asyncrat | 110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a

Resubmissions

01-10-2024 16:24

241001-twvynayfpr 10

27-09-2024 00:57

26-09-2024 23:29

26-09-2024 18:54

26-09-2024 18:38

26-09-2024 16:26

Analysis

max time kernel
1500s
max time network
1155s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
26-09-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Toolz (astro).zip
Size

161.1MB
MD5

103e93f9408f4195f294dc1aea765604
SHA1

6e25051cb67851af85c1df5d1b91a90321e0957e
SHA256

110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a
SHA512

99dc616c28b3389bf4c5b49eaa5cb2f91eaeb0c9a22147a5da5bbe9e1dc061410f90ebc8e0064a4a070faba40448b551278cc578fa8dea638f9e45a27cbcdf56
SSDEEP

3145728:sZparHZgZR/+0kZSi9vkbRNjX8GXKXaU5OgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrl:6oGZp+0kut2OgTIJ7y+rL5oxaNb

Score

10^/10

asyncrat stealerium stormkitty default defense_evasion discovery motw persistence phishing privilege_escalation rat stealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:3232

Attributes

delay
1
install
true
install_file
SteamSetUp.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Stealerium
An open source info stealer written in C# first seen in May 2022.
stealer stealerium
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Music\Toolz (astro)\Plugins\eMTYbTz0gueNs4.dll	family_stormkitty

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\SteamSetUp.exe	family_asyncrat

Downloads MZ/PE file

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral1/memory/2480-790-0x0000000000D20000-0x00000000043BE000-memory.dmp	net_reactor

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Executes dropped EXE 9 IoCs

Processes:

7z2408-x64.exe7zFM.exe7zG.exe7zG.exeAnarchy Panel.exe7zG.exeXBinder v2.exeSteamsetup.exeSteamSetUp.exe

pid process

2232 7z2408-x64.exe
1720 7zFM.exe
2504 7zG.exe
3632 7zG.exe
2480 Anarchy Panel.exe
1916 7zG.exe
1636 XBinder v2.exe
6008 Steamsetup.exe
2428 SteamSetUp.exe
Loads dropped DLL 5 IoCs

Processes:

7zFM.exe7zG.exe7zG.exeAnarchy Panel.exe7zG.exe

pid process

1720 7zFM.exe
2504 7zG.exe
3632 7zG.exe
2480 Anarchy Panel.exe
1916 7zG.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2232	7z2408-x64.exe
1720	7zFM.exe
2504	7zG.exe
3632	7zG.exe
2480	Anarchy Panel.exe
1916	7zG.exe
1636	XBinder v2.exe
6008	Steamsetup.exe
2428	SteamSetUp.exe

pid	process
1720	7zFM.exe
2504	7zG.exe
3632	7zG.exe
2480	Anarchy Panel.exe
1916	7zG.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SearchIndexer.exe

description	ioc	process
File opened (read-only)	\??\o:	SearchIndexer.exe
File opened (read-only)	\??\s:	SearchIndexer.exe
File opened (read-only)	\??\z:	SearchIndexer.exe
File opened (read-only)	\??\h:	SearchIndexer.exe
File opened (read-only)	\??\j:	SearchIndexer.exe
File opened (read-only)	\??\M:	SearchIndexer.exe
File opened (read-only)	\??\J:	SearchIndexer.exe
File opened (read-only)	\??\L:	SearchIndexer.exe
File opened (read-only)	\??\t:	SearchIndexer.exe
File opened (read-only)	\??\u:	SearchIndexer.exe
File opened (read-only)	\??\A:	SearchIndexer.exe
File opened (read-only)	\??\B:	SearchIndexer.exe
File opened (read-only)	\??\G:	SearchIndexer.exe
File opened (read-only)	\??\w:	SearchIndexer.exe
File opened (read-only)	\??\W:	SearchIndexer.exe
File opened (read-only)	\??\Y:	SearchIndexer.exe
File opened (read-only)	\??\e:	SearchIndexer.exe
File opened (read-only)	\??\l:	SearchIndexer.exe
File opened (read-only)	\??\P:	SearchIndexer.exe
File opened (read-only)	\??\m:	SearchIndexer.exe
File opened (read-only)	\??\n:	SearchIndexer.exe
File opened (read-only)	\??\v:	SearchIndexer.exe
File opened (read-only)	\??\N:	SearchIndexer.exe
File opened (read-only)	\??\p:	SearchIndexer.exe
File opened (read-only)	\??\S:	SearchIndexer.exe
File opened (read-only)	\??\V:	SearchIndexer.exe
File opened (read-only)	\??\x:	SearchIndexer.exe
File opened (read-only)	\??\a:	SearchIndexer.exe
File opened (read-only)	\??\E:	SearchIndexer.exe
File opened (read-only)	\??\H:	SearchIndexer.exe
File opened (read-only)	\??\Z:	SearchIndexer.exe
File opened (read-only)	\??\y:	SearchIndexer.exe
File opened (read-only)	\??\b:	SearchIndexer.exe
File opened (read-only)	\??\Q:	SearchIndexer.exe
File opened (read-only)	\??\r:	SearchIndexer.exe
File opened (read-only)	\??\k:	SearchIndexer.exe
File opened (read-only)	\??\q:	SearchIndexer.exe
File opened (read-only)	\??\R:	SearchIndexer.exe
File opened (read-only)	\??\U:	SearchIndexer.exe
File opened (read-only)	\??\X:	SearchIndexer.exe
File opened (read-only)	\??\F:	SearchIndexer.exe
File opened (read-only)	\??\g:	SearchIndexer.exe
File opened (read-only)	\??\I:	SearchIndexer.exe
File opened (read-only)	\??\O:	SearchIndexer.exe
File opened (read-only)	\??\T:	SearchIndexer.exe
File opened (read-only)	\??\D:	SearchIndexer.exe
File opened (read-only)	\??\i:	SearchIndexer.exe
File opened (read-only)	\??\K:	SearchIndexer.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

798 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

chrome.exe

pid process

6812 chrome.exe

flow	ioc
798	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

pid	process
6812	chrome.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z2408-x64.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe

Drops file in Windows directory 6 IoCs

Processes:

setup.exesetup.exechrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

RdrCEF.exeLOIC.exe7z2408-x64.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeAcroRd32.exeRdrCEF.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LOIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

5712 timeout.exe

pid	process
5712	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exeAnarchy Panel.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TypedURLs	Anarchy Panel.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

SearchIndexer.exeSearchProtocolHost.exeSearchFilterHost.exeSearchFilterHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000dcf4128c3110db01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fafa968b3110db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9911 = "Windows Media Audio shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000067a6048c3110db01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe

Modifies registry class 64 IoCs

Processes:

7z2408-x64.exechrome.exechrome.exeAnarchy Panel.exeXBinder v2.exechrome.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000004000000020000000300000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\NodeSlot = "25"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000020000000300000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Downloads"	XBinder v2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 78003100000000003a59768411004d7573696300640009000400efbe0259ae7a3a5976842e000000555702000000010000000000000000003a0000000000ae6a16004d007500730069006300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003000000014000000	Anarchy Panel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000020000000000000001000000ffffffff	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000004000000020000000300000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\Shell\SniffedFolderType = "Music"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\25	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\23\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202020202020202020202	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d902000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f60400000088000000	XBinder v2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\23\Shell\SniffedFolderType = "Music"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupView = "0"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Anarchy Panel.exe

NTFS ADS 3 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\download.jpg:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\download.ico:Zone.Identifier	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exeschtasks.exe

pid process

4948 schtasks.exe
5128 schtasks.exe

pid	process
4948	schtasks.exe
5128	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeAnarchy Panel.exechrome.exechrome.exechrome.exeSteamsetup.exeSteamSetUp.exe

pid	process
3484	chrome.exe
3484	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2860	chrome.exe
2860	chrome.exe
5396	chrome.exe
5396	chrome.exe
6248	chrome.exe
6248	chrome.exe
6248	chrome.exe
6248	chrome.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
6008	Steamsetup.exe
2428	SteamSetUp.exe
2428	SteamSetUp.exe
2428	SteamSetUp.exe
2428	SteamSetUp.exe
2428	SteamSetUp.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

OpenWith.exeOpenWith.exe7zFM.exeXBinder v2.exeAnarchy Panel.exe

pid process

4484 OpenWith.exe
3616 OpenWith.exe
1720 7zFM.exe
1636 XBinder v2.exe
2480 Anarchy Panel.exe

pid	process
4484	OpenWith.exe
3616	OpenWith.exe
1720	7zFM.exe
1636	XBinder v2.exe
2480	Anarchy Panel.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SearchIndexer.exechrome.exe

description	pid	process
Token: 33	1204	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1204	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1204	SearchIndexer.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe7zFM.exe7zG.exe7zG.exeAnarchy Panel.exe7zG.exechrome.exe

pid	process
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
1720	7zFM.exe
2504	7zG.exe
3632	7zG.exe
2480	Anarchy Panel.exe
1916	7zG.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SendNotifyMessage 43 IoCs

Processes:

chrome.exeAnarchy Panel.exechrome.exechrome.exe

pid	process
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
2480	Anarchy Panel.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
5396	chrome.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe

Suspicious use of SetWindowsHookEx 41 IoCs

Processes:

OpenWith.exe7z2408-x64.exeOpenWith.exeAcroRd32.exeOpenWith.exeOpenWith.exechrome.exechrome.exeAnarchy Panel.exeXBinder v2.exeMiniSearchHost.exechrome.exechrome.exe

pid	process
4776	OpenWith.exe
2232	7z2408-x64.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
3616	OpenWith.exe
4820	OpenWith.exe
4784	chrome.exe
5772	chrome.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
2480	Anarchy Panel.exe
1636	XBinder v2.exe
1636	XBinder v2.exe
1636	XBinder v2.exe
1636	XBinder v2.exe
1636	XBinder v2.exe
1636	XBinder v2.exe
6344	MiniSearchHost.exe
6980	chrome.exe
5152	chrome.exe
2480	Anarchy Panel.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SearchIndexer.exechrome.exe

description	pid	process	target process
PID 1204 wrote to memory of 5116	1204	SearchIndexer.exe	SearchProtocolHost.exe
PID 1204 wrote to memory of 5116	1204	SearchIndexer.exe	SearchProtocolHost.exe
PID 1204 wrote to memory of 3544	1204	SearchIndexer.exe	SearchFilterHost.exe
PID 1204 wrote to memory of 3544	1204	SearchIndexer.exe	SearchFilterHost.exe
PID 1204 wrote to memory of 1584	1204	SearchIndexer.exe	SearchFilterHost.exe
PID 1204 wrote to memory of 1584	1204	SearchIndexer.exe	SearchFilterHost.exe
PID 3484 wrote to memory of 1468	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 1468	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3760	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 1868	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 1868	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4816	3484	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Toolz (astro).zip"
1⤵
PID:2696

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Enumerates connected drives
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:5116
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 2632 2628 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  - Modifies data under HKEY_USERS
  PID:3544
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 2672 2608 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}
  2⤵
  - Modifies data under HKEY_USERS
  PID:1584
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:4932
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 2632 2628 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  PID:3528
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:6688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4756cc40,0x7ffd4756cc4c,0x7ffd4756cc58
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1488,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=580 /prefetch:2
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4404,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5100
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff619194698,0x7ff6191946a4,0x7ff6191946b0
    3⤵
    - Drops file in Windows directory
    PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4284,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4432,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5288,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3404,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4960,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5048,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5636,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3520,i,5942700211851676751,17879484258300076034,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2684

C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4484
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Toolz (astro).zip\Toolz (astro)\888 Rat v1.2.6.7z"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2176
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22069858A6EEAABDAED51C62FDD70B58 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3660
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1D55A35CE98D08CE472FB212FEB6819D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1D55A35CE98D08CE472FB212FEB6819D --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4988
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3DA7161B4D503E3649F97C48B0A4A69A --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:752
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ECB6A500B4D16F5B269E153392148678 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:708
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6598F9A83F60B7D2A23DE9057EDAA947 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Users\Admin\Documents\LOIC_2.9.9.99 2\LOIC.exe
"C:\Users\Admin\Documents\LOIC_2.9.9.99 2\LOIC.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Music\Toolz (astro)\888 Rat v1.2.6.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1720

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Music\Toolz (astro)\" -an -ai#7zMap31533:108:7zEvent15685
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:2504

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Music\Toolz (astro)\" -an -ai#7zMap22400:114:7zEvent6718
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:3632

C:\Users\Admin\Music\Toolz (astro)\Anarchy Panel.exe
"C:\Users\Admin\Music\Toolz (astro)\Anarchy Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4820

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Music\Toolz (astro)\" -an -ai#7zMap12391:100:7zEvent16852
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:1916

C:\Users\Admin\Music\Toolz (astro)\XBinder V2\XBinder v2.exe
"C:\Users\Admin\Music\Toolz (astro)\XBinder V2\XBinder v2.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4756cc40,0x7ffd4756cc4c,0x7ffd4756cc58
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3532,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4680,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3528,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4980,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5316,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5624,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5796,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5340,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4896,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4492,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4424,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4512,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4296,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6260,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6304,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6548,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6696,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6724,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6980,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5828,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7188,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7004,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7172,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6240,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7080,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7488,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7084,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7764,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7928,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8028,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7056,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8324,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8460,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8188,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8356,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7712,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7508,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7992,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8116,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6208,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7076,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8652,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8816,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8784,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=9076 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8844,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=9208 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=9368,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9388,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9528,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=9684 /prefetch:1
  2⤵
  PID:6236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9804,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=9820 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9844,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=9956 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9980,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10100 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=10124,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10256 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=10248,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10400 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --no-appcompat-clear --field-trial-handle=10720,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10740 /prefetch:8
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:6812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10620,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10864 /prefetch:1
  2⤵
  PID:6876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10420,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10892 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10924,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=11000 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=11124,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=11148 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=11156,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=11296 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=11420,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=11440 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=11432,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=11436 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10780,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10672 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=10408,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=10612 /prefetch:8
  2⤵
  PID:7216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=11808,i,13988987499723368822,11907217067032687839,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=11912 /prefetch:8
  2⤵
  PID:7224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2392

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:6344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4756cc40,0x7ffd4756cc4c,0x7ffd4756cc58
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:7672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:7836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:7848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4336,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:8028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4740,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:8116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5296,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5352,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4456,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4848,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4584,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4316,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3332,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4424,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3812,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:7408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4624,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3348,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5580,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:7412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6096,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6120,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3780,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4564,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5840,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5616,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6048,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5628,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5600,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5604,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5668,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5644,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5620,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=3108,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=4788,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7664,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7596,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6460,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7680,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7736,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7740,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:8096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6812,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=5980,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6796,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6768,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7856,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8352,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=5976,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8508,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8532 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7936,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:7408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7976,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8248,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8272 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=6440,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=8408,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8152,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7280,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=5624,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=8368,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=7404,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=6076,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8524,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=6396,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=5468,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=8320,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=8292,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8204 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=7500,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:7480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=7484,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=6848,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=7908,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:7492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=5512,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=4800,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=4736,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:7388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=8416,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=6376,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=7056,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=6556,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6536,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=8304,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6636,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=7436,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6360,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6624,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7744,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:7456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=7284,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=1484,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=4644,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=6612,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5236,i,13962669129137750002,14359091391159654791,262144 --variations-seed-version=20240926-050110.326000 --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5152

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7364

C:\Users\Admin\Downloads\Steamsetup.exe
"C:\Users\Admin\Downloads\Steamsetup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6008
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "SteamSetUp" /tr '"C:\Users\Admin\AppData\Roaming\SteamSetUp.exe"' & exit
  2⤵
  PID:6852
- - C:\Windows\system32\schtasks.exe
    schtasks /create /f /sc onlogon /rl highest /tn "SteamSetUp" /tr '"C:\Users\Admin\AppData\Roaming\SteamSetUp.exe"'
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp912C.tmp.bat""
  2⤵
  PID:3544
- - C:\Windows\system32\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:5712
- - C:\Users\Admin\AppData\Roaming\SteamSetUp.exe
    "C:\Users\Admin\AppData\Roaming\SteamSetUp.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2428
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "SteamSetUp" /tr '"C:\Users\Admin\AppData\Local\Temp\SteamSetUp.exe"' & exit
      4⤵
      PID:7728
    - - C:\Windows\system32\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "SteamSetUp" /tr '"C:\Users\Admin\AppData\Local\Temp\SteamSetUp.exe"'
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
963KB

MD5
004d7851f74f86704152ecaaa147f0ce

SHA1
45a9765c26eb0b1372cb711120d90b5f111123b3

SHA256
028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

SHA512
16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
692KB

MD5
4159ff3f09b72e504e25a5f3c7ed3a5b

SHA1
b79ab2c83803e1d6da1dcd902f41e45d6cd26346

SHA256
0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101

SHA512
48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

Filesize
8KB

MD5
907ac2a625366e05f37042def78d06f6

SHA1
b83874196435ae27f8e202dbed06ceb38b62effb

SHA256
55f2f1753d0193dda46e96b40ee1a6d16e3ace31857be0e4dd81f13e25899575

SHA512
9d1dd5fb8c0678bfefa776bd8e44b0b954af590601341a71b74d5da0be73602fd2c724c59bed22af220bcbe3ccfab8602c19ae3e0cfc99f16964eeed0f84b2e7

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk

Filesize
783B

MD5
69ac977689f4b6c63892d7eb074240ed

SHA1
81491a37c4e37a976c0c035d05a02a143726eb87

SHA256
f1a0b41344c753fcaf3de6d6102b2811bc86207eaf030fc18fc8f22f329f2dad

SHA512
c81baf0dbc444d93750da8ffffc40e1a1bfd0b8804beb36c1726b51b12fb1802d2b823012cae0d93cfa7cc1a9da206b38a6a934e87e55395e6866e6bb2e8f791

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk

Filesize
788B

MD5
f588f53447d66811538a632a1bb3d2c9

SHA1
c563ce1646a681e4f07a622cc93f2501fbc7a82a

SHA256
4ef8b1fe7963a58da9450301d37032638ab0a34a2cb7dc4cc32befa6e9562ccb

SHA512
18c189b262f95784438bc0f6fd98fd4a4ccc70e63a112b144477b34518f9b273df75c5905e4d2aa76baea00413a4e980e84aaf9fed2ff0987ccf67342113ba1e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
355a34426afd246dae98ee75b90b79c2

SHA1
3011156636ac09b2665b8521d662f391c906e912

SHA256
f073bb41e3fb1650fdaa5ab3a2fe7f3db91f53b9457d65d58eb29bcc853d58e0

SHA512
e848fd8ff071e49f584c9cf27c4c6b3bddc522e18ce636fce5802fcc1da8c36c90d331ae5097b60e795f0f967141b2c4293d39632e10334cba3fdc0f9cd1bc34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ad5cebf793319bc804af8f9842455e2d

SHA1
a0cc7c1c0a496d4635708d0d1191b7f7f71413b8

SHA256
2e0a42ad60185d9a357520ea6f8fe7c25cd966624bbd485a5b9c020a4ddeec6f

SHA512
02eea5d02b2dace72efa05da7fb95d509af515402ec9b3f6e207086aca4b2b2c23334fa095f04f829dd42c0e5758f229c2eef41e520e89cf916dfeba84a32ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000091

Filesize
32KB

MD5
f0bf373c3141da2b32a3eab846d9ec27

SHA1
422196daae08881c61d2d97ebc57a30a57ee1655

SHA256
3ddffa5122847889b7d9d8928ffa1908c33a3a3a6d838afef3732c718fbbd1b7

SHA512
ba9558d040f06e3aa65e95f79ff36d0e421027abef7787ee75f4adf0e2315ed1bf8fda41038a2e247d0b5306c3dfa1a30123e094682f0fa2bc6770b6f9cd7d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092

Filesize
149KB

MD5
a0e354237300e20f8a2ed723cea44e5c

SHA1
3b52e6a06189252563e4a79b1e80d777c8fb0ef7

SHA256
64ef8d0fdcb67c8d1a2b0083f891f0a5f331167d3996d870730b6b21d6041f61

SHA512
3e672ec98b6993427037c7a03cef0577c21b0887c8d9cb77b93b3c339cab0697ab6c39397c039431f6f47cf2c152a2c4547e90a6513ca5319c01d451ce7f0144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

Filesize
79KB

MD5
ed868903051d53f0148da0ceedfe3db6

SHA1
e90817348c5cfaace36fd62de50a719baf2534cb

SHA256
c8a3ea2a774ca13485a4cebf3694294e190f132a3bb5cc5c54a77617d1a01a19

SHA512
457b275ebdd0779f7bda8fb294aa158262a8a8881425361a17ca481666b8a53d437803140e975d64206291432e51be969afcfbfd434b0321efbdde0affe430e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
162KB

MD5
3bf57fb0aa5e909d19a6a630d0328303

SHA1
a00b0d5073a43aad214912215c7c08cc341100fb

SHA256
201a83bdc5de91f5dbc940fc1b31b605307082478b64beac36056b8c5675212c

SHA512
0f9013bb27380ef170d7153d47e0e5106ce4790aa18fd08e30426ff32cd712953602dddfe268924d1cb5c25f7185fe15756b803f028ae88e4ab3059b691e7117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
20KB

MD5
70f8010d81b8dc3a58f470baf1067e5c

SHA1
e6f3f880ec4d78afecc0c4a06645b4a720f8a3f5

SHA256
1f8a03357850ab190e17564008e5586dedcdcb90fa011f81f768f605453b6b52

SHA512
8bef31ed34c2310cc16e4ee397bd4b38b8b1f76f2b003244175e230bfffe55a6b0f399e7a865bd20ab29e8bee85a5e0358204dc61ad31458ee1098d3fcb028cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ca4572f3dbd7a1a_0

Filesize
254B

MD5
5c645118cd3a068b9f02ab87806ba68e

SHA1
a6515f5134c866d6b1392abbe93f86584843d674

SHA256
5b371f41f4cca91cb728133b8e8077bb806c6e04bb4e993e5a4b3c80da0db111

SHA512
020034e632d0cc775375dfdacb82d70c562def7857985ac20f47759050e11d664043371ce6386471394888964508ebe6e37ab5eb270ed9dcf1ad05c3f6b0ffdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e1544d37e9ddb56_0

Filesize
303B

MD5
1833b37a71c36b03d1ae5b44adf9260b

SHA1
a5544883eeb992fccf398cd335d0eb630076c17d

SHA256
9dd3fad1984d1268e34ceb7d1354e5c947a74bcf2c4cfed5914a0353d45c11c3

SHA512
7013f572f4d988b888c7b3724ce1241c0fac95d5879e2f7e50b0007c371f35c5fbaf0705f758b179e7a5ba51a27f3c5320e54a7ca575f04beed149c3f857eb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4766139a931b4b06_0

Filesize
166KB

MD5
5a5c876711e6859b68950825fb7e2178

SHA1
31bbaeb5db861bfeac4dde3071ce32a55a31e290

SHA256
b4ef92b4e700027abb1817383ff5037480f05ff094a8fd0686e0af5a6f600917

SHA512
0c2f7285bebe794a6fe6ac4aef98fca6dda18020cc9492ba65af2298ef80b833c178a36a0e31e7b02e6735edc7bc6303130c0882059a7388f36bd34e3a036421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6802a13e3743d1ac_0

Filesize
55KB

MD5
ac42dc3b61519f7ab37bb6addc0bbe59

SHA1
a69de6f52e0e372634910e91620047920e14d1ab

SHA256
c19a0bea1b230d2848e3c95a521cd70140e1d109d8069d246003778f9e82f66e

SHA512
92e0285b8c59d8c61ee3c54a0d849ffd31f81cc9da89f9ef9dd95b9ac8f7773bf721ed13c697acb49c672ddcb6fd9dc863c273fe3440b4252ca1b9944e299744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70686552d57f525e_0

Filesize
291B

MD5
ac5bbdbfcbefa364cbcec2105ebf6af7

SHA1
cf0ccf5bfbaeb97213b5cbae424550dae840f551

SHA256
2cc7f477da838fdf1040dbe7190eb6ab88c0df015b524d0aee4197020c2b5f73

SHA512
22384df73324ee1e59c32be82871810d60ae8b7691453170d08894aa35242281106e8dd50e93bc0643c5e6a7eed9992c648f2cb67d95caf262477b854625ace4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82c5fe379c211853_0

Filesize
728KB

MD5
15664224c4de74c864444a0650f7e91f

SHA1
b8448557410c533a07546b33fb2db0f6c974f350

SHA256
54ae10bd99af18d00765f20262f7a2c60488a8c02b2f02f4f2ed911b63134a3d

SHA512
8ce004e7b5ed698ed054d2733728285822d9776e2b98f419ee44e2887116c5d428bac08e400c3030573e8152893d43097dfe1bfde4f922ed083b571331c0bee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
6013e2bfe39969593db2f844f93aef2a

SHA1
fa886f70b8bda811dde772ee1353eff035fe9e92

SHA256
5304ae043468eddc7d1595f29cce9214f194c39d7558d9ec45222a410fa192d5

SHA512
4593a9f45bc6729265033376b4c2cd2d3572f9d3feb0c62857056e425e23d492efecaf1f821cf6fd308d9ebbd74121e1ebadfa1377c3ea9b39a2de2784dc7b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
63a5c315792634b22533cca4fe2ded4b

SHA1
ff0985ba95993aa6adcfb5e6ea1f28b8abc8086b

SHA256
53053fca1638249ec4e9fec71e66c9b06b20f880a04d35b3ca3444fa02ae2c86

SHA512
b468e4b90e5f309172605d661b9c398388dc5665fc140931135068878d1db91cd236100fe8543e8400094a1d9deb76675be4c47ed06310f8b02ed01441b95845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9385092cb753e33016fd2490bd8f1a3c

SHA1
f6f1170493e8c98cdefc4aa97d46c7bac3b07f09

SHA256
f9cb5572deba6d2453017cda454a2d5f68b1324be4f6cb2de5c778dd257aa003

SHA512
5897c716f4a8e59d9d6545bae3de6a5889683984bcc408b75bc863ce15cdb851cbf1b4936e594f32ed80c5ed47c8e8f68f0fafe7e59d97c920c88455bf3d97be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e35351b13c54d3e9e936259eca1da5d7

SHA1
2347488efd9e4f701b32f06921f46688614372a7

SHA256
550409cce40db5edceffa8f6e54a3f16ad8ad3e97405076e238210b2f6f9fac4

SHA512
2e9278029977e0aee25034b83da6548f659d0f921eb36ecfb7727b243f57696ac38dc00402c1196c512f2cd446c5f400b42692f1ebd66dd1bb9a087be19bba61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
0b728cde706fa05afe90cd7feae20f69

SHA1
65f12689505eccec18f0d3fbf19f449ae56bbabf

SHA256
514dd40ab0985216e52dacc3405d95a6b4aea6f169781413e6dccbe2139b35ce

SHA512
e1af270c4189b4649e983c81bafb47f61c463771b359fe54800b289a304ebad0ba97b790674aa179e91b2411fd97b33f50f66e3df385929262789a75e21dfa22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
976c4abaa8efd458e09e276edaa62c72

SHA1
f900a1618607946bea6219dfc8d9f7115ddd0e03

SHA256
ec86a476aca89ef7a7124afcd5393ecd4bb9c58d0d673a1ffabf935cc77d0db6

SHA512
dc1c45d60b99206c771e63e03a18e382e02c0e5634beb45342d08fa4ffb0e70c4070597b695522348e8f57e18a8fa6da0b3c4e4b3026b06738a97aa081735db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
63KB

MD5
9c749af638c0e833ae2c754f9e3fa1b7

SHA1
6b090738da3cdcad052bce08fdf49564616ecfc2

SHA256
253ef3fd9143f2b2113ebff3055f12012424a19fdc59d0724477703e8090d5dd

SHA512
7b91b11edddf0f1dc17b9f4e1b11b14036a1414d36b8f84d7e5754b7fca1357020fdf13cce9e36515fb3eec83f036594a768388417714d53710458deeeda8418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
340fb942b2989c41f616e633d100da8d

SHA1
5836f0dea31b5929ca151c42f53c72771091620b

SHA256
b991a42b3a4e9e093b53a43d2959a6aabba5f0c30897357dc0689bf61905aace

SHA512
81a0ba94e20555ddee0e17473030b72fa5cbef90377a9000830b44a06a38da82871e1c133671c07964ce6e2a02b45cd4d043e9d9e9593389a5c765e8ab696999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
71KB

MD5
41ccf4f55c1532ff5b561f1bde59bfba

SHA1
df14be05fb7e492817712b60525cb1c4d564fb3a

SHA256
2bc3520454987c10640eb0cbe519b652205b3de0faa527e55054ca3b190dc63a

SHA512
3f3c5aa3916a6e35f586a24ace9e551dfca1708093c141beb215d03d61f7a5a7a29d27477981b154f154420e4da71fb7cc6520dae7b58043569c24625fde749a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
66KB

MD5
2770c4d39e2da7a092a8c862b99b50e2

SHA1
632c29ec262d3547e07ce60048c7d739869a1079

SHA256
b9e7e9fed2fcdc156ea43cbbfc852dc05c72412248ab720ac09a639256074b13

SHA512
49deaa6028be77121be6d9f02c2290c83994adbeba1e407fb23a67ee89829c02a6e5f9fe0d518234d88c12827187d3279875b6574e7c21b6a7b02dada12d6f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a0cc411a66f5ee79675fd4f6fbcef520

SHA1
6b482412b8f672e4bfbe7ced58a16e834a9f5a9a

SHA256
60c0be388c74d40c3527369a8d4cca3da479fa16c7c36dbc67e67857a29aae19

SHA512
9fde5088ef126770bf30a2d7b9fadbc0104e8a0bf39924d6fe44930d6ae32c32068ff96007eb7845654061a7df97b7cc8e3e8ccc25bb4940c8f3fde0027ab4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
72KB

MD5
2dec026b6aad6a80891371cb6958f4ed

SHA1
07b8b24cf9a8260bfe65099aae55bb39491534c1

SHA256
5ae29e3e6d1d7c6bcd12059e7a93a0d8cf046def3b810fe8a2495c90bc353387

SHA512
8afb931159be4c8f8f4b93f5ab1f473b31b6702ee266d88ad7ac8ea6866599287cf95f69ccdcd6ce79a18b6e6af9baa49d61d9786389a460b9eb4ee4c65ffe67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
72KB

MD5
1d51fc76993e03c4eda67bb46c686763

SHA1
457061a409d5b48e13c4934fa0b151234d49ac16

SHA256
90777b67f861b2221bf2ca22e501348a688210d9522a4c3f585d3930344c0b8b

SHA512
723927ac1b7d8dfa9646aede9869fdb4dc6f4759fdd00ba522ab2387033a3f420409dc6d04742be92fe02d7a08fdcb70be94405a2c895a553c709fa1241551bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02a07adc2e2202343a525b90ca3067cb

SHA1
224838bd61825f6cf7fe134e183efda6516eeb90

SHA256
adc3cba4fb7e03cd4f1451618bfad3e4de40264d9e2ba092ff39bd962fe5da71

SHA512
51e84358457770ad4d7cdaf066f19d73f3241e5c4a8cbb6daf542b8b7e65948dd4d0c7efe69e2591f2ad6e292e40523fa60eb016bf3f8baa8641f591c1ca2a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
358ed33ac6bca32ce1d414bceaa71fc7

SHA1
5b946b9d4eef44b8574aab6f32206ed306711e63

SHA256
836803311a8eff3757f8223b2d2767100de4ae36c56477a878508c2c537c8e1a

SHA512
63cfa3d79a38771392eea1fb40ed8ad437db673719381db545a7db1c02326cd6eb4857852977be5b17df62ac7db4368af1ade1189320a94bc73786b7306889b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5f06d33505bec5f7c3ade230a53ade33

SHA1
267541c69bd67395145786496bca429f70d0eefa

SHA256
9a1fbc7b9ad314b675b7df62334389e5e6694a942e018ff15b933d58bf7fce00

SHA512
a4d242c3c9f432d9d0518f856a25752347d306b07fd023a880086fd1ccd097302441ee863f888b191272ab749969880e4fe66a716a4da08ce8c78c9e63b6b66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
3dce424c9ec986536d4b0b4f9538b663

SHA1
433e20525539a854151358a5d7ac978bfbf2eada

SHA256
9251555d0fa6b386c49b8219d3073d82a9efdb9812a7b2cd3ddcaa08385de99e

SHA512
8759293122a14f432e3971677c16abfd3946d078df7f7e3276653c6d85207cad6edd1b85a998035e81ec6b82a68866bfac1aedf6237def002ec3b3fed846a0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
1f1fe2923caf3c6e8e75e8dadb1accf8

SHA1
5c92ba2929c494a653551fe58350dc9d98c119ab

SHA256
3e72f72f27fdacd243d5b13e9956ab4473a21b19c35f9487a849cb180119e410

SHA512
a3fc58a212a11f07669e7811b76b765894e660146c672515fba27a3ebb70aebcc739aa5e4c89462462a6dfbe0363797218c2e3a3ced3f69ff70b218ac8503f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
06d11f170aecc616d8b39dc0f40fa346

SHA1
0db6d781a8ae5d150f5ecee93e399dd0da0d188d

SHA256
dc7e44d237f8dddfebf567802f9bc760f0799994765585511cf001fa5b490f31

SHA512
f55df1579f1c0a3de08bfd7eebbbe71f193c720ae320ab71424f02ef4a19c795c0ccbd002637e605979d32084db59645b7f0d3f46fa920893b2648bee17a3e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
acac527fbf2024f475efd9197fdfad4b

SHA1
95a1f49a548b09565caf3818999a9c2780f98408

SHA256
e3165ac0897eda56e615213fb5e01f41b0496b5eb55b1ffdd82eabb99a48b389

SHA512
ecaf1ed6b91e2eec3c14a619fb860e5a56620f2a0296393349474a89b3b5c7b60e1d99c8b9b42b97487f145b5483402221bcec876c9f9be1cc71e6de8a44bd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
dda9aebac4a055faa8ecc5cb1b8ca31e

SHA1
2ce8a094acc7120f41000a07f3f73db1d719a832

SHA256
0ead68415c13d7c9e33c272ab3835ec4d66216efe9b5a52dae3cb3712f0afcff

SHA512
de605a55a05453a68a69b836c5ce925ebe088aba4a2774d8ad070beb25c20286834722120060a348f4381d59773ef5b493a50befc1c9bcce7c4a1bca0fd42ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6329b8057a8d4e52f49549757adb5015

SHA1
e58cce85e83965e22289ba36505f8855c16de7c9

SHA256
863564ff2da57309e0a9cff3d0113b1182eaa8128618db38731b7d3b1ecdfcc6

SHA512
24940ed06c1971b1eb0fb6ece577554ccf39b19078efbfb39aca200fd672fa47c47f3b9e672a46b619672b01342a996cdf1cfe829cbe1c029ef3c596b966f039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
fcfd2d47ee75111c283166291fd25af3

SHA1
767c41999fffbb5a53e18ebc0f6087245d150833

SHA256
d93725ab2bc0fb326d20eab868293faf3ca3edaf5f55386c43e28b26cddd8009

SHA512
47e2e15b6d06f48df374459718fec0446fe6d362c7e6890afcd080cfd83eb39d5cacea6b935da6f05528904ae20ddcccab6b6ab9d11c48e4fe3b848c24d36460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d62d669b9cf8c14531527776dd71b3ff

SHA1
b014d94d1e92a2cd3daa5c19414c29c226e3bfd5

SHA256
9e38c300ce8498c546376b9e6d1e0b5118c99d5bc16d654f173aabd4075b65af

SHA512
a1e1d7ec4e8d761d40d336e426c26b9dc09352b70d25e3d02d4ed02afc804d04554e4357c429432984942ab17a689a5525cd3601af976050a6db36ea253010c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
4d6bfa7a2527b4714f5cdbc1ec23e24d

SHA1
4e0883ac43e72c771d1e83987d3586e6b3993598

SHA256
60f4da36c4cbbacc2a94ba223dee4935fcd37571e2e20c3ae6cd6c500e987f00

SHA512
efed9b2431d988f2332e2d278ec1eaed540fe9a25217cecadaf11a62eb1131e061f3a87ede8f51535063d555e06b99545bdf93c5ed1d5ba76838ecb3a3e9b94c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
858260d9d4d38b0359ec46c06207f6c7

SHA1
5f2621e69097daf9bdb88383244ebc21c66b94ec

SHA256
93b349b49b3009b4036ffb3cb324d0c6d9bbfbdf7312ff7900635300e2f84dd1

SHA512
fafec9909b233524ba0532a9bfd179110b07a77aed09de51dc6eab382c0381371030590cdd01ad3b2ae7be8f848593473531816ad771a7e20d474b8d0726c455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
bc0b370f5fc73dacfedfb9ff0a487cdf

SHA1
154826ff593bd2d7f25067227c1f2a1de76703b9

SHA256
e345b717a205c9d2a13c4e939b3ec032db1b133f3e5d3dc48ca9a5735d23d1ee

SHA512
b747761134c7618f5cd65d6715e3412ac7f472778ae6ab7882206a607c93edce574bfed80288c5721a0993e5340fafa6b467708b096ee58a0f1099fa9028ce96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
167e7a58246d68a3515c4905d3aac917

SHA1
135e4060cd28bc5afe3dbb7ca87ab7dfe183c0ed

SHA256
1c89c75f0df48cec7883a45bc54055046d78eff25759c90daef45a6a46fcab50

SHA512
91c1c77b75732e29209b920fe1c69774088a47174ac36d228dee94c8fceaed0cda899b777ba88ef8d5a3eac1446aacea603d69e49e5d8e96b589c881db46f154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f33812665bda9ba652c35fd2d59084aa

SHA1
eab165cc92c4cc38d757b0dcce95c3b1907884fe

SHA256
ca49a0410c63f89bb1beacfe8c56a845b70a4337ebec245a673cf49a7c162095

SHA512
ce17fced6bea0496cdac690d794ee2ed22650246c48b6110bbe22228cbae1bc6cc04d8c3606c0786253b551b46fcb08d6b288ddaa413d2aaa49f21e5fa074314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b19960d16e124e4e3084d53ad9266793

SHA1
8f2098ee34fb4c80b6dae803ff6a0ffa31f55509

SHA256
33890968067ede7066604128ce07aa71a5c44c2e7253c803355808f8f4847ad8

SHA512
343edd7998b6edd8fd280547f92b1a86eeb85b253e82be134694aabcdca4ecc29145f8fc9a5f541a09bea9cf1bf79c66064777ca1fa1245ea366486b69ccd1a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a6e061346d2f04fc60cfc976c82c2809

SHA1
6cb1625e266af5d59acf790ef5c62b27b7bef7b5

SHA256
17aea4b4d8692ca7087ebf41ed218df1922bb828c1fa35c18bda5823300d0695

SHA512
c13468c871fec782ce0769458b17ffc2ead8d9a0ff4ba6220f6e07b654e5805b37accab5bc97d08f3ac44605525680a4da9ab5cc535119d98f7f18eb5555b0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bb6272f3664eb31ddc30832397cd46db

SHA1
27c8a110d46eb554f3012dafe48f91c977190cad

SHA256
da5b4783893a7c02ece0c811dc0f8addf4f6df77142b45eb8721dfdd8a992d71

SHA512
5f7d4c03bc240f604d79b09c213eafed62b939491fd085fd497b67e6fb22dcfafc34ea24d1baf23d4bffe3f1409cdc1730f55f997a81d6b519279bbbc9c86d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
44ae0f7b32027cda6875536f8d04324c

SHA1
e0fb24e5aa7949587095c448fab5d800613e5865

SHA256
31639b624b6213919802eb6646cbd72174ab280f7bd3c0201b880fa14927263c

SHA512
0d707b79bb75de2e2792800d7b00ad09b3f37d96e7394142633e3be17de241adfb3c49aab5fdf3bd37d9e880b4ddcaf3b43afa763bf0ee7b2e541ac28682e4e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8151fc589d65cf490e3f13817b8df42

SHA1
f55d41164d6e6df3a77d0c4771caddd755811c03

SHA256
f1f0d400bf5b2739005e9e1ee803f26a59eb3d015e4af786a671812d15691122

SHA512
e506bab591cbce67771d501bc8d693afa4e0d8d8c6b6df13a69e60efa9d7585dedb3a4f613b1474de6559b13f0a2eccf5f60a2f00f1ba7ce3043517082e13655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
574dd5f01319be7646f04ab4d69d42b5

SHA1
bc65245c688c8799abe952e56151bbc30ae7b351

SHA256
5222aeef4411e616a603ac307ef91944dc771d38625245416e5ec8f078a579f6

SHA512
391be14df9f5c5ac940876938f01e88d0200f121313de66d32bc23315113fc44dbbb6ae68311675b7e064aec11d2b5888cb34f756b4bd791c8395ecc50df57ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af413ea0d4f1f020869410a2d7f49d78

SHA1
f1cbe0b244fb1c4496a7d3ba179b6ff1bc1735ae

SHA256
150bf4744ee1a0405377cdab28d60122df5bbf07692ee3fea3942521af6efea9

SHA512
3954f69e7e593e159a3a297d2098e28cfda32fe74dd834dade460163cc66f9d745d20baf12ab22fe101bc3c30f2d372166278e1a19129527c95f08e2c03de8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7437ac1878485a7be7e26f1c563a662d

SHA1
bc67d6d1644efdee31bbbd88f794d4818627c91a

SHA256
dfe16872829be4b712115e665ab851ea4bb6a6cf4c01139f4aa8d5c92db0a550

SHA512
e6e089fa9bd848e9166419d56d25a6fc6d2b459e246253c46450e076793f50e8171c09f59fe8563d55f062a2ed3e198c71ebc682af8859c898f71b05dd57a4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
636c2b5d1b139f8a903686ea1bce9049

SHA1
07e868d0e059823cc5b40bdd6a2d7d4e880e42d1

SHA256
d9bc33f92f6d96a159f311821b8e5ea72922ac2202062a3ddfd3c41cf10cc4b2

SHA512
2663da277b53b65581e55388d9dec5e8fe8ee9bce3374f7582685c6973a0a69cf72bbc2be999f56ba515fba70dddad570d3f9daee5212f9eeb66aa02da76a1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
43a0aa6da49c7f19b4a88a709a3d641a

SHA1
ff92ccac943c1667ca730002f0652d61cbe45cf0

SHA256
65139ef963ab1de3f29b3815f29adc43aa320d4fc0b1b01bde2ac22294e966a7

SHA512
8f8cd953041fdd3412ec60862f1be85f642e911399bd985ae51d46d7092736343a04b69644aaa16ade64e4ae6f86a18ce07157e681780e09b5e31a634b1e4c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ce6e03781548df09d0307991d07ee40

SHA1
678eb0d51bb7c564aaf7e24b7a4d1efcad4c6ee4

SHA256
f992cc8f8f38d83052297eb98519b59d3ca8e0f9cd2341e8edea3637083b5788

SHA512
07c74e040322c0f0a961102fe9fabac9739e7ee828c2e06accde3dda4e1a8f859555330d51206a50dbf79cc9195e568fa0941014d9b0c4d4ea952e82965b5b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29c8d1f379ee42001082a4886b51f0c9

SHA1
46faa113e74649020b2cd57dad55e4dad0280704

SHA256
79a3a79277a4bff00654c9dc8a0d1fe27e9d1f21b1d6c0271b08066b0c39ae49

SHA512
dfccf5248da703cb48abd6274cfcef921a11a6b8dfdb0c27c6ba2aa636f79b28c3b1e0f22adcd13289be76b2a4ba20de815226af8433eb8710e6830004c5f6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2e85ffca0c21b66d2d9d8680d012871f

SHA1
82512ff46cab9d8f54a219174ecdcf2b74add05b

SHA256
c15aa7db13fbeb422e47a0de33c5825ea42d2065611668b11e7d961d3e48530d

SHA512
d7c87bb6649f574859b4bacfd370b60fb944a30bbd6b8876f0452c81faff24fb5f52f514877abdcc87fc256e88645fea81279a955ebd2349d79485f68c31e895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9bfa06fa4f524747bfd0ccbc57d1045

SHA1
396bf21e305a0883326b78796d409fae19ad48aa

SHA256
2dcde62f7b6e7512c959425466fce09374aa035411f963c0236b7772e09f82e9

SHA512
02071c1068233969a3f1e8935856494e5a6909347f0d66523349ecde30fa9789aad13f87f72e7350bc95c66c59ead54b3856a9b0bf1b65fbe37efc4edc6d4c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fcabcbf2310a4a99fb17c65ad6ea964d

SHA1
893519d7df6f920dfc072c2b95126bf586892971

SHA256
2795ac39abbf39d52f4ea4ccf8874ed02dfe814d6f1a5ab0d05addec0ab1cae9

SHA512
3179b8b8866170b52960a86acab703b2536d2ce7283225548b039e9050a65838ea311e07ecf28ca4c51c67f6d78e0574fea515680f922b754258d14ddc0684c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c9aa835dc8134c9a5d1c61e322eb3344

SHA1
f5030470f71119651a39e819da13a7388432bcbc

SHA256
fd4a1f11cdb9ea1d7c817b1b945a4e592fd79b00c5cebdc583a776fd72086400

SHA512
811e6597f726deacb942d0a8b265ec6bbdd14fb937b3b90e7032affd75562ec8a45cc2d5a5469dc295cbfef1645179caa22070febb24f2ff16b09be1d02091a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d426bb2463a4d08b3869ac251fccab0

SHA1
0933ba796c70913ebb7b85c5157513d374a64c22

SHA256
b049617f638411de3a4381ff0bd689de786b928fb47bd52c45682e9cb865b0f7

SHA512
465bfdf00ac552ee210f831602b93f6394dce1e541331278acee51de27661cfb87ed43d27f08d963b9e909135df4223dc272444497a60b5dcd75b8d6579f342b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
020475d9113a290622554ab4a47ced64

SHA1
0285c91c4258387480995bb75db65b11943367bf

SHA256
8e91ae8d3272efb4791ed658c78d0e6115ba883f24563cfd777c54003a2ae87c

SHA512
79e1feda1fb5b3e03d3932c865aaaaa6232b6a0cd287f56cdaf356ed1483fab48e519cfd56420cd876a0a4dd1eeb16e1c50200da94a15eb426a8ffafb06c44aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0b628eabadd5998a43adda74fad8b1e5

SHA1
088081b152e2fbfde56352a3328ed3eab9539121

SHA256
d03740c2887429507ac666e92b3aa2adbff0d0393c45e85a60ba98ac4b54692d

SHA512
9509575f7cdce466f1ad9ad9e629a7fb2595bd2f3ad23270d261bc82e292641042ca27ab6c40acbf0e9b3e9ba182b22dfa64e4d41905af5eb0d43bc7415c0cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7fa5d05d70ba7ba0fed57982c1b4e5e5

SHA1
af611f204f9e0c0c44ff1786ce73884d93393fb7

SHA256
88067726f07329a538f2d9f2afb391b29313b146b08c3d9f850fb5b12d2d9cf9

SHA512
1d88b8d3c0ccb01054757add2cd60684035780a3695e04833b0c7a5e85decfa4c2dbf5f753cd793a6ac9957a718095a54172b9ffad17f910a8585105e34b8be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28307f03d4d13f1b9a84a71b1f297d09

SHA1
28d63fd4a1573fce58d0ab4075dc7e503495c819

SHA256
ea280b55bed76791ed8dcc2e418c0917eac2364dbcaceddfa4a308a7719b87b7

SHA512
80aa1e5e75da66ac0c53482b4da7ec09f4dca954e276e4f3eaa4ea64a9269d13be8ebd4e78d7f95a1e923b12d174c7211b3c579b3b6e6207792dd66c7141d3a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
075faaa3d4d1d5fae3f6702ca2ce5e0d

SHA1
4878a75fcc64234092c00261738a4cf57667fad1

SHA256
dbe09f6998874f4796dcca4158c979961fabee6d0d519a45c52f64bac868d0c2

SHA512
6dc4677aef4cc0e05f74398fb1b312ce3838adfdaaf480eb3a1f9e86e2103b7450bde212cad39d8c427e81761fc150a91af0459d0053aef8695200525aed47d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6ce453ebb4f7a6b061ae47cc46a3e82

SHA1
b20a317fdda57eea50b7824000f401e17b552982

SHA256
0e12a89ebc2211b298818db65c875768b204eb1b279220179eee5b3450cc03d1

SHA512
e40e8bb4bc7e9335f895320288f8fc6e21802db65ecb55749430739f8f4f1c172e72468b78b78421146a2315e8364c0f8b6eaf3f6ce6d4e4cb7c7ff7265468bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb6e876bac0336fb60c2e4f253cba5a2

SHA1
472a1fc0df232af1759e9dcb4a249299f1be4840

SHA256
08a2800e0cb6fb2542d9543b23c99d15d7f0592ab15c5cdd9e73ed5085ad0fc4

SHA512
d04ba71a69c945cf9bd7066f9bf9389fd310957342aa8c74540ea3b1f2c283c4d46b28dc6b6401ee79ccc2dc6816befc03af6c6b87268134eff969c62d7f9ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7dc02ec4892d9833c6a82763ab89a5ba

SHA1
6c5b0936f58a543e2ec965ad42e7c152d19c5bd2

SHA256
b35cf7d26c17f41559a43875529634c8df0acadc9670c3f7386c98cb4aaf9fcd

SHA512
be9f67e7323d121d065a65f00d9ef34caa1fd350e997c36b9261bfbdfb0b819418203869c6ea1c1f3a2a95fa3ef9a3a4666ba7a6d6e4856c5e9d0664996289cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4695cf1c95ed92802cc492659051e68b

SHA1
fd7d6a638a6a59d9eca1e3b35a150e8c4d856c1c

SHA256
eb8067ccd630dc423426b66aceabdf1ed4db114490080cf2950185231fd30ab1

SHA512
485369adf5b8a5ff58f6d39080f0472c87a02acdda2af613b319fdf7374a255a3d5a22db14c09dfc48e40199bda981a232da282c65fa829a49def0cc7be1b7aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7332aae21319893a504f34c29097ee6b

SHA1
869920e4c1122d601bb3e1e32d8cb766a671235a

SHA256
32ee1a5e51f09b3b16164736532742aedd68ee76d00f873cb0e753e679aa9c48

SHA512
d8d88fa6b547cf43a294cd0f75b8b2da90740341cd0847bf9bab5eca5c52bb392e32e6324cda4f3a1a4be421ed0f581bb83f0f8aeefa7699d7ed5404e43f0d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d9b807ac919f429893b3c53b9217146e

SHA1
e420ea11cce0f31fa1474c6abb80b12e3ec40e8d

SHA256
df91129c32ada205545a2eb76158ef0e57f6bf10f028ed3b0d09b57ce4045430

SHA512
0c2e9fdd8335ef15aa94aba4736825e7d23c321822a84a0ff485f1d7fecf32a856597a40fe2ea567b45b1006dc937916d2824fa1f257bad1164e88058f7a3976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b8f1a68e84a6f8a9801a51dbb64305b4

SHA1
3d6b8bff858c2372395768c2b7b667246608ea7a

SHA256
92e25176bcca497d5324ea8bf420c5b9b7be77ad4fb9671acf51f94a3467b69f

SHA512
315012c5092ea2e1a6222dbec9e132165f3f596c9f4f8bf3adfe8dd499113cae358def7ef5d9977ebd9ab8e848c703517e46ce0234a005e6d2d4954312a1e17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d4e03107cd7a6b0ee709a99ef6ffa5d9

SHA1
27f81426843041898d274ef24d2a7a6db3576528

SHA256
1d4d195e2f583c155b026589319ef2ee196a88d6c6345e0ecca6a5f54dbc4f4b

SHA512
c577acaa96fc33c7a8c4b5e4ca2d7689e13e7526b7c59ebb43d6a9539d8ff11eb83640216aaf1df4ef83c5eb226ff05c92cf4f5d62486aee456a01696fbc7855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
237e13fc4e37df31e6a3a167018edb61

SHA1
aa9333a30e8cb48b551533b71ca3f850bc731d9f

SHA256
0077c0d1e41553e9e750c97e5ae75fb6810ee7ece0d3a3b88f92befca630c703

SHA512
f8d654d035508441539533e95148d4c3bb766db4eec64cc765fdd0a5aff67a03db5a9b89a0a6fd7360ddc2148f82233eda75fc76a5e26fde1a0fc17f6a00f859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
e904f6d67cc5bdba6d4e16242102f5a5

SHA1
3b5ce64b6e5f47f93da86f29148b542c31a6c0cf

SHA256
616beaf8002f569c2ad742df2c549d17450a79c94da84a4b7953153a33aa621a

SHA512
fbe3e5253c900e71421c15108fd85c151f60cdea9b8dfb532120793e04d6f89399a7b8da6f3ee9485141ef3d230a4728cf6bdbbbe3ee6192a7b2189c4a29021e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
46cb7641be727eb4f17aff2342ae9017

SHA1
683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d

SHA256
944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e

SHA512
dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe66c2ba.TMP

Filesize
140B

MD5
943a55bba4011bed79afa4cf202776fa

SHA1
662f610c204244c0024a7f166a8fcde1eb88b1e8

SHA256
350940dbecd9a5a58ab657f3c12e6e757c0ec6ac0d8cff9d44228e9dbc6ea854

SHA512
80af210bd32154b31bc338be64d275005fa8422f9c4bdddf48881ec3f9d0ac53fe3786e55a4a6371608b1e3b66f1d820edd4a629a40794700a7701d496cab6cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0763c31-8dbd-47d5-aacc-e3db79eeac1e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
21e012a49e9bba93c6d11cfa4c0711f1

SHA1
ae1ea3be909e263c59d24eee05fa49ca13e6bbbd

SHA256
e7e15075b674027490b3b915f38e93ad75b2f4b9f140c28a7c70d7e2600b90c3

SHA512
0168e896ae91f874ab7e31b2717f6fb9c872b38304c867fde81cf5187bdabafbea469edd467ebb2f505fb3424d40f96e39521fafd2d94d44fbd6b4debb96ee33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c18fcb7887032681eb47b7a83e6ef809

SHA1
9c5cd5118f82d32fcca499307f9eeb23979342fa

SHA256
b8520dc153be7026a5084d927a3da8068f49c9c4a36e09e89c59722beeee3622

SHA512
68ae4fabfae32e2d585cfa4a02955b280b8631bb73be295f7dca8941bed6335d237a41887f00a14351b835c47e4fe3856d1899eb064092b9e72d4c622d5c520c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a777ec8ec54e9ab270cdea6b937dbc22

SHA1
77092c62cd0c7fa7b521377e4688c2d467b9965a

SHA256
6db907db7772670dec054cfcad63f1b793a0db653808561addc4655e30a7ef41

SHA512
68b63908b709d48ea2005948ba3f70923cbaa15b0421de589ac97ad6819ae1f5b02e3de1664dbb75114ccd3a4c0f81318e056228c513bf06755017fda9081516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
2bf08ff4848ef2c70a3fb6c0f3019e46

SHA1
a6a3e51beb100348a5268c37aa7a6f4e1a87e6a1

SHA256
179b72a5e0c9abc192a6e3f2111353200be0ef3389149e06265656bab67fdb4d

SHA512
e328f9f74823d80c41ea99068e2a351a5c223c04a1cd682cf5bcf4a33f2d2278f3a1116e6be364041172de8b2e2d06f7eaa94269f9b0821a0c4648922a430566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
fc36d06e2401c8d966de428a60ca7959

SHA1
16c9fcde809595aafc305ae78dbef67fd593ff0f

SHA256
e42d805b1699c158e5b114dca0ed87e33fcf5a797884ee0b69429e1b142c22e8

SHA512
52ead01cef5c9e59971055e1233da85ff8db265473e43f6abd1b0a22682caf6770358b45bd1796224cc80c1be9f09e6556d36758d6ac5ad596438869846c0b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ee976b202c5e0d6cd9a3dc6366771f31

SHA1
26bb1dc573962fb946f8f240366295532614806d

SHA256
1855c3d8c1663b7aeca14deec8a79e24cb4eb7779ee0277c545e298cbcaf827a

SHA512
4b1495ff494cf5430dc0026914d52073562deaebe9381b772e7ba5e2bc8e1cd0e8e926a7755b6432956869d84ec030c0dcd47b18953329a3d4985539c715f9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
824f95869b6d87abd098120ef16ed8eb

SHA1
09ab9b198a45f4903004bb65232b110ff0bfc929

SHA256
1d0daef857351337a339abadc93e859924eff2601e98034e74b3b9e32fc83516

SHA512
aba3176a38a42d427499fc867f885c18916ad3d09d9277a332aaff2779c77fb7e0fedab40283375705c58464db5602b614bd02b4c412350e5176a4a03f0f46a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1c0e1930ce12ee4e563be5dba6413401

SHA1
e5c6c701a348c9ae22e20b2df1dc73951ff7bfd9

SHA256
4f5ec5d60633f0d4623f8e438cb446fff04b1ddc0921684b9471c086f2fb022b

SHA512
560508cbe3973c6cbb12488c9f96de57a6d1d3ade3acb7c2f46690676571494c18af0f234bcee39b7040bc7e437df14fecbafcc265df80f95b9cf67c49ff87fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
674fe94fc5988635746bca37e94004d3

SHA1
f7f3a2de78c0e5fc11feb9bbf26e5ded45eae419

SHA256
104c44f603d2911167df1b31eaa3d99a5ed4f725034ca95c4770e8d1ab763f0f

SHA512
5ae99faa118ba397073cd2ac675f30840d73919f6302222bef0b56d1d2d83aa103d58f196b6c4176c273c6ae711ffb5062a8d98ff802b8303269d7a69e387a7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
10b3e6029bd3f6a7aa99e45f20f8a2bc

SHA1
d66b64a66cef494ad245a641819920e8eaa14daf

SHA256
4c6b6384e84e913c1a9438f427a989579712b102ee876ed862d808190f3f31ba

SHA512
d26980ede9b75952d1348fad852f54fdd5acaa7cb2ccd4a8038c55e1d11bee672bf748f349c06c8ccb5e60cc2c38283c68906b914aeb931c852afc50184db3b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
30f9f69bd4cb3ca8ed4af465e6bf3b72

SHA1
1f7bf3625d683c1af38485d1eb39152949648749

SHA256
fbb114871abc3901711a5f204cb370f1cc1602ad89fa0c8155288ec72e4eaf36

SHA512
ae96746716d0b47912c191ca52db48ee40aca9591444c1f0ffbc913346be1fff1e9f71c6e66cb4c175fd308e04a504367dd56bf84920f94c65142cd8508258c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

Filesize
1.7MB

MD5
56a504a34d2cfbfc7eaa2b68e34af8ad

SHA1
426b48b0f3b691e3bb29f465aed9b936f29fc8cc

SHA256
9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

SHA512
170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SteamSetUp.exe

Filesize
486KB

MD5
6abd4383c9a2e8eb95865485993c515e

SHA1
e97c05539a30d25490b3efc973c70c3b1a6f26ad

SHA256
292e08738be17ce87a5ebd86fb4de99d112df29873b20f4c826df66337e54582

SHA512
62d3efd107ab734748e332cb6ac52f0fb065017ac5847ebd424a901dfa064663af60d836b63d928bcbd2934af49c436310ecff2d8cb6782cd818477dab7c32c8

Download Submit
C:\Users\Admin\Documents\LOIC_2.9.9.99 2\LOIC.config

Filesize
156B

MD5
0d296043f8068a84f3ce654210aa53c9

SHA1
12364d217b90d40cc6919aa86d6d93fa0546b3f1

SHA256
8ff88b0944bf4a4e4dc273c5b3ce8e6764b046b1019fac57d34f36485cf4ac5b

SHA512
9599d3f70f086300f29c106d3ae7c65b5155e07af03305815809a745f7f61fcb96a4c11d9a56471ec43a76fdded61a1c077b05357d82059c43c37d04b063e2fe

Download Submit
C:\Users\Admin\Downloads\download.ico

Filesize
422KB

MD5
cbdff1a73f72d263ae90281f4e10964e

SHA1
fa95f37260eb70860b3ea071a6fac83d82ef0c34

SHA256
a8c89f8c5ca66c84bd348ce889fb7841277826b83495c07dbfb61191ea97ba5e

SHA512
c2741d23996a3f2ec0c40afbc20014494640ff2151476009913b1fca6eff6c9380c125887bd1ca72789997d5790f0ab951b548c7fb7e6ffa354e26db6a9c6479

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Anarchy Panel.exe.config

Filesize
3KB

MD5
3d441f780367944d267e359e4786facd

SHA1
d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5

SHA256
49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9

SHA512
5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

Download Submit
C:\Users\Admin\Music\Toolz (astro)\BackupCertificate.zip

Filesize
1KB

MD5
dd1cd4059f36dac24c72610187094561

SHA1
55b0a1da6b26ad3fd44f6d2db70d15c1b8f9f7b5

SHA256
7d5a56caea3314d51d7f8a0b907435bbf8009025e780e5c0234aa70ef2efb19e

SHA512
81401078cbef18fcfd9d4bca64ce2c469dc5a34b1f16fd0395d6ccd738252a8ca82046cfea56e838880946ed0699a17e412b8a3335a8ffc69832d32d7fd73fd4

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\0guo3zbo66fqoG.dll

Filesize
78KB

MD5
e4ebcf76ff80ef398d3ab77d577f4c08

SHA1
cb9e6b30a63d50ae87610f6855b64abfb25691d2

SHA256
9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5

SHA512
8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\59Zp7paEHDF7luJ.dll

Filesize
4.0MB

MD5
15e3d44d37439f3ac8574ac1c9789ec2

SHA1
bb3ef30e9f4496198f412738579966210ade36e0

SHA256
5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5

SHA512
ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\CjETR6GpGXqM.dll

Filesize
395KB

MD5
b0fc0ba80f8ec9586ff397412c512d9f

SHA1
0f6051b71b715a47be1fa16683201413905629a3

SHA256
13db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234

SHA512
222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\EVa7gBMKoaHmLC.dll

Filesize
170KB

MD5
64a3d908b8a5feff2bccfc67f3a67dbd

SHA1
a17d7e5fa57c99a067cac459cb507b625dac254e

SHA256
6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1

SHA512
66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\FBSyChwp.dll

Filesize
170KB

MD5
0d41ccfaa8e7ef96248b8270d1a44d08

SHA1
6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326

SHA256
0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3

SHA512
a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\G3nl0mDcABnDuZ.dll

Filesize
177KB

MD5
97b8bec4c47286e333cc2bedacf7338e

SHA1
764bbd0307924b71ca89538b42996208d10c9b91

SHA256
060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de

SHA512
a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\KNTmoSnG.dll

Filesize
670KB

MD5
738c096a9bc38e21a9aa59ebc356c80d

SHA1
139756ad201a537461a6bb8524a4b89a63b1b1b9

SHA256
300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0

SHA512
294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\PK0TcnqTGFagQTS.dll

Filesize
174KB

MD5
fa90a2aee0d172000257c4faca31237c

SHA1
b317281b4acaaf1d7b7255c5e92887322abae892

SHA256
991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49

SHA512
b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\RssCnLKcGRxj.dll

Filesize
181KB

MD5
f6808c4fbbe0275db03b2cc5b4c2bc0d

SHA1
e40b61c64c68f72fc5144f5057d54229babdecf8

SHA256
e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248

SHA512
f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\WkUP83aP9CABpi.dll

Filesize
86KB

MD5
8dbfb67c059aa59f7c53e20ef6740363

SHA1
3de96e7f48ee7647f5a7c2efb68cbd914bc78364

SHA256
a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2

SHA512
70aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\eMTYbTz0gueNs4.dll

Filesize
1.1MB

MD5
5dfbcfbbf9e2ae7db23e252808699ffb

SHA1
a1d429292fe73aeb5abab10304e1ae8c1262b26d

SHA256
929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c

SHA512
9ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\fzAgyDYa.dll

Filesize
79KB

MD5
a5770798b7a6465f5b5a8c19d7d707ee

SHA1
ca67e9591d2f757cbbfacb55f27aec6485b10ee6

SHA256
f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119

SHA512
64da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\mGWHaG2Jn.dll

Filesize
81KB

MD5
8f98206f577160f950d456d1190c8d32

SHA1
defced38fce00775c4616b420fa674d77f946eff

SHA256
2bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324

SHA512
432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\mML6WKMqdxjDGA.dll

Filesize
173KB

MD5
e03b206eec8a7efbd1a47909071226e5

SHA1
21163989ea524920e874bc7932adfcd5e94f854e

SHA256
778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965

SHA512
831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\oYsKwDG.dll

Filesize
4.8MB

MD5
a718955297276f2349b7644447736e08

SHA1
377388d115b77aff357dcaf92b6aeb6286b1460d

SHA256
54ec206c8fe8ff27b3fb02ef892b8e6bc4b6abfff2fe08f5f57175c64f1d3220

SHA512
a3c2ded0cdc4e62adac92a569d6cd4db0c3647e663700f019a9de27e738eb2672e5cccec19af15633a3cd25a882452ff5ce39c17f67dc3ed6653b9e0ad063641

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\rNXXgmX25s.dll

Filesize
1.5MB

MD5
050f07b46987eaf152aab521c0112fc4

SHA1
2d2c0943ce9c10ba09b0d5cca54c2a88a1e61e95

SHA256
b93374fdfd9af786ff20597ae0e242b81373984ba5718194f9e57feb231c52cf

SHA512
a27c370e40ec126b6b9f3ab7d603378c2b629ec752aa8fc57a10e3ef58c0b701a5d1b4903a17ba180c4e73e76b54304f0868c474eb60e671562d0deed83a18c8

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\sJ88z8tsg5XzK.dll

Filesize
172KB

MD5
b3fa2c3d50057ddd2c9579dc0aef1590

SHA1
88a1f57b9177c95a2e095866574639b09d5f310a

SHA256
6eaf5744b8ec91312e1c6be83d852627e5204b3b64a1932e60e47438d73fb6bf

SHA512
0d1b8288cbc1c206029fe2f9b7366b2f8b49158e4c9643e453111ceb90fd77af903533c64f6ede351755414c9e7daa926704cda6f1953be79e1adc7aff515508

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\yL9x34D8X3oO2P.dll

Filesize
180KB

MD5
38502e61cc1d39095a12c1883551ad9f

SHA1
135c9cad9e6d54bf66a1cee5c99ba510102623b0

SHA256
0e9733277eac197c4eaf40fb0eada0907388222ef21843488a8e591149768301

SHA512
cd67a63ea954a4db8c8dfadceb2822b447d98c2c43a8f9c6901d0fce3230605a0416395b92caea6ac08348d5f6b0e1cb052b24cf90829602b0a5b0652b8a2600

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\zVvPGvK64uLS.dll

Filesize
106KB

MD5
a267a675b7243d9152c7b8e3e261d64c

SHA1
9a0277095646e2a773e8a04a7913ce6a56cf05b5

SHA256
9e82bf869638f8118f47f3870b1382401e42912cefcc6a9890489af5bb805c7e

SHA512
0dae32c0c0fbf6918779a5e9699cbef27572458a5cdc7119298abddb6a597a0017fe33af06c02abe0c66f3cd490f6955bd7c65470ed3e31338d28575306c04bb

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Plugins\zVvPGvK64uLS1.dll

Filesize
234KB

MD5
4f2fb621cbea3cafb7a041c9b3c115a7

SHA1
137502326e0126f372586d157e51a1416146c3be

SHA256
98eb518c9785f988ab1dc0752e0ef6d23f171134e60187c621795d6877940f99

SHA512
22171b9ecf1fc99b7aaf4e73c4d164cedcb503e83021f36a9cec673ff327f83a6c7568e22a7329cc6fc7ef3d6ff79d5dc6c88a8784e58401b884920c5ba2ac9b

Download Submit
C:\Users\Admin\Music\Toolz (astro)\Usrs.p12

Filesize
1KB

MD5
33a3f3e7dcfaf1d8abcb21ae742fd806

SHA1
4408901c2087c449b52785c7d7782ca3f57daeb8

SHA256
92f3c0217140d240d933cd1fb4be4299f55e329f180908ed1aeb3814be30375b

SHA512
9084db0bd0250af8bb484e55512cc3ee014d44c7214fd6aab9a3e46858de35c0686def1f948a57eaea4eaf67d6e769dd81954809daa8a6a7cd4219fa646edab5

Download Submit
\??\pipe\crashpad_3484_QORVAMRQCBIIDHAG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1204-16-0x0000025F2F7D0000-0x0000025F2F7E0000-memory.dmp

Filesize
64KB

Download
memory/1204-36-0x0000025F34660000-0x0000025F34668000-memory.dmp

Filesize
32KB

Download
memory/1204-32-0x0000025F33B90000-0x0000025F33B98000-memory.dmp

Filesize
32KB

Download
memory/1204-0-0x0000025F2F5A0000-0x0000025F2F5B0000-memory.dmp

Filesize
64KB

Download
memory/1636-848-0x0000022DD5450000-0x0000022DD57DE000-memory.dmp

Filesize
3.6MB

Download
memory/1636-849-0x0000022DF0DB0000-0x0000022DF0E4C000-memory.dmp

Filesize
624KB

Download
memory/2428-3067-0x000000001BF80000-0x000000001BF9E000-memory.dmp

Filesize
120KB

Download
memory/2428-3066-0x000000001BF40000-0x000000001BF5C000-memory.dmp

Filesize
112KB

Download
memory/2428-3068-0x000000001C6B0000-0x000000001C762000-memory.dmp

Filesize
712KB

Download
memory/2428-3065-0x000000001BFC0000-0x000000001C036000-memory.dmp

Filesize
472KB

Download
memory/2480-816-0x000000001F500000-0x000000001FAE8000-memory.dmp

Filesize
5.9MB

Download
memory/2480-817-0x000000001FAF0000-0x000000001FEB0000-memory.dmp

Filesize
3.8MB

Download
memory/2480-818-0x0000000023400000-0x0000000023652000-memory.dmp

Filesize
2.3MB

Download
memory/2480-815-0x0000000006500000-0x0000000006512000-memory.dmp

Filesize
72KB

Download
memory/2480-819-0x00000000237F0000-0x000000002393E000-memory.dmp

Filesize
1.3MB

Download
memory/2480-1802-0x0000000004B10000-0x0000000004B2A000-memory.dmp

Filesize
104KB

Download
memory/2480-820-0x0000000023A90000-0x0000000023AA4000-memory.dmp

Filesize
80KB

Download
memory/2480-821-0x00000000237D0000-0x00000000237E2000-memory.dmp

Filesize
72KB

Download
memory/2480-1796-0x000000002A520000-0x000000002A63E000-memory.dmp

Filesize
1.1MB

Download
memory/2480-822-0x0000000023BA0000-0x0000000023E18000-memory.dmp

Filesize
2.5MB

Download
memory/2480-828-0x0000000020140000-0x000000002014A000-memory.dmp

Filesize
40KB

Download
memory/2480-790-0x0000000000D20000-0x00000000043BE000-memory.dmp

Filesize
54.6MB

Download
memory/3544-46-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-44-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-52-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-50-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-49-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-48-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-47-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-45-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-53-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-41-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-42-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-43-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-40-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-39-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-38-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-51-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-55-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-54-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-56-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-57-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-59-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-58-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-67-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-66-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-60-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-65-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-64-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-63-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-62-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/3544-61-0x0000022A0BFE0000-0x0000022A0BFF0000-memory.dmp

Filesize
64KB

Download
memory/6008-3045-0x0000000000E50000-0x0000000000ED0000-memory.dmp

Filesize
512KB

Download