d5b2aa68371552c627eb3773f6da31ae812e24ef7321cdadb90e39a6e39d14733e71c1d229e215

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46778e7f51319af8bcecf07234c84647
SHA1 0cd92df091d10b48f09c4b5875816cc2921199a6
SHA256 2942a7a08f6902d580436b496e826486865cda168d4ff6e21f281310aa3e20ff
SHA512 5c4cec06fd695fa237371540cbb5d673f6148714a3f37c141b7abae1799e8b471bbf764e7c4170103414f7239a1ef79c3f90fdd27f490f4f476f3b95e2ab069d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e3771e699bf15b1ad40c77e795c96bb0
SHA1 f1eb55ddacef6917cdf8ec11aa750d7a271560bc
SHA256 3ce9371254af18d642d0b46633899911e4b9279c093f6ad779b82f4f86788b25
SHA512 5d09bfcf960d206c4249d76e82a69d048601e125459add804285cb44eb60883202b0add427cbf72252a9cea544d11be2b709cd35b1c70645c5551f9b34a9c77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8099fa8cc0de11f29864d23cffd3ac2b
SHA1 02c4c2a39ef90300b3efc618df1d481df070fd8d
SHA256 3e1c0604e28c8a94e7a952a297149a881c8be2e510b215f976b8f4b96d598296
SHA512 bfecf79416f9f1842474589c8f580fb67a09bc5063c90db9b71c9f0f66077b55eedf32f1c258d78804adf7ed5bd44f7aba6a3676acc1923c2c3d24415d212f27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 d112e20899bd1f495e43272580c62e84
SHA1 d5c594949b0620a9793f9d3da36c979712c48629
SHA256 be34410e1dc4d974fd2188d347986fab99e3958d803789d13f371c5689132881
SHA512 2e322b63441363e31f794fd3b967557a6438eb8e48856878feb55b42bf86eead56af5ff4e6c0d23a7bd8bad4049e91f01364df49bcc14ff84920015b786ae37f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 6468fe74704a869177cf319d8f748c8d
SHA1 62913d5c4abf194db6f57943cee2958ddedf352c
SHA256 30ae7565a8fa4fdf1a8b74f17ce5592e4999da9c72391272a2fb9676b6269913
SHA512 6686ff8786411a264bec5ffa0a5955ee6398be2dcf02b58fa26979974020f925ef20c6c814c869c01dcbbe0dc97a3d871172b32455081ed2662b5c1d83d80122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 48743a670fa866d07b162f046726b2ec
SHA1 5f180be674c56c4519f531f0796b5b958c20127c
SHA256 9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966
SHA512 cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 fd91b53c4a62878e592cb2cbfe909e11
SHA1 1ca9a8865efb94e1d6809cb558acc5f59f95a5f1
SHA256 a2903017ae6d8a2e02f2205df637ab5f1a99401b4ac668ea02762652b95c127e
SHA512 ece89edb4ceacba51f091cb137fb1cecd06cfbb3f0e11659a89d20a0df80536046c625ba850c08570c70f090b6f77508c2a21b23c092d2df301f128f81d95e09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 0cf073ce762780b25ab047b7bd97a1e8
SHA1 be0c7a673506bcd55bf1822c764221ed40030ac3
SHA256 5612e9131414c70749cd41849fc05f52803ab4638eefa88edcab8719c2816619
SHA512 7dac21665988e09c74ebdbf85da4a69208cc167e807056da03936bf5899e78d4dd2b7e2ce302fa559450c9df33483bcec316995be19c8adcc1cbc46a67d0fa91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 35a46116980c974751122a331d47fd84
SHA1 cd6e9014e38596c681641a27706124b5b69f86fc
SHA256 ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66
SHA512 aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 0269e17f9d0adb75469a6e98c3c31c88
SHA1 6ec47bd1b3a376cccd09ce868ea4ab6b9afbe93d
SHA256 b4a13a63f8b221e9eb878a8de64cebee958a48a77f5c1926e77218bb75c4d682
SHA512 3fe2b9243ff891f104fb0e78ff30854dd93a46f28f81f46b5268fb40d83dac7f24d0038097297fab12343ae4d5d768b8856d7d428a506d2169916bcdaa615ed1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 53436aca8627a49f4deaaa44dc9e3c05
SHA1 0bc0c675480d94ec7e8609dda6227f88c5d08d2c
SHA256 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
SHA512 6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 1435f3cfd01bf0f3c24b8983e6780db0
SHA1 439ab7ffa6f9d5b654710691d8736eedf2b6e892
SHA256 8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47
SHA512 dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 e6d5b5fc3025ed5445db4405f1d80d6b
SHA1 703536f74a7b6132844c9c8bf8bce847105ffc6e
SHA256 460cc6876c723e6d7a174a0e0e0f3e136e3b332f2c93b56958ebb48608fad9a1
SHA512 9dd2d6df34cfa9528daabbf46034b413f08b2c27d85a5def6d30dbbce2756a3728999f429c37f8ac7f0b9924aa9f1349a53735506fe679509367c8319a2dd425

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 af266a0cd89a8200a4af64818f2cd04c
SHA1 26385ea40e4ce69a9022fd88724c782b24def3f8
SHA256 5ed8df5fc3ea02b44fdb36ff773a0415c3daaf2b92d14888da7456e50c92d072
SHA512 64d032e29bf784dc63cdaf6563a0619e203c8ac3d464bb6259936afa7717c9872e89c9b618d2aff3c74ca9d62ecc2f46f8b2ba59e6b5c81e3e71fd3da0ff39e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b4e43ab93d6ab7757f02bfca63d1d619
SHA1 c51a6011d9783fb3d005502d16f2e2b35c873f29
SHA256 7f7624572e6004aeaa34fb1aa2db8321431f81fc8f3e4194d09b3911e7436ef8
SHA512 b2e1a4422270fc0e6109c20f3a7f16ad316c1210126e3e1d73bf9225a127069159d3613d8143f28b570f1ce0ed312c6e453c9e23b8a713449469b6486c72a4e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b7dbe11802b15385a9da44d48b928cf
SHA1 a3e0878519e238342184db440bcdb5378f981932
SHA256 76fa95e2502f2d5c2053697f0be9e9fd81395cbfdf3b36e256192337886fdaa7
SHA512 7d09ac8018415ee05cfd270ab17dc99dc5a307244567075de8da67189fb3338b3f454272af8394331b282a8982dfff53d298dc63f63defd906e0de2a395705e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e06d1f7bed3e70630f97a93dccae206
SHA1 8cc735087834423f7ea1565808611d1eed2482a9
SHA256 a9583e8ec58f4c4ef6d9f88573efb4e884327dd17d96a37d89afc08d60ac6df9
SHA512 102ecb135c3aa1fc504e5655ec80135a18ce5627527f8ef4e8f142a46c1a18384179f3f9fa050afce5674ce2713cf2d15b955c36af02a2372d65874fd78409f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec162b570d982d83_0

MD5 679a812c4e899de5a297d2fd34c2bc92
SHA1 90d8a3031ed41a73e8f2275d687487ba0c313476
SHA256 07536f3702cb30f70d68a8e38d8b2f469149604c835769889886a63927a58aeb
SHA512 c342efb790314b289ad60e603e186503e6ab20933a1eec14e8040710984e8781d647f996dec0ada5c977f34de731348f7100fe8e4e39091c5cb0023d1b6e330f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\033b1994e07850fb_0

MD5 98f313dda0e72f43c10b0b923c69c5cd
SHA1 a525b18f068ca050f80dc6be98c315799ea1d437
SHA256 fd6b77cca1cee77c2a146740b075943fe0c5f0ce364df527735154fae3ecc5f6
SHA512 e3abe6abda654afe916aa115c57294d0afb583a1bdfc005f3a851241001fc6e661d550572d0b2ed5561125cb095be3d6efece1bd4562d47b101e47b86082c230

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fcf8a76ae3f95cb5a1a51b286db6e081
SHA1 98d9be9a923dac714881995e239d493dfc1552fe
SHA256 b06cce759ad6fcf16e0842b8ce02e81998171358edb3b65e1b063e562d5dc78a
SHA512 af345ec933be10bde9046e3bc9545e7ef9d667021217c98ab1c822cba13b8905aad916fc12aac138a0d9116c200599c6bec746cdf0ab0817899a5bb181ffafa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae9d32e1078fdd8f22ed8fe4f1081e53
SHA1 fd213ce0aaa3d32a934ab9f79dc6b63cf0ada5ba
SHA256 dd7e4fa86d0061b214d6713cb6dfa93665707c3ac98ac6741e81c02f6a15e681
SHA512 2d1b649abbe2375dd29b752532769757e2817619d438d5ac586b5615c5e8879f2b61d2e7a7c637682b1f6130b8af78c45f5db7bc5232bf58d381e3047aa5c90e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9ac648d4-97e2-4548-b106-3b8c2ee953b2.tmp

MD5 3520673d64aa789101545397af3d422f
SHA1 c6659b84cd874fa28de06938025fd24e5ee52f01
SHA256 c3b611da399b618d66aee76212d467ec0e0b63d04b8d226d4f8154225566ecf8
SHA512 094ccc4db780a14f1595ccded4f656d6dca5b87aad67d6d1ded636c47ef766f6ddbccbfbc4e4873cea305fff3c7c27f9d41573c83fa1ec6fa24eafc191f94972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cd04bfb7a699458430054d3895cca1d
SHA1 f457ea36adcc784d3995212633aeb3153dadd5df
SHA256 8cde65cee0a42c21ce02d065a61755b0109791337ef9b8eb1ddb6b5893d8b330
SHA512 c436966881c4bdb36e0282fb65bf882e45e4fe66fe3aec6f39b02496d36f9566bf13f4725834826ec5156bb10233878bf7a161ee54d73ed76ee2de012c56e827

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ea14fa04b1b7f89b67c3b25c9ece035f
SHA1 fb4d8ec2d7ed8ad0fb11023674c9db97c98c20e3
SHA256 183caf13d21464f0609609e324a0b0f7a10fae888ed96c21e16401ac92ac16bc
SHA512 d95f60c22ff39628577a8702d560363cf50e5024dda7258e63ce97b5c182a47b81610a783bccb295dae6a6283dff3bd1c4dbc4ca78a438255fa4581af474ea3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6604e491bcb35650e14169e1a723ea93
SHA1 7f911d09dd1d7852c1c7f18dd499ab362e7c4186
SHA256 be2a061ac54895a9e0f2f4782ea4c3c26d6da96ebf055863dccdb84fda4e8780
SHA512 2a3d56e6c8b06a4c450690a0b19bfd9ab22ea653364bc79d31383b382c26de5006c7f1174497d8669389043ac9d161c531cabdf89ad5bd5b0907a8b3eae03d49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c7f16bedea98584ee2b328ca9cfeb1e
SHA1 fd5fabf9e77792e0c69687357bad3306671f3258
SHA256 5df049146139dd5dc6c25a6c4d383daee5599d802bf8fde481791dee1f35ac25
SHA512 3f8baaf32311af7b69fb8252b1f88ff3f6b4df7717bb3e18d3aba8ffe2e2cd2f2425de6dff4d74d2f7a11cf8406f48a92a049d278ba814dadc25b1587d155e02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b045c2bd9e25e35421845174217ff72d
SHA1 840b0c566c467332f862f69285a81452f2990ee1
SHA256 88d3e2433102b3aaa6bb69a98f3dd76f21a674fd51478833d1e9cf140403f111
SHA512 69e404fa1cf19d0930d7024ec98327adf4377636347e88ac803d5f061398882b4d8dd266f53706f579651e67e5f1725aa52bb7db25f5898c05486fa832dde997

memory/3372-597-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3372-596-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3372-594-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3372-595-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3372-603-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3372-600-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2140-599-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/2140-604-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/2140-605-0x00000000039E0000-0x0000000003DE0000-memory.dmp

memory/2140-606-0x00000000039E0000-0x0000000003DE0000-memory.dmp

memory/2140-607-0x00007FFAECD90000-0x00007FFAECF85000-memory.dmp

memory/2140-609-0x0000000076DB0000-0x0000000076FC5000-memory.dmp

memory/4936-610-0x0000000000B20000-0x0000000000B29000-memory.dmp

memory/4936-612-0x0000000002A40000-0x0000000002E40000-memory.dmp

memory/4936-613-0x00007FFAECD90000-0x00007FFAECF85000-memory.dmp

memory/4936-615-0x0000000076DB0000-0x0000000076FC5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f4f39084420b79b2531188c2f7b0f1a
SHA1 e2f9e1b00e345e33ee57ee072328dce9dcb79316
SHA256 73221dacea744a5ccd4fbf19d4c2c18ac166967e4bb2d22ab6f4919f63f45013
SHA512 98d1a5d0b88df551afec8a2166ae1828051ddfb57212b27ff6d3a27149a5751848df495a6356a03f151e6b3349fc62dcb812243a1bfb56d8dda899469d09e9fc

memory/3752-625-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3752-628-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3752-627-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3752-626-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/4044-635-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/3752-633-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3752-632-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/4044-638-0x00000000036D0000-0x0000000003AD0000-memory.dmp

memory/4044-639-0x00007FFAECD90000-0x00007FFAECF85000-memory.dmp

memory/4044-641-0x0000000076DB0000-0x0000000076FC5000-memory.dmp

memory/3356-645-0x00007FFAECD90000-0x00007FFAECF85000-memory.dmp

memory/3356-647-0x0000000076DB0000-0x0000000076FC5000-memory.dmp

memory/3356-644-0x00000000025F0000-0x00000000029F0000-memory.dmp

C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll

MD5 8da23dbb8f4b718bf99600febd657bfd
SHA1 2bb78d79d2137460b7a969d7b97fe8fd7cae54c1
SHA256 c345eded871650d87eb8961d4b1fa59c76160d89045ef49a0b6239bfb7ab90fe
SHA512 113805bed2e98f0307299071d0c2d7cfaacc74478d306309927b27f8251fa5c6657e8f1baf69dd3a1131b9664a6d4f18191b2079605cc48bb031df66a1e5a1d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

MD5 efa23c94adb91a553397708086b86887
SHA1 50cd767a44439774c7d672bd2f2a3dc98903ecb4
SHA256 f871d561796d90268323a444c0571203bb333db3c9aa5ebd3a804faabc001abf
SHA512 fd07bf4222aca72e5265fc2b302966a3b21527d19c23888011c961efda649970609de868654ec8f6f67acf3cbfd81c0f475dae7787153c87be0f654477c7b232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1aefcb9e268e9f4f268cd92f380bfcc2
SHA1 88739060a6ff3716ce729ca54648fc6150fd8b02
SHA256 91d55d0fa1918b7bd927f255471fc67e67f4190d793fcd54265ffc7888ba66ee
SHA512 796597353fe1008a9e2449c175a0a9304162ee5ab84d2cc887e88bcb5bf035f9fca27b3685f8c2422ef52e2c34bc5ce6cf3c13cd7a1ed39b84fdd15f1c491439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

MD5 7205d613654631c6917c3661fb0f4e22
SHA1 21a8f121076f3fd1af4652cb174bb2b1cffb2877
SHA256 522efe5dce41b5a2d6a4e66f93101b1067ad9c8cddfbc262b90b9971fb6fcef9
SHA512 5bed71172e651b13def5ee53975d4043179940a92b15d962b329edef673a79a0fe1f8e35344bdac10a649a1d97f89b9e22207a38fc29f577f8d2716badfe3ceb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

MD5 6fb71877a6afc1a7f5778ff8782c5b56
SHA1 33c7dfde8935ef3a9148bf58c252eec225ceca9a
SHA256 0433c2f66092866a9bbc91a6fd4faefce710e428137a19502c42a6fe738f3830
SHA512 a77126f8aa2256df1e21ebb0c06ffa4a67a556dac2a9ec0f55eb255407d7e682fe740d221442be35089656d88dabe1ecc8486f595b808ae39ecfe328992480ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ab1b007f266c3de33c1b699b3307c1d
SHA1 f5ee03dbf4cb57333a2b7876afdf88a39d75ebb8
SHA256 188843bff8432572dd54072d3ef06c15a521a064cd705febdc0c75a4f4784f6b
SHA512 c391a7a6a2ed410921683e5f213b3656bc3315f40706085075863542c90f712f6063ba0715ad7e046a9a38a3cc40559b2a1d2061baf91ab4201f03a999c58f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c90b2fe67800791a0fc5251dac603fb
SHA1 2fbea1d7db917101c75574edb433d4b684a6ea8c
SHA256 9021da80a58eceb853d482ba0c8b46dac52f59d4205ed5ac449d490068aa8d54
SHA512 1be6e907d8be0d5f70015d5ff42af3bdee78149d96cb3df02eb05d80e24518ba818ae3a6bbcc0f677f5d19046b5b4a67c9ecf310019983bf02a442e9569baaba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\efd885b0-7344-41ff-a362-6373aa98dbd8\index-dir\the-real-index

MD5 d203ca6fe41193b52a82be80d0593a37
SHA1 9dd320c002e6f98af3ab4009a96b1c6e054b0447
SHA256 bf9518e4a31788d3fe10f7681e3b363ac3a849807c628b6ea33997e3e9e74de6
SHA512 e9a68c7a4db20ae684db03ad541e5fcb446b911f72435643c923d49ff5e87cd04b37d4422d8720a4f28a2a1b2ac1247fdef1d0b620551f604f9349f24dbf2060

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\efd885b0-7344-41ff-a362-6373aa98dbd8\index-dir\the-real-index~RFe5bec22.TMP

MD5 ad1570e303521df9058a6ebfae72a3c4
SHA1 49d4c3b0b41f929026e432cda53dc68f88f2c93d
SHA256 5ff030e199580bd48225a9e38884b653147e40bff29a9728fd64ecc0a0f12b48
SHA512 216c6fbde018c810fd1c0944596f19397c297d1e4c9548b1224ec53def43617b7e265e3fbf0ecea9ec0c001213274fb986fe9931acd6e38dc43189d66c2b7596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5bec50.TMP

MD5 1320c37f9e23b24cefc0d76b3e65a5b6
SHA1 22450e520def22942ac85595d3f8339b06516305
SHA256 6473109d469c14a62d31c11be3a252176e69c08ad4dd3f578186fc15a0f36778
SHA512 b57475640584ef991bb475eb2cfbb64fec9856ee6c08188c94df4281541f52bf8b277e764bcf3945ca4b8bc35f910e2ad11eebeb6a29db4783b1e872415d0c36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

MD5 841ff915d29bd711ef66057b612b041a
SHA1 cf46e28cddf720ad684661d1d435c7920ec1f1c8
SHA256 d0f7e10d0100b94d7f4369381a606f6a2c669342586fec1c99104f2537981e8b
SHA512 df6e313d6d305516ab19e4319b233b87a1fa12860a1442ea23d48f35ebf65b713a06e1bcaf786cad42f6b234bc47fc44a372d20aadd5286c25978372401e726b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5f755fbc694d9bfbb6e6d2d9a48205d
SHA1 63af77a8e3047bd1f8ee994d4e78f9ee7cabd7ed
SHA256 1140c1a52c2a5acdc7a482f0b9cae0dd8662c2534ffa15d4b887960f365d0571
SHA512 b670eb6734e194d71984e3c7e930550cc7f9dfc577cc157f96937e022e635bdd48b00d65c00f3732658509de0f3c688512a2dda4c4616a4ab5058012804dcf7c