Malware Analysis Report

2024-11-13 15:34

Sample ID 241003-rjrz5azamk
Target https://drive.google.com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing
Tags
vipkeylogger discovery execution keylogger persistence privilege_escalation stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://drive.google.com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing was found to be: Known bad.

Malicious Activity Summary

vipkeylogger discovery execution keylogger persistence privilege_escalation stealer

VIPKeylogger

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Scheduled Task/Job: Scheduled Task

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-03 14:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-03 14:13

Reported

2024-10-03 14:16

Platform

win10v2004-20240910-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing

Signatures

VIPKeylogger

stealer keylogger vipkeylogger

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Program Files\7-Zip\7zFM.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.dyndns.org N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1460 set thread context of 2352 N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO03F82189\WIpGif4IRrFfamQ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724384344350841" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2332 wrote to memory of 4120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 4120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff5599cc40,0x7fff5599cc4c,0x7fff5599cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4412,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4416 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5200,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5208,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5504,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5652,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5668,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5032,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5176,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4032,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=208,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5784,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5080 /prefetch:8

C:\Users\Admin\Downloads\7z2408-x64.exe

"C:\Users\Admin\Downloads\7z2408-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3128,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=6000 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap18930:98:7zEvent28974 -ad -saa -- "C:\Users\Admin\Downloads\Fra septiembre CGM"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Fra septiembre CGM.7z"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5152,i,411309689233538750,14845759064874267147,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4624 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe

"C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe"

C:\Users\Admin\AppData\Local\Temp\7zO03F82189\WIpGif4IRrFfamQ.exe

"C:\Users\Admin\AppData\Local\Temp\7zO03F82189\WIpGif4IRrFfamQ.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AcEnrS.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AcEnrS" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC5D7.tmp"

C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe

"C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe"

C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe

"C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe"

C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe

"C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 drive.google.com udp
GB 216.58.212.206:443 drive.google.com tcp
GB 216.58.212.206:443 drive.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.180.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
GB 142.250.200.33:443 drive-thirdparty.googleusercontent.com tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 142.250.180.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
GB 172.217.169.74:443 ogads-pa.googleapis.com tcp
GB 172.217.169.74:443 ogads-pa.googleapis.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.200.33:443 drive-thirdparty.googleusercontent.com udp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 216.58.204.74:443 people-pa.clients6.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 172.217.16.238:443 ogs.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 contacts.google.com udp
GB 142.250.178.14:443 contacts.google.com tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.180.1:443 drive.usercontent.google.com tcp
GB 142.250.180.1:443 drive.usercontent.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 172.217.169.74:443 ogads-pa.googleapis.com tcp
GB 142.250.178.14:443 contacts.google.com tcp
GB 172.217.169.74:443 ogads-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
GB 142.250.180.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.180.1:443 drive.usercontent.google.com udp
GB 216.58.212.206:443 drive.google.com udp
GB 216.58.212.206:443 drive.google.com udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
GB 142.250.179.238:443 consent.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 142.250.180.3:443 ssl.gstatic.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.187.238:443 google.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
GB 216.58.212.206:443 drive.google.com udp
GB 142.250.179.238:443 consent.google.com udp
GB 142.250.180.3:443 ssl.gstatic.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 checkip.dyndns.org udp
BR 132.226.247.73:80 checkip.dyndns.org tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 reallyfreegeoip.org udp
US 172.67.177.134:443 reallyfreegeoip.org tcp
US 8.8.8.8:53 73.247.226.132.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6f7aa3a47d4536764b62fe4d7aa4929b
SHA1 7d9e0b949a22ac89520105f5407d1cfbd0882850
SHA256 1080856b889d0bfd2a7af4ccbb2e8eeec39f958774c7a93cd0e53846841a49d5
SHA512 2963b439661866b607d8d9932cccf29dc1d9b7761fed027a1b3a9415236309efabce656d6574ea0a92cd541820b96c92c299b6a886fedef4c2a56a88d7434a21

\??\pipe\crashpad_2332_LTIFUOZUMZUCMTJU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 12dc5223e0708e0a82f2f0a50f48e59b
SHA1 f222ac3bacaa83cca98d8fb7242922b3007d882d
SHA256 bc15a1a621833f43081dca6e18bc16ef9ea7d0d54de0f7749e0c402c38095efe
SHA512 ee5ab695015d22d42cf4635abe768facc65214e8b68cd6f391873db350d460a11a0010bdd4db30d67df22065c7fcc036a858e5c55277c2e566fa117b3fde92a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 abda4d3a17526328b95aad4cfbf82980
SHA1 f0e1d7c57c6504d2712cec813bc6fd92446ec9e8
SHA256 ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476
SHA512 91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 50bb311f4818e1469bc37dd691a1f7b3
SHA1 d619ac35ede1ef7e611abac13ef4ac4da7b5d7af
SHA256 eae32c3d5191c09e3ea0ecff2c13b4555dc6360dfeb385b0563b7feff5006bca
SHA512 e8bcf0c2631a9d9dc90d683ce31edf5b9b3b399bb91e21adb33c535eed4129dbdbc84e6aa3a26a2ad02bacb17252bbf9ebd49d9f5c2340815606c42ebeba05a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e615c6406da9ae188686e0c1a3f4fde
SHA1 14914e7cb8c99d8c6b836a71b36ee8603ff9c164
SHA256 a054539b86bee95bdeeb051487eaea558fce733cb62d4f6c088dd7a25644d3c1
SHA512 b9a755e95b02fab35f49746dd4a779483a0dda1c39a9c20378309a23c13440d295b7a4e81cda6c422fcf0cab24a70587b6b70e82f14d13399d5943a69436b9f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30d695cf06bf20d9608545cc584957dc
SHA1 5bff5b56724c0f04a023d547a48387d811ea95d7
SHA256 3a2cac5306671d5e19e5293cbc2585114db8a350a378c3fa65c89288ca0b210e
SHA512 fe11e58c84485d92b5c4dd9c8b42cb78fc2b372bf21ccd81e7362d1c40957f893067f2e926b83e075bd90e818a1c96ade7f96c9b921e91bb075c5c956ed57410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d719b8abff1039b13c9665fa1c9e37b
SHA1 a5f09c415bc6edde33a3e0c934d56fedcb12a7f9
SHA256 d871b45023e2be2828f5eaddec98f1ff0a29b8fc40e5ade5e1faed42eb073ab5
SHA512 39ff06d53da774e155c4f7dc9303e70a88ab96195740e11394964fa714a9457f66362cd84d879c7a541777d981dae07434679d1bb1c0976b1d068e05bc9f31c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5aca1eb1d3ba6df7e4bc7d436d6f63e5
SHA1 7e6ca10eb39c6459923e350c215a3f6784bc1ba5
SHA256 8500f8be6f45f685598af4a018277230267486af571140ce8f906bd34459c0cc
SHA512 960f6a0d44db209816bf4fb59dd66b43106e3beca24bc3cd1b84798272edfe3a2e7c88dcdfc571c721ea06357e27f5a9eb61f6f6da7d62f070387d2868b9822d

C:\Users\Admin\Downloads\Unconfirmed 576122.crdownload

MD5 0330d0bd7341a9afe5b6d161b1ff4aa1
SHA1 86918e72f2e43c9c664c246e62b41452d662fbf3
SHA256 67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
SHA512 850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 612807a257a2ceeeec6195201ea620cc
SHA1 f65e949d6622f5db764c2b47e04a22eb0d79de2c
SHA256 0b20faa9d4ac81d072aa395fb80a62aed9f2db6b1b133d2fd9950512505705f8
SHA512 9958f4bdc17a7c8640b4ba7cbb5205088f1c98807671a7072494140947ba2c1b26b90924192ca91681a910cac2d63ff2e1a26dee12293431157d27edb170981d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 225ed43a082f3301a41799634a89669e
SHA1 5330d041ecc70b5114307276d548dc5b5444052c
SHA256 50a1f5411c7ecbc98f865a4e47010b498979dddea2e14bb49e2ee334ad477394
SHA512 c1c82433fbf7dd629bfb5b990d4bdc5b980d2b6f10ab37a33fe6e0c5a9e30bb92c1d97b488cf8a517553af5350a5c9e51892c05e95ea7e7789b7727da04921b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3ea14dd29395f019bfe1ed3d8a4aa075
SHA1 5d3a370f70f203d0bcae50a5315eb25df47d9c28
SHA256 bb475266c8468e9afb3c435b9c93010c82cd19b8d2e0c769ac3ec563cdf2d167
SHA512 b5c2df507c5425241fcaf1559f9e103ba4bc6560e3eb86eb8ad2c183837277333e583406f817d0c903241a8aa46ae6131b53f2bcc99e1b1aa37e41b5f2010525

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51710068e1b0f079d51f1e8f9a259c5b
SHA1 2cbef4078d6d5876366fa8071e06139cff286e03
SHA256 864e6d78131905c8dac525c614578065d9cbe65ca66aba98af022e398ea6667a
SHA512 c6b26cb0dbd24f2e32fda9304222161a5316e74b158d0a8ae9343c3958450df0b5fb49850c701b9f2a9e66897e07afdb690c5420e6dfbb45f760dc7e823ad36f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 a13ce859ac80c8d3b26a61a765ab6fc9
SHA1 35b200880eeea2ff3758ea8eb63b299cdf2fc19c
SHA256 b774b34bb4e9aeb33bdfaaee232aaf17ebf666aa642056eac78c11d4ea43937d
SHA512 4fd400fec3cd0d32dc34b1a2c58e74c41e0c7a85aec291c03782a04ce573334bafdfe9774a6e9e656aa45fef6b9cb83d9c3b6cb8612ccfa123a0e985a5fae04a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aba3798eb1643a459a2516a302646465
SHA1 362588cb1bc41d2f1cd33197f2fbca466f9b849c
SHA256 ffd28a6e5944003b025a9c6867ee982f9233fe38b20121fc4fc8c267e1948cf3
SHA512 bdc75aa6074ab391dd5470a0acb4081d304c0e0f57cc09fb975feffc07433bae1e278ec301f8395c62a62cf47a62b718ddb51633a48261c0477de74251c2e447

C:\Program Files\7-Zip\7zFM.exe

MD5 004d7851f74f86704152ecaaa147f0ce
SHA1 45a9765c26eb0b1372cb711120d90b5f111123b3
SHA256 028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be
SHA512 16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bc29b0f6ce9f03313a91223ad0edfa1a
SHA1 d08f1523e99e7b54fea29d5bf0ada2f0766f9ec1
SHA256 b2d000d2e2e2e00541ca106f2502163cd185c9f56abd3f7846c97cd72f66a94f
SHA512 86a898000380be247b3265bb099873ad880f0f31bfd9d2a6b7ae38c9f3aec34e5dfe86cb8ac23d69579f8335a791ad2380fafe601d23da57d6dc1002e90b9671

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 961fb124abc2ef5502200cf885f5515d
SHA1 b235016a06d0e4fbd2bc7f9c45b9d0ad6f8e1935
SHA256 c85107eb27e508f79672d05e370f4357a07bf4c3a19626b37aa387c26f6fa703
SHA512 721ad9daa7050d22bcafd3dda1a99df743523820b02e8eca03b2803c77b1eff2da5b9ca0f89ff9e189e0a473664c7795138296f5195047e8469cc3860cc2f65d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40f0f3ba8a55146ebf2bcaf7b3f67331
SHA1 7308db2aed6807681f2b1bde9c107a9501dbce1b
SHA256 bd46ab1a0053dd2c2c7deb8e61079dde23281ee9fe6dac2a9196e496e9d4cf65
SHA512 aa0e1117f14fc133dbf31f8d5080d03dc6411f5f32491fd33c66e770c974b91de7a91375ed21b7c49715c75be7132ac413fa83ebfaa937bd50e11034312c493e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cb71072cf7d563529f783a2a16fe431d
SHA1 5935345e86d6a0d4bed3519cf435fb204f21d46e
SHA256 21383515b3128585b318468ea891ba0021211913a543286f5561946952d938be
SHA512 39d094a015b3ae21fb59aeae9204e06ad9cda831af7553ada25e25a6c55ab3fef805574b04f3c707eae4bac1226c539874a991fb9dfcc739480f1bb036436e3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1dec3830abcf2325a30e922f1189d1e
SHA1 803ca645d7ec2d2cd60bee66c6cd4e911afda395
SHA256 23e9441cf3394064dccd6c3f043823cd9a2c5cbe60ef15f7e26150008d30123b
SHA512 81ed24eae8d459426c55b644f340e851a6b21f8a388251013a9a03048f523a09ebd172449bd40fae481dbca015956c9c51f0af7ffca5f5b7967e543487e2238f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d0cee812b85cf1a3fdef530b048251dd
SHA1 e956d5013c22466aebea3dcb2d601e0d650aac53
SHA256 631b18b6e63d516bf1efbdc587ae271ca9827a9024629aff45409dc38d5bd8a2
SHA512 fb40a1af6949cb1058558f6cca301b639ef5ad4998f3fab86576505fc2f19b79b875bf28fc49742cacdb9deff83dff8ecfa28f5c92534e4c0bffe69231191a18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60b4eb08899e037679feee2cd98bf535
SHA1 df95b5477ef06436727234eb6d613afe93f366ea
SHA256 c688c4033598d5a329075e4253ff52fbe0cc236f79e62d0e6973ccd56d43b888
SHA512 5b083b1ddf48757b9b5627c3f5fff20e6a73dcc9985f1b9404051726a67cdbe693c2e773b58eb71e6333143f1bb108968ade24377f52181a87333ff2de263292

C:\Program Files\7-Zip\7zG.exe

MD5 4159ff3f09b72e504e25a5f3c7ed3a5b
SHA1 b79ab2c83803e1d6da1dcd902f41e45d6cd26346
SHA256 0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101
SHA512 48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

C:\Program Files\7-Zip\7z.dll

MD5 1143c4905bba16d8cc02c6ba8f37f365
SHA1 db38ac221275acd087cf87ebad393ef7f6e04656
SHA256 e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812
SHA512 b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8e6c7943819c20bf8e518ae339e89ce
SHA1 cb581735c2d3f94db1295a989e80fa5d6a103ed2
SHA256 33c5837dd7f44d9bc227ff978dff57e0033da338381b7a4affc7d3e67dbb440a
SHA512 f6d63e9a2d2d9b2743e1a6a29c758616f2312464c41d59e2c35a39cdb087e58e7d209b971046dcfcf49372e7bda9ac0bf0b4333c39c86859c3af79cea04e7692

C:\Program Files\7-Zip\7-zip.dll

MD5 d346530e648e15887ae88ea34c82efc9
SHA1 5644d95910852e50a4b42375bddfef05f6b3490f
SHA256 f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902
SHA512 62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

C:\Users\Admin\Downloads\Fra septiembre CGM.7z

MD5 0ba5910c520728a8fc90249239066e01
SHA1 64d8098867a77dc1e324907b2d1a2df4a3d3440a
SHA256 1e26c0ba410059f7944e036c8f8d0f55131d34d6f34da99f7215b078021550a1
SHA512 38f76a980ecb17e509f87ec6ac2022e76928251d1733d9d21f5b21238fb5f1244fa9a5b9612253652d087112e7576860eb0b816aa63fc0435a35e03211d6e1dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eabc208b61628c7449732a504cbb84cf
SHA1 0c828241efea06fa41f8e3d42e66ddda14c3e560
SHA256 2167dc3bd981aab9731a59c82299443fbcdff478cddd2204f6482457d66aeb90
SHA512 e60bfbf09544e9940ac10f399bfa3d2c8bb869fb337fd762cf2c7f8c726c43b48e7348b384f2b71b50d30e17ca8b374cb7a273859c2d05ac835e61b16ac61028

C:\Users\Admin\AppData\Local\Temp\7zO03F13AA9\WIpGif4IRrFfamQ.exe

MD5 102c9ce1c659517c4ea924c2044305b7
SHA1 942b0a7e2077eca38b9b6ff16d89722cbbbf7002
SHA256 b31cbc6ec2eb2b790c422f0f960bb1436106d92958703cb005ccdef38887e310
SHA512 eca6ed6a871e9fbee67feb73534bff544f052d6b3e1058a68b4602f159f089193f0f576384e6cd49373d50200d71bb4aeadd151c0fb81a77a6246849af2f39f6

memory/1460-635-0x0000000000550000-0x0000000000612000-memory.dmp

memory/1460-636-0x0000000005690000-0x0000000005C34000-memory.dmp

memory/1460-637-0x00000000050E0000-0x0000000005172000-memory.dmp

memory/1460-638-0x00000000051B0000-0x00000000051BA000-memory.dmp

memory/1460-639-0x0000000005420000-0x000000000543E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa9dd379f3f29e66bf3fc5729aa4c089
SHA1 0193494e6048eb7093dec827b1fe87287a537e28
SHA256 089138efa679fa9145d16d3c700e0a1824eb452ba41686b151772e77537e0ca1
SHA512 4600bb3b47ce3ba95125e3d608de4d44312be98ed733677f2b2a62b51f8a8d14244bf91530ebe8c94592aacb6ae6b4626d04a069ac05190533da0198773619a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb75e4f2654227bb01e70245aba7fb9f
SHA1 f0dda0d4b291748e873327e7339497b194a6aaa5
SHA256 3c45150375a1b5347de83b88920b9f72f5cf6cae759cb7731fb154c18644d4ab
SHA512 15c12c3550ffbdbe67e0ebd03ab7cf838ee3ad3ca466a386724b2316b14df04c8aa7d13fe7bc510db7f5d86b88516dcc9d566b05b54e195d222179f30c0c5635

memory/1460-678-0x00000000029F0000-0x0000000002A7C000-memory.dmp

memory/1460-679-0x000000000BCD0000-0x000000000BD6C000-memory.dmp

memory/4568-684-0x00000000025F0000-0x0000000002626000-memory.dmp

memory/4568-685-0x00000000050F0000-0x0000000005718000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpC5D7.tmp

MD5 3b3e9793fcb248d508e7163d0ac94353
SHA1 cbbfb3b5fddd9bb751a4cda1bd01651ca89373e5
SHA256 057d14b883a0968e625fe76984e772ba71ed901705da27e7e9a0fc89840791f6
SHA512 63bdd0088afb503caba99afb80c6c01c79abe006944072911bf4d4de2f5676caa4a54ab3f446243c3c1d52c20844b151a79db6e0dfa21df121a5926f3e1513de

memory/4568-687-0x0000000004F10000-0x0000000004F32000-memory.dmp

memory/4568-689-0x0000000005790000-0x00000000057F6000-memory.dmp

memory/4568-688-0x0000000004FB0000-0x0000000005016000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ue1kysur.yxe.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2528-708-0x00000000062E0000-0x0000000006634000-memory.dmp

memory/2352-694-0x0000000000400000-0x000000000044A000-memory.dmp

memory/2528-714-0x0000000006920000-0x000000000693E000-memory.dmp

memory/2528-715-0x0000000006E80000-0x0000000006ECC000-memory.dmp

memory/2528-717-0x00000000700A0000-0x00000000700EC000-memory.dmp

memory/4568-733-0x0000000006430000-0x000000000644E000-memory.dmp

memory/4568-718-0x00000000700A0000-0x00000000700EC000-memory.dmp

memory/2528-716-0x00000000078F0000-0x0000000007922000-memory.dmp

memory/2528-738-0x0000000007930000-0x00000000079D3000-memory.dmp

memory/4568-739-0x0000000007830000-0x0000000007EAA000-memory.dmp

memory/2528-740-0x0000000007C50000-0x0000000007C6A000-memory.dmp

memory/4568-741-0x0000000007260000-0x000000000726A000-memory.dmp

memory/4568-742-0x0000000007470000-0x0000000007506000-memory.dmp

memory/2528-743-0x0000000007E50000-0x0000000007E61000-memory.dmp

memory/2528-744-0x0000000007E80000-0x0000000007E8E000-memory.dmp

memory/2528-745-0x0000000007E90000-0x0000000007EA4000-memory.dmp

memory/2528-746-0x0000000007F90000-0x0000000007FAA000-memory.dmp

memory/4568-747-0x0000000007510000-0x0000000007518000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ebaec3de8b12ee80379f1541800be3d2
SHA1 cc443a8ea01e684b593014dcb8e487bf9e60ba18
SHA256 928f3f75ad0ac00a070b2b82722589808a243ae6b952a472374fd1e196a0e95b
SHA512 fb401016b6e383292bb1e15bccf0c4d40bb04893003feeb5c2eeb32a316ad3b0ba0bc0a3b6a1d93a1a38f72dd5d9974aab241499ab27cadbd64e4b787aa896af

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 968cb9309758126772781b83adb8a28f
SHA1 8da30e71accf186b2ba11da1797cf67f8f78b47c
SHA256 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a
SHA512 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf1b669767b4eeded7f60deba7b6f124
SHA1 97ff869ef95ecca35c0eee3ff48a7c99c772917c
SHA256 cfc45708af12d55e3716fc7c0ecd6f3b243433ee8f5b3beaf063a73c6906fa9c
SHA512 69f941694ca111c589b1186f1d4364effac55d140cd7374d14d18123cbf5085dbb6cfc92ae092280a369f8aee9a7c5662c0c0f96107aade863ff65a2c9224d8d