Malware Analysis Report

2024-12-07 14:49

Sample ID 241007-mcy3mstelf
Target eicar_com.zip
SHA256 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
Tags
discovery exploit persistence privilege_escalation upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

Threat Level: Likely malicious

The file eicar_com.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery exploit persistence privilege_escalation upx

Event Triggered Execution: AppInit DLLs

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Possible privilege escalation attempt

Executes dropped EXE

Modifies file permissions

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Checks installed software on the system

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

EICAR Anti-Malware test file

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 10:19

Signatures

EICAR Anti-Malware test file

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 10:19

Reported

2024-10-07 10:22

Platform

win7-20240708-en

Max time kernel

119s

Max time network

120s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 10:19

Reported

2024-10-07 10:31

Platform

win10v2004-20240910-en

Max time kernel

560s

Max time network

673s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Downloads MZ/PE file

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SETA9BB.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\SysWOW64\SETA9BB.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SETA9B7.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA4E7.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA4F7.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SETA9B7.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SETA9BA.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\executables.bin C:\Users\Admin\Downloads\Bonzify.exe N/A
File created C:\Windows\msagent\SETA509.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SETA50B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SETA50B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\intl\SETA53D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\fonts\SETA9B9.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA4E5.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA4E5.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA4F7.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA53E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SETA52C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SETA9BA.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA4F8.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\SETA9B9.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA509.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA4D4.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA4E6.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA4E7.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA4D4.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\help\SETA9B8.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA53E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SETA9B6.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA4F8.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA50C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\help\SETA52C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\SETA53D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA4E6.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETA50C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Downloads\Bonzify.exe N/A
File created C:\Windows\msagent\SETA50A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\SETA9B8.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETA50A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SETA9B6.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Apex9.1\Apex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bonzify.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133727700789396591" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "804" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR ja-JP Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "409" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Speech HW Voice Activation - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlBalloon" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\de-DE\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\TreatAs\ = "{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0 C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0FA9F4D5-A173-11D1-AA62-00C04FA34D72}\ = "Microsoft Agent Voice Command Module Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommand" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentAudioOutputPropertiesEx" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1\CLSID\ = "{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA141FD0-AC7F-11d1-97A3-0060082730FF}\InprocServer32\ = "C:\\Windows\\lhsp\\tv\\tv_enua.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Universal Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\InprocServer32\ = "C:\\Windows\\msagent\\AgentCtl.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\VoiceActivation_HW_es-ES.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "SR it-IT Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 5a0031000000000047598452100053797374656d33320000420009000400efbe874f7748475984522e000000b90c0000000001000000000000000000000000000000c95a0c01530079007300740065006d0033003200000018000000 C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlPropertySheet" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile\ = "Microsoft Linguistically Enhanced Sound File" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Apex9.1\Apex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Torrentator\Application\YahooAccountCreator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Torrentator\Application\YahooAccountCreator.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4420 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 1948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 1948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4420 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8da40cc40,0x7ff8da40cc4c,0x7ff8da40cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1824 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1540,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4692 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5048,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5056 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4116,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5424,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5044,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4812,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3344,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4804 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5052,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5612,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3352 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=240,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1128,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5572 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\USB Spreader\USB_Spreader.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\QuikNEZ\QuikNEZUpdater.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\QuikNEZ\QuikNEZUpdater.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Apex9.1\Apex.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Apex9.1\Apex.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Torrentator\Application\update.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Torrentator\Application\update.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Torrentator\Application\YahooAccountCreator.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_archive.zip\Torrentator\Application\YahooAccountCreator.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5464,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4556,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=6104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4656,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6080,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6136,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5756,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=6280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5700,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=6056 /prefetch:8

C:\Users\Admin\Downloads\Bonzify.exe

"C:\Users\Admin\Downloads\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6084,i,5177776432380921722,9041981847925630647,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5704 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x150 0x304

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
GB 142.250.180.14:443 apis.google.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.78:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.179.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.179.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
GB 216.58.204.78:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.ikarussecurity.com udp
AT 91.212.136.200:443 www.ikarussecurity.com tcp
AT 91.212.136.200:443 www.ikarussecurity.com tcp
AT 91.212.136.200:443 www.ikarussecurity.com tcp
AT 91.212.136.200:443 www.ikarussecurity.com tcp
AT 91.212.136.200:443 www.ikarussecurity.com tcp
AT 91.212.136.200:443 www.ikarussecurity.com tcp
US 8.8.8.8:53 matomo.ikarus.at udp
AT 91.212.136.27:443 matomo.ikarus.at tcp
US 8.8.8.8:53 200.136.212.91.in-addr.arpa udp
US 8.8.8.8:53 27.136.212.91.in-addr.arpa udp
AT 91.212.136.27:443 matomo.ikarus.at tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.178.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 consent.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.212.206:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 216.58.212.206:443 encrypted-tbn0.gstatic.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 e2c1.gcp.gvt2.com udp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
US 8.8.8.8:53 126.89.80.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c43.gcp.gvt2.com udp
NL 35.214.142.18:443 e2c43.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 18.142.214.35.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
JP 142.250.198.99:443 beacons2.gvt2.com tcp
JP 142.250.198.99:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 99.198.250.142.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 pixelatedfocus.com udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 www.softwaresyndicate.co.uk udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.78:443 play.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 collector.github.com udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6a6ddcb556719ab583becb21f0023d3a
SHA1 6d4353d469430dad83b5793e3b37fd7fe4c3b6fd
SHA256 0edf008055bcc2eff3e743d48e91ee545faa08e6124d0fe24a73bac3d81e1ead
SHA512 647fa116ed54c0a380051dc67a2e33f0966237a189f767c8b365a4e770512d2090561099b5a9e76914ded975d7663ba5718cbe33cc2ab766f67a0c9467c104b6

\??\pipe\crashpad_4420_XBAWUBHVKSHWQBLA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 4a1a62d2ea7ed6856856c31cb67a7283
SHA1 891e3fc362104a6e45150d726d9f0fcc731e8774
SHA256 2f28a4cb877b4741617a1655b27b32f3738b8b6609a4d4c757f468c23caa47d7
SHA512 68cc6b9e7a70823bbe8b2d9811e8fc4af2944efc0f8b2b1a952ee3fdc2de9f810c5210ca3a177f34dd7739fd3b3a16ada64c6ec3c045927b70ba6f07c9a76691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f9d5298278eb510a0c64e0dda34e0c2a
SHA1 ce74f43f7c4a934ac642b01626bab179e31bea42
SHA256 7036981e2cd922dc305f58f1cd44b2bd4804635c42595a7eb65c55b75393d57b
SHA512 aeb9d379eb20ef60af59c2fe14d17a04798294295795b0dd72574f0ec0757be9d222127dae1f1e592ff15afe4cfd79c7d905afe181c5a52218d7f56e4c4df1d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3895fdf7ae7273826efcd26f8b64b64c
SHA1 e7086fce7ac8310bbe7f1cb5e32d3797fc956d63
SHA256 3e8cc012ca93d7e8c83126d1802684dbd98826a58bdbe0ef187f13723a50c96c
SHA512 c28c28a3830c1620da675c264a3d309f0ea01906133cb5022e376f6285c840382f49931d1b5c3db80e03b3f24628ed79118ecc5cb954df32fec0b6076b92bcb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ed29cf769592bf8e5d477b44626aace8
SHA1 3b9fbea724dedd3af3155618cc6e48852d38e3fc
SHA256 682f1f20dfb633a449c1766c5a8cc5f3dd4a3e27211e9dd7474812515798ee66
SHA512 afb6ef35672fd2e58d88bed4f621a9cb1e7d11310dd18de8c3460d16a5c60e1fad55b339f49910a6c3677e4270d32b65862a9c4f8f060dde90189f83a5f5f168

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 15256f71ee109e07267cfc8f49650b42
SHA1 1dfe6d88cf59674f40c85ad68aa4b7db7a38aee3
SHA256 36e5c6eb995b717f5c39a4770a1faa9a72f6726f9c620f35dc111a859bd9b65c
SHA512 830553a9229405e3bc93cb9abdfc49a749aacb8b04b222670b7a79d345068f574b7a4c4775e857c70d97b8f1416325c512f5f94e576fcd13dd95a977a58dcb5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf09bd5e86e1f2fe6a4798dd093cc917
SHA1 3d4e5f2369fed3e4bfacdc6c9873d00ba46a8143
SHA256 4bc3af08ac22d7354b380671f9c68fb792ae9676369e461570012d69827a3029
SHA512 660467eacb4c32fbae4705dfb484c2c9f7d72911df0fb780e91e9fae8ead0607e6ec306289de8fff9576c673fc72d40d0d4841ce3de60f86dbef8c2cd515f8ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fd394d3401267ee8163961411df8f002
SHA1 6345879bf322c58611c2764ff4c4da80a58698f9
SHA256 31f510758cb40cc83c165172bfd5f4456d7bc76ada5a9b3b32f56ef2703b692e
SHA512 f946c425cc486405b8d5683cb781e6dcf7c5153c129ae8fa5e40ce095b1e506c32cc67d7114fe0b4c8bc1ebe05ab86ba09a40bda8cc4d0b1d0985d5515839f29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1cd416cfa4de90cd6186a8e466c8e686
SHA1 543d628456773a56ad9371a2dab08561a4ed1189
SHA256 893ea9cb42dae4e71f74a906c49928324a1406ed7a02d6e19488ebf5e93d8260
SHA512 3e3e8211f00658f644a7e618ab51ae35dc095746f805ac9f3585eb92e6a9830df803aeaf9ecd69f722fd4995513748739fef015f675ba728084c34e33985f114

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 174e31fb086297b8e4523169f40f6073
SHA1 a6cb6b30b4e402c7dbac90338ef73f8f2cc1ea46
SHA256 c7eb41aeef0e691e8c9231b51db011c1f446b0cf27e30693f61abe0155e8218f
SHA512 341cf59f06a06fe5abc6d4910202785278c27e1bf999bcff26ce5adbe5e9a0efcae54ea8c409c24a9a6ba6ebe3daf992ea0183f3f3a16a5f841f7d30bbce53af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0697a517b583d4cbacadd825d657ec7f
SHA1 9cdce047e352398f5215d796ccca7f414911e58d
SHA256 3adada3e26ec8862a0be6524573ea8e897095e3baaed2ad59859e76c5fe15478
SHA512 02250cd0435a906d4f4a2c33c9bb4bd0c996e1a81f226a6bf987c0544428fe315fd1cfed94c9bb375bdc0a81a9f150beb68fedf75cece83692ddfecacd0eb4de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab7806485b158bc59c78ec7fdb5e0c95
SHA1 f1313711cc2fd50398c6ae26b66a93b2e6bc08ee
SHA256 ac5296155069ed01b85ec8ad860c7bed686bbcdbf5b4266f87970058a30261c6
SHA512 bf0e8b2527585d23ef312c66aef37ba222eedc566f1f013a018b47323fb467e70642f3e5c661df7ce3e24d11ad6f497b96489245ed0e04efd3c11023d5d7ee12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66af68daa5c6871a6830437d4afc3765
SHA1 1a4959ee7f29d8721382804c2e845dccde9699bb
SHA256 520ac72ec7411c1131951f0f00f0210e0e0162e5e9b4c13cecb8a8f6a6c85512
SHA512 d07191eaa2489421d5f7c583488b6587a05f930057c93c30ebb90bc7abba97f37fc317f7326f85bb0ed2ff22b31de2729857f7338b87ea54337ca1a2439a23f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 92e2731164ea3893bd9dbb307720aafc
SHA1 3e244bea760ab18b9e6c1034529be057a653088d
SHA256 3580b55af08dd7d3ec08d3e502f448ec1c0eb075c4d02756b915dc4b9297cc89
SHA512 12524440af4068bf9d091aa179fa8c078fb8b84acdcfa4a3f2847f1d082c79b086c6fac52ad21671f3289370e46e7bc036eff8539cff802987acd3fcacdd1f7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdf54717e84d13673e85b2338dba8690
SHA1 4db8f9690addbdc7b63c08c3437f07cbf991de3f
SHA256 729b052b6e4db157608f90f41115cd5e48890fae1697c0756bc680eee830fe5f
SHA512 d1ed4e5ac0a3f394d0e6f41e41a84123bd59967f40618dbdcf6d44238197843128d4c233fe4e09f4ef3e170ca44d9671e57b03c4088ce618bd6bf19ec4cdb071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 459810fec6082a124145ad1d37d77609
SHA1 9bffc82c75dabacc3c249aa5d6047739fca3970d
SHA256 c9cd92186e879cf7088f80a0262efa17ec014b5adac4c17f621931018dd45897
SHA512 a29f5bbca685252e846e3486ee7ff0fa71576a507ec59f071d533f6f3b7a6d0e97135b70aea5d063d048c36b8afc229b8f42325ce81eaa36dce6425c3e38f3d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5160180f569c26cf738c105cb5c1ab7a
SHA1 171dfcbbf92e126c8ece7acc6eef984affb94422
SHA256 6bc2f64eb896b2e263db17324ecf9d92d1338133dcb9eb72126b95aed6a1ea0d
SHA512 18e46a72d6c79bf717fb27c4dc2a6016e6efaf187c47c4e9a510d1d8e6a4666062a157c6bc698235b858c48b415e8a275ccca2433785846eddc35064a4de35e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c6162590c4a8b2bec9fb8819aeb6d54e
SHA1 362931fe011141b5f08c52a2abf8293557ee6502
SHA256 54f1e7396121c5db8099e0326e00e7cea1404d16214bafb1a0c5ed45eb398b54
SHA512 cd263bc0f6408f9e95fd4a4734a4ae3df3cc17bcb1fb519dfbfdbf08e06d83afb527a920559c56e5c7aa0e23b1394d3a1a62e5635014027c9b44c4207ee47f5a

C:\Users\Admin\Downloads\eicar_com.zip

MD5 6ce6f415d8475545be5ba114f208b0ff
SHA1 d27265074c9eac2e2122ed69294dbc4d7cce9141
SHA256 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
SHA512 d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d1e2388cd3a65690f94b1fc798b9cf7
SHA1 d69ed6f93f96a3aef061316b6c84507d2f77b9ff
SHA256 38f059954ac4a3a104a2bfc060c256114ce95f1470a6d0ec5bbe6f3680dcbf26
SHA512 d937c90075035c019ca8665d78ea993e8d1f9ee3a2c20407020b0ee7448e9141db1407c0ba0ee2d1c849ef1986750325b94d894d42aa71283e972c0a3eddc923

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c3db79b05ccaa3f59f0a11d20ae93e9d
SHA1 887917db9f725f525fff8e94941b987388aeb3e5
SHA256 bb68657be06e8796909c0f22dea332934cf2c1c8b34d7ea3c7e639f03bcbf14b
SHA512 43ac5f1efad8bc882d2ee1c979cb325aca63cc2c8066624260baa2361cd187250217c7cec49fabe2106f36f4c99c7b42e561c1ad44fd3c428c998a1b4cd7c436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9977b6b3-6167-461e-8f15-0cacda8ff73c.tmp

MD5 93a71945c867d2a09b00a56e69137d33
SHA1 6dd1f28c01658b286acafb05a3820aab0dd3a5cb
SHA256 fc902748be59b0a2af8ad772c4360c83932f60d1bb60f7fac70adcd74e347c70
SHA512 c1f1462c3ea55d5bf144102a60fb0e1a96a59c8c583f204d89f27188cb33e55584653b74758ec6a4f60766c76e9d6440a794f2e8c8a22aa13586dd3953c71df9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abfa6a416614bc8305a97b6db62def6b
SHA1 43244d62a655e1e0db590cd0f0d6abbdf1e83872
SHA256 4e761168ac280aad7f227b3ce88497f4d64b35ed1213461a3a46d2c473e6fe1d
SHA512 d7437fd29cf6f673bdb227ac5f77e8705deac0ce8225405617acab19567c39b7e5b47a31a4732b77173a99f4192cf181c80a80f37e794b3305f1f127e83e9086

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8be996fba388e7da52dad4f74ba5cbff
SHA1 73912bbb0ac393dded946e59dd330aef22166ab9
SHA256 a02c4f0a93bb2755222c40148145644c6674b99c65dadeae2432df27cc48064d
SHA512 8dd481602d708c128efed7b8755dde9c514d859f614315177e52beb07998d567a88b4d24de0404f194db8fb7a0e4e78700191c65791c0399207264922f8b2bcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a3476651152357a34c36974221b8c4a
SHA1 9a63d204fcfca19ce10600ba544c7dfa7e979c00
SHA256 754a1543086a372556a63d9ffddeb93ae646a08f290ae86863be62db9505767f
SHA512 c860266a812a2cb734640bef2119b5719add0b07845b67d4875fe46b8288d2e8e914fc2b5569c03ed920a64229a5cf08a8fb53a79a48a7a37145c35def9e0fb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 e383ef862f4c7f2a0c8914815681208d
SHA1 e280c3d5ac7a4168711d8ffb5943c86fe04b9d04
SHA256 37cd92c2c53e7a916e02f3c90a58ecc8510dd2663b6c8ec44407765802c9a90e
SHA512 e665e11c24e50520da6b83f877fa45fe94ed6eb502c4f9bbbbdc2fe539b54111d0a7c442c5828b1f58d000e3f90f33ab600dc9f120e4eee8748931378b265c48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 1ec7f2f41a6e8c4412abd7ce1906b7f5
SHA1 12ed161c0cf07203294cb6a67588a3ef83d3c65f
SHA256 602f9aaa28d49734b4b5d1ad14b870518e297fcdc265f0e6a4e1dd16bd59b3f1
SHA512 0bba403582f297e77942ea08b6d2d9b4a3de85a84965cd0200b271968e78b8b9115f5399675e5db61128c02eb4c4919179b3d49dced6eac0e09cdd8b40bd4638

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26ef83aea2dd3b72811ab3b9c0eb28b8
SHA1 502da221b1faffd44cc958e6d93ce50266e25ad0
SHA256 7115c6075d09ef6e6658c8e0ad4316838a398a5ea8abce2559cf004fb3f13a67
SHA512 a6bccb1c0691464557425cddf068d1cf3be47d78c25fe1ffc8a4d31554a37a5fd1c0efaae0d18c4eb3b859f7728d6ad14e06adedc0955d0e940823bd49a30614

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ad582abbf12a55a7baeaceb4e8d67aa
SHA1 c83c985aa1f3c036d51900a6952506d16cb16243
SHA256 24c304e14aa8449e9974b35e4808e57f829c87eab6966358c6bda5ad7c2f064e
SHA512 a44bb81c33a762006e5b547b36a42076a19cceda95c6308cf3565ba1d19c59f34dac71181ee6667505b138d1f419709730aea64b01b961095cf5d1aeb345213c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e299d25b9de4f7e6f01e7bf59969e856
SHA1 4119eeeec67a9f0c135bbd5d3a1e0710504e23cf
SHA256 063dc3cd8981d1ec610976a1b6a61a20a84390654c56f824dd627b523558a2d7
SHA512 f1f0b74b0d4b00c56063b5ce735534942211e0db77dda4ab9e49159c368cec9468d305cb43785d76d1b3596a671502cc265f592333722064a41025dda9b756af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3f9a0c24f4a21d4e12b3a2bad591b468
SHA1 2be264ef376ab6a488c819b1336df7145fd711f4
SHA256 49c0b801c06e8e2a1bd295357931c066d9def010b149a6fb608fb08dbb71ea62
SHA512 dc43cc2d43e243a2bf88ad6af1f8b0ceb72ec3d3c81dbc0a19b889d4787eeae1d8ef5795e9467f825ab79b60f65c6bc7eb226b3739c79ca4e32f060e02ffc92e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1269c31200dccd487905c80577edbb41
SHA1 9b6f16be9521204a3810cb1ac4b3408e0489e434
SHA256 1e3447a5f3f167a69fd882b3665eedacc24865df0cc8364f6e5d0316a9123e5c
SHA512 ffdaa87db94a399f87884da2b57792882111fa0e0e5c72958af61f223f27e1b0d892608224e37bc03145b0dfda14409ca7fa53ffaeba557f1ebec8c001bee54f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf2e78c6ee405cdfbd9c5436b7e814f0
SHA1 e410010a6904b7fdcdd811393a82b4a7fa47a787
SHA256 60d6c90644f37f8291405559e35b2324e5ccf85b549a34a9a6873655ed2b86b2
SHA512 275202a5cf685abcb05ac910b9492cb040ae698c57eebb45942025dc0514dd0c2d1172b09002637e13ad9d02175c00c61aa4032e534596be94ac157d5fdd1755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5e6f2183de1b53349db2840e73c5211
SHA1 f3086fed02b73e743b5ad9895853f7c9c51755c0
SHA256 da06c417b9df655cce1e962dc5013f41f9ffafb07fecb9b781c109cc4b5857a7
SHA512 b68639424082eaa6f3ee09af5235933cdb7bcf7a4e6090d188475bba7907a35e8bdc603854ca0558bccbb8c9de29f3fcc50dc3f3c18cf81958d86fe4064cec93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aaeb2c7b1555d60a7205193205a00300
SHA1 bbf0e56e874545987099598236c2b4dc74b2fd3f
SHA256 b4bfb00dca6b4211455b67727b599291671c358b12948b8f9c145dea6c6d2cda
SHA512 016c9812caf36d444fd02e494b72c9db8603efbdf2b93fe690f2c008bb0cb7bb963dc96bae9e9e662062efd55e647726497edb26504888a6a4e26e873c92f4a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f046b32b0a5b056fa0d409c8787d15ce
SHA1 ccbdfea6ad7f6d6df8b6e96bda44b981800e50b2
SHA256 c84d653ea5165bb1787c5fa9bcc96840faa1ce475c13445be466755dd4f73f7f
SHA512 66e433876a868fb5c388f09e8f3c527126fbcccfeb4beff3b7265c73ddda58a62cab1db9a0097fe1384d75901b113ed3343c9036afdd3e9f80c85e1cccbf6b45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b73e4a22b9b3b83cd71ed26a1c477acf
SHA1 e7c668fc323d99c5c3cb0ab44e8fec387da79d16
SHA256 633be557de4a4da8c60a4616227146ca78b215d3f0c774fbf1f21a883a541ce2
SHA512 0bae33c019515131f28079acf9ab2cf7e385b8d4e14a85111a1f93e3662d9931b3a968d793e7df4d2ae2b3c812c0ca31a1e92d8d660486fa18a570dd3c2283d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e1e499570fc54148e5a2e7e7e02864f
SHA1 acc9f44950e65639502d8e122fd60e47770b2bcc
SHA256 ef7709171aec1bfc48b7a4c757302a9d6aad0d04cd2e3554efdaa69b27b2df5c
SHA512 b003400f02d6042e0ef8f9a1b83b3f193e3dfa6afd48e98d475a61b62a24deeef6d4d6661f742e7256d80a3651c3b2f9d8d77c812ddec12e1d91efa83243911a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e69e5a3fc6932a381e5d1e96505eff9a
SHA1 ed56013606c1944d52339e3e967d0b317f5f7072
SHA256 711f9c60e03a63da64b53823c29c3221f9f785a5412f1c5c38e34c6f708fb3a6
SHA512 89656b2421364ba247ce749ae4e939e3da9c337289aa051549bb5cd487285dedcb8dc5d3fafc6a60f178a1076e64ea5d01818981fb7b4e5f7abfce3a8a454874

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51bdc275f39ac6f2819e51c0e8bfb9b4
SHA1 78cd2f506e4ac07f717f1005a34aec0e07038c83
SHA256 7ae1f004bbab96e038fc8f9714354bf288ba63edc8eb7d4757dea84275fb861d
SHA512 af2ad47b4f82cb74c86928ae72e584540337b70c9141f99fe05eef103e086fd3306e44c93a8dcdfb497aa2dcdbbf626e64bacd9b82a5346f1d7e8c67612d273b

C:\Users\Admin\Downloads\archive.zip.crdownload

MD5 cadb5c84617192ea74977784cad67434
SHA1 244034478c1e500408c04767761a1635a6b2bd43
SHA256 3c592941a25fb5e83fc38f4cee3d8092c8b7f7229c3897a8fa03f5e5012e3465
SHA512 1d108fdc032c63eb79340d6ca8603cd0bb46ec092e63da212d059dd312bd21e0d4818c396755cbc342d6622fbe8acb22a29faf1d7938992a8080f780e169ad99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b2b26d06e22981a2404ff1472aaadc9
SHA1 6aef9e5cc3f1b5d107b0970cdc6b02398eb89021
SHA256 04ffb2b6074435bc5effd26eee676ddfb2f4cb5e2281b437775b0526d3c1963e
SHA512 a993463868507598502d887fbe8a4498062483920a24452d4c4ed890c1648b539f6fd483a45569cf153ae8081d75b4d0494c48774616aeb12de211c75b9b915e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9905588f9f0e73f77f18801b6f664dee
SHA1 ec61d12c416064b54fbc3512f0c4be3a2c7f8b8b
SHA256 3b43139a7c7d9c2de4875b66f06b26258bb625d35b3d1c379b63d48eb05cf61a
SHA512 52ce6b6598e005dd0ad17d5d99143e467a576a4359d48605d386bcd646ab4c6352aadf7da58c16e00905dbc1c24f5604f9de63a649b435b7becdb3439778de7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0e8552cba6d80a551d758d92f46f142
SHA1 ae35a710f83f28312d466c99fe1249ad930d8371
SHA256 eab2588ee4e1f1b895612107ce72f9f7a48ba78fa8041c4ccdfae0a0efea86ad
SHA512 26ab650de1b43c5e889f3eb9e8b9e060e5d13f1a0077be7676d9503909fbac200900689d6f4323933179e51b1e1fd58012876aa92a95330cd1f1f33aec2402d5

memory/3856-754-0x0000000000400000-0x0000000000483000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tdj24C6.tmp

MD5 685f1cbd4af30a1d0c25f252d399a666
SHA1 6a1b978f5e6150b88c8634146f1406ed97d2f134
SHA256 0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA512 6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

memory/3856-760-0x0000000002290000-0x0000000002303000-memory.dmp

memory/3856-762-0x0000000002290000-0x0000000002303000-memory.dmp

memory/3856-766-0x0000000002290000-0x0000000002303000-memory.dmp

memory/3856-765-0x0000000000400000-0x0000000000483000-memory.dmp

memory/1768-767-0x000000001C1E0000-0x000000001C6AE000-memory.dmp

memory/1768-768-0x000000001BBD0000-0x000000001BC6C000-memory.dmp

memory/1768-769-0x00000000014B0000-0x00000000014B8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59d9cf7d2d4ce27744dec14134917fb1
SHA1 ae7c6b28c079035e1f1f6f2a574fd4ca8c7275b0
SHA256 518ab5c3349ed334a5047d52d19a2fa2e0156144ad000f350e323045291cb90e
SHA512 a2d43b147e103196b24f8e8cf9ec8a64b76218ff0ea96f576f59816501be977296f0ff5e547d4a52e02679ea120d11357639c13437882bbb62e8efafc809998f

memory/1768-779-0x000000001D1D0000-0x000000001D232000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 58c177ca665290d5565fa35fc3d9342b
SHA1 6fe8c5ec798a357cc2083b0ccc9cd98a4980a0af
SHA256 19a0403a085e827bebc980c3aebbc1ece0d56d15fd65ddf349d72998eafa73d4
SHA512 ad3db03d98469e7dc8efa0db9b7d9d3b6b65fadcf39d9410bbcbe72d0d3ded234893fd5d18d90364dcf25fb02e80443387cc6713e6abd74f60653240a5d6e1e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f50c7ad337e4cbf12b7de64f969bbe6
SHA1 b1a8bbbc9688dc14c778febf67955431d9899631
SHA256 e622e7f7643380cbb9f93abd76f12bbc154f4c0dc224d630ef886ae3de167261
SHA512 3cddc872226a4cce25833354ee814b1be64a60fd5338f0cb7e40df078b66666a89d1ed55d7427492a664f51ab03ac629afc887283e48e1937b2ad33d9bc9ab68

memory/1756-800-0x000000001BD20000-0x000000001BDC6000-memory.dmp

memory/1756-801-0x000000001CB00000-0x000000001CB4C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e10c8ec171e4fdb21a2105691b593f75
SHA1 d6f3e4a5c80759a774e87e5eb71d29e3014fe8f1
SHA256 51ad0495094e8bd876b56ec6de02aafac70794f4885cda3e3dc7212898e10ac0
SHA512 6c3a4792f82cf7b6549a148527466a795739a04f5bfab9a5e7b58f188ae15ddef2a8585b5c771f210e21ed227a47c0ee44079430ed305b6f37e5b9f78a93127b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c5f452d5a4ad85c4127afa52eebda0f
SHA1 24608f8150e40af32555d1958736e8120e7f81e8
SHA256 e6ea47fbfd14b11664afc584cc8c4e7f4cdc4bb4fab6df8002e9260ab825c24d
SHA512 1bafd10593c26a4df94346c61960531391a8a82183cfbd0ac08985d2f4b45f2cc643aa606adaab933f02c40b5708b86469d928908807cb67dc8637fd73a27cb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2472ddfa086ecbd2195a23ea263c681
SHA1 96353c8d19512235b908d86952c2c4cd63ddf519
SHA256 478acd3856ca05ff58e93e80d4f7ccd302d3eb389658cd79d31ad7be3521e3a1
SHA512 00dd47a34e3fede95aee14609c0e7b3cb525cdf63aaa68bb50c48590188d0b9862b9dafca2271e16269d95caac0c9f35ea37d859639defe6241e39197325ad47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42598418df9a3b9db68efacccc901fc8
SHA1 3611f981148d06d3a944578669de85dd9ff12741
SHA256 73e37bf19dc51418e31e7d6d317cb2afe3c0d744a355bb64caf304b93bfc0d88
SHA512 d2123c534a0566ccd02f207f41e4eb8559139c3afdc7985bf62520dcfa1287ae3dcef76f8c465937895db916980414c35d799561468334beb949d79d9254daaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 71df5f3c548f83f86031f36cd04e941e
SHA1 6eb070c87033fb1f3943027d611e3b7a6b2ea7c0
SHA256 839ed7f108bc8a326460f1769e5b46728d8accace8866d5e43b47a93c5ebf4a8
SHA512 40f96ae72c11a305475ce2523784570e4a6350c1949c4a1a032c486f0d4fd2a175aa7b0d82f3dd57f3660f24844d7a3fe0830b5965ae507b0999c3abcc53417a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3009ee640f2ab77a0573c3e113c0918f
SHA1 caad5c9174e8a552e5d5753aa06441cbe818b7cf
SHA256 e45463f6206eda1857a3394b4cd80b00db9215c2a9190d4fe5a606276573e740
SHA512 a3681bcfd82a2fc52b63e67225330c527b817cf3346c364a88362e092b8275bb01c3adc257cd0e03e95c4fca5f6c047597f481ad4a72e5bc45beb9986449f325

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 1b52b6f5b33e9276489b7d1a16ad834c
SHA1 999d3d713fba3698bcf922a61474f9119818e60b
SHA256 5bdac04c1a260e5aac4bfb9e169d4d8077839eacae8497a851b2222b441b7bf3
SHA512 b2c427c5724b11efb647f6467ff114d72bd6c67d3decd5e6def6d31f04f53fc1a812a02edefeaa660ebcc9ac179ec2352b36d9ebbb5af83edb73e8860d306496

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 788872a6429e69b9d69ac557dc465984
SHA1 3fa37718b9a5a315b28c53951f24b70375c9f8c4
SHA256 c2172a2f898a1de89d38b4ee63f1d364b2620de5c9005f7414b6f45776f2057c
SHA512 3aaed7979c76a4cc208d5c8a20d802e8f84b603c227c89a392bc28aec081e7838ed3eebf8accc2954edb0e233b8e547bbec8c8fda3a93e9a565c05d9d36448e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ef6689ef3c71a6044209ad68b7702ad
SHA1 03916431546a6b1559d84057e6d5ca52dde9dc3f
SHA256 8bfdf86220255043002c0de8e59c32c5e4340277d143f206f339cd4a7cac6775
SHA512 38b730197040f4cdd26bce165451c01a6705f57376269a7d5b696b229a191d76d407bdb3d36925fc44be51c9238c0db915a68eb008d60567a0adcfc2a87caf46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa2bb8af73c0749471385f1dc928787b
SHA1 cd78fe97763c543202f6be59875470f1fbd32967
SHA256 2ba6b1091e92463eaa40e73f5cb176ba56d54d029d4253d32ff2d2c9c07bc709
SHA512 b67b5f4aa27f1dfae6d709d49e20b38a3c8b3726a0365b42c93a08f78b06f3e4812aeb5f831a6299b3ce1d21b2c56e725165008e926bcfb46d54afc68bf6745a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a83c68b444dbb9371fed6697e6b22082
SHA1 68767e7a1b7af9e6284b4c7d1e65b872e483ab9a
SHA256 b8349ff4b4fe787ae77ce1ff401834247738ac36f661d9658ebad388edbc0f5d
SHA512 317d70c38be6021567324c053d4f24ca48eb3308e8177ca017af86cec9c8cf8417d7fad352a9a40295a120a4c7b15aa8547a9ccf458207b623d7d180f6dfc9d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 206dcc6779dd6c0ce947d70ee10cb7ad
SHA1 cfb2acbc02e260a192094996b89af3568fd10ac8
SHA256 6690d4219e91e2d5948f3377b54297c7f0f8c9c1b984be654042d2e57f78a29d
SHA512 99bcffc54e8c96e89ceffc6b4a30bf07ff30ff4f374e540d7cf0864806f2ea1cf616fdb082f0508b34ed215385c9c6dd10dfde3146852fe71885d0177b61e71a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd3155522e33faf0da06bd7e0070904c
SHA1 b788ea39994929974718c317ab2deaad536fc9ca
SHA256 aec71c6d21b36eb8af56486170eaa7ad32dfe9ccf4ee6694a21ee551072370f6
SHA512 15e2f1a86d60c078e31e6a19464a3e85f8de677f5e43f6d7544b98b38fcb649a7b211a1c43aa7dac535adf586d602a5cbb49e8d14beb2c3af86c5edb94cc651b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb9db51514f07ef871d06219329b1b9a
SHA1 e1ff56c9859ecded84ad34d1400275f85fd444d0
SHA256 1ea063cb22d00c10fe0c7a874c379d98042b1c4e3e0c6a1fd2d758e7ec0b06bf
SHA512 c205c1e9ca2da9ae1aae3bd49da4f37ef0a51a8a74f31f4f4e41c150325520f310ff897853b9291fddfe6fb2288dae52c2de8af8124e65c45e75b6b260f57083

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5bdd49c451c65c81_0

MD5 e8f359fe249d66fe5b13aea3d87d9fdd
SHA1 31f1ede5d9ff7d14d723eca00d6a13a69cb46a94
SHA256 8c885801d6569d9a619a5fa292f9225f3cb6385745a0ef299308b24838485c35
SHA512 e4f0fce7b1a22096b2a729dfbec5ff62cfc1c91037c5ae6fb20a405ff9a9cdbef2523409c7d10ae14c53c039f86b214cd88002d280f4d49d109da6cde40b58cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aaaccf5f18c4c8ce_0

MD5 5ecbfd128175aae751cc517e43715ffb
SHA1 dc99009315fd51f0dd07681166b503db57f6bd1c
SHA256 254c5fad8344e57e5caf0ef712628afb89d4938a709df06e4ae2eb404054766a
SHA512 551f12ecab37a2ed20d2d36a5f4c3fd6fdfd5cf35008b1e2447feb88cdff5fda0e9a6f3ae6c6c39c0478f8aed7a1777d6e666f211be16c62c7c0a56190f23ed7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae3bdb0e78872114_0

MD5 a11a8182bd65540934fb02ad2217336f
SHA1 6a8de0d7db4e23930191fcb19c998e85093d0658
SHA256 66689d76bb156aedcfe886354f4cda48725c2c4443f7184171fcb8094a8d63ad
SHA512 2d28b0eaeac8fa5f35d09d07d4020cf82131a89e97c0642200cc534c4aec37f6da627f65c0625969eb81cf7e0b376ada62b3d2db88254f83bd4b0af74e0c638b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\97561f3d43cbb73a_0

MD5 21fd1648f51c5bc583d2cd83bf96ff6e
SHA1 78b1e4bc89f8b2646c39dca8cc197274145858ec
SHA256 b1c8b94aaaf70b9e40111107355245beff02ac856fa547561d5d4c373a156030
SHA512 9e652dccddbb48c6a914aaa758436659f645dd8f910f8cbba3a5c622dbc73aae29281895b70682284ef7b3f075bce35efb95fcc8908b13ac6c3ef655e8331324

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f03846983672b656_0

MD5 337b7ae97cd40f08ae07387f170e2445
SHA1 261aba522bff6327f772f66b3a822a93cfbd1d48
SHA256 d5c074ffacf9ebda21e97c0ec36a83e946bfeb1cd372788a0780506da185f603
SHA512 4a7615a7757bc782e84f3377d55d929ba272c42949922934a4c4d7261dc2e0c7c5cba6540dde44a517a3b5f03ae89ccd7df82b995e0934fbbd96df0d118615ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1790eb9fb1a918f0d39d23ab2665b57
SHA1 d84f80b1869642b165e8f1ebaeb66773e88a6b77
SHA256 9fba889e7dc0a2a55f18dab93716d4d2e3486f5dab21e9d95e8de62a4ef25afb
SHA512 6e0ad0f529cc8886f546bae8f1e1ca733134a956983a141c0be534a77d581eb0f765bf888fe5adcececaa032582eee65e5171e1293eb3b0db6d3cf4124b1f223

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 73feef95a68273e7f1b9f371ea7d7b71
SHA1 d087ffd041b33e4aaafdd48ebab2e7f7b8cdeaa0
SHA256 c5027276fe055d57e0ad464283f19094516c870db85eb9b8faff57417de3bc4e
SHA512 41c60b16bc321259c357b5858f1a496b7f4ddf132bc619b2aee6310e3116a65225d8e32d8a8ff6842168168821aca8b98656d22c2ef4391861a889ebba124208

C:\Users\Admin\Downloads\Unconfirmed 277832.crdownload

MD5 9c352d2ce0c0bdc40c72f52ce3480577
SHA1 bd4c956186f33c92eb4469f7e5675510d0790e99
SHA256 d7e6580054525d3f21f86edfc9f30b7a75ffa829a1eb67ee3cab33f0040dba4e
SHA512 c1926d59272df0e049467f4497bcc3631bbc1aa5337e87f4af31bfdba60c9ef460e394380024ffa7e71fef8938761d48d75e9dc93dc7529d2b9c8c638dddae92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df1b5e0d9818839fe241c6413329f221
SHA1 a330d13e2eb509b792f74cedc283a7788b58d7ed
SHA256 63bbad5ba7f70bbfcdc7f81ff1d4e37dbf77c6d652b009ad860e6095aa407de0
SHA512 16a6cc47ea6cfd31d644776be06a5b0d20781a4db9474feb3d5ba9c2661cc885f254361dbf35cc93f4d7e08df2dffeea59afe1c8d54f8023a538c6475de5ac0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b72a3dafee43cee02adb554d1e4625ab
SHA1 1096a972cbe7bb8c1085e7e6a3c8547c6102f3ea
SHA256 ba2569bbea570c88879d43bffda8f57f5c218b8584f85344ec0541118c4494c6
SHA512 c4bf4690ac0fbac2f19b85cf39c9f199b7795331a099365fc23ce7d86d275e6d67237d4d92085c7c61938bb7a7f1b5d4a323818fe23cd143e9de4753d1d117e0

C:\Users\Admin\AppData\Local\Temp\KillAgent.bat

MD5 ea7df060b402326b4305241f21f39736
SHA1 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256 e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA512 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e49b04034139b1dd1e582dafe801c6eb
SHA1 e2fe768ebbf8898a954fe5038b9934fe36058a05
SHA256 a1c7f72224db2d87b738c166256a242e9c1919ec1a7c2a042b6671f306b3ef99
SHA512 ce18f4a015f284b7bf522ce4adc553d008b322a8b640cdc479d55b3f5fdd1347e09c2bbe316244b0a8bfd8d00d0ad5f5ef34cebf9ba042673cb7d4ded3d20426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1be5514118d15e73e1d6ba621b0e99bb
SHA1 1464b7dab362fd5844d4e2ca4371e220b75d4c68
SHA256 8f0470d272c0aa3a97432dd978f0b28716172dbf06dcf8e98f732ad95a933696
SHA512 73820ba631ae5e0d088802e73bdb19bee74b40f1f01d8278383b6e54337bf66369ce7f9610c224f4467935f27e1ea1b4f9fb95fc950ded9c41746301658df826

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69801aa67d425ac0c1ab195d7f8bc94f
SHA1 10ab975e028c83d0049d691b1b3acf35a5b445fb
SHA256 3a3fdbc95f1eae871a4b317bd5d6165c3be91283f7b716619655237eb7b88492
SHA512 8dd15eaf3f1806e429c33effc479a2001f73248f5556f9c8d44c314907361e46f748c0ba09c23deeb2e622542199b417ffa33ff6ce9dc470b1f8f6b641a0f7b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b038bda081100f9dd4219fba97ab6df9
SHA1 2aff7ffac167a191ee3db703fdc1a0400c698ec7
SHA256 e45b2bc0eaa02415265ce58511b428d04bbac192c61de505eb1e414df2ea9484
SHA512 ade66c232067f5b29d374892004134b3041ee5d47102ac8c162f1d5981e749ac7aaba7a748c077eb2c7c2cd392d52171a90123722ba73a3f70efcfd43343f688

C:\Users\Admin\Downloads\Fake GoldenEye.zip

MD5 aa2e334155a24a215b5d7bb1c89257be
SHA1 eee940069b326efcabd26d8f2c58e9d15ba7d542
SHA256 874b6d641cd7bf6d0e069ecebed26ac33d22dee73780c471e54b6877ae9bfa11
SHA512 0addc3ef59bfbf2482feacb1062457b180e6fe3c010b3463e8b33d090bc1eaae453175885ee8b7269f03e7ae77e24e1fb3ca4a160a16774eec6f503a56b96c4e

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 892ea1f62bbf8386d569e8c060ca1362
SHA1 df6ef1fd5e538faa8c7976a38b75d632645bc6d7
SHA256 161629de70378883ca78cb8a45542a5f33dfb6e0a9e9d3f39a10e9d546e378f8
SHA512 996434d2ce1ea6393edde9efe02c50379352d5e252033a28ab876ccbcacebab811488f751c5550244a3b8663125e3a2f8231dca07ae0b3500c22abbc43af8340

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b942eac2797c311f97907378e6a4a422
SHA1 d0f978a09532a5050857d0074e7677da220db574
SHA256 91e1af344623819a90e012810ecab09a63bc052ac4018e9d6afd58012703e3a6
SHA512 82ad002c9718e5bd6a60d9b0aae4d70f0e3f9aa7ed9dcbdddc404edb7ccd9d1ec90cd559e5f7392239738c6833afb080100648adffb9c7680cbf42ee4db2137a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18bdee30ff592179e97278184d8ec33f
SHA1 8c8d07d4fdb01310549fd4f7915626afbf3ae866
SHA256 cdbc7c398a5811ce41266fbecf60e19f49e00c1275afb1920f9b77c284aa91ef
SHA512 cdfdedc10be87f72cdc8a6b364056bdbbfd1ae33b7baca67c3f03915d0108e203723a1ebfc73926dbb3dabec3924266a9d9c561b49e2a79df4b737f5c77db4c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5aafb47688344b1c0bd4cc151be5b027
SHA1 8c993ee282754d00d7abfddfc86e2dd3bd8e1313
SHA256 7020aa068c9a0ba6100d4dea321347c3ac3ac04e08933b8753953123ad45c9d3
SHA512 8c3e016ac57cd33ba6537e100864f211d4d5b5480d5863d070423896f8572a5907b78d87d0a47ac4e0ceb02df5d649b84885beb1bea0b03d011b1c4a375239d8

memory/3860-1708-0x0000000003550000-0x0000000003551000-memory.dmp

memory/780-1711-0x0000017FF9980000-0x0000017FF9A80000-memory.dmp

memory/780-1714-0x0000017FFA9C0000-0x0000017FFA9E0000-memory.dmp

memory/780-1723-0x0000017FFA980000-0x0000017FFA9A0000-memory.dmp

memory/780-1728-0x0000017FFAD90000-0x0000017FFADB0000-memory.dmp

memory/780-1709-0x0000017FF9980000-0x0000017FF9A80000-memory.dmp

memory/780-1710-0x0000017FF9980000-0x0000017FF9A80000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727705487425224.txt

MD5 c6385374ad834327fa2a29995c2d226e
SHA1 748f69602b181730b6aecacd7f71dc981fc89c56
SHA256 63024060c3d559d57ff841833266c0087c9b7f7f052a37e6f78f3775374f57a9
SHA512 ce43480a82f6175ad6f7d49adb6404bef86d46cf88027c11647e0f5c9f36f1d46a2ee42c7d81e2a5db8af5ebcb2f8eb0e7bceda3438cb6bfab574012afaf4d0a

memory/3852-1864-0x00000000040E0000-0x00000000040E1000-memory.dmp

memory/4188-1868-0x0000025966500000-0x0000025966600000-memory.dmp

memory/4188-1871-0x0000025967660000-0x0000025967680000-memory.dmp

memory/4188-1867-0x0000025966500000-0x0000025966600000-memory.dmp

memory/4188-1866-0x0000025966500000-0x0000025966600000-memory.dmp

memory/4188-1893-0x0000025967620000-0x0000025967640000-memory.dmp

memory/4188-1902-0x0000025967A20000-0x0000025967A40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\9V1S48VT\microsoft.windows[1].xml

MD5 98b1dad1a67b6bf36917dfd796c7bb21
SHA1 1d2531a422067e26edfb597d5867a460825fb6ca
SHA256 1cbca2471a6fa64edf22436b5bdc8ff42dec923742f453dd7a43e2b0a7903060
SHA512 dced526f0253d39eaae237ead391cd3e27d4fc13b052d1d8db8d3d34540e829e46c36c97e78136965672c3050ff6761bd079b6c76fe00efae2f2fb0480c4f719

memory/2964-2006-0x0000000004000000-0x0000000004001000-memory.dmp

memory/2460-2007-0x0000022788600000-0x0000022788700000-memory.dmp

memory/2460-2012-0x00000227894F0000-0x0000022789510000-memory.dmp

memory/2460-2027-0x0000022789AC0000-0x0000022789AE0000-memory.dmp

memory/2460-2014-0x00000227894B0000-0x00000227894D0000-memory.dmp

memory/5616-2148-0x0000000003EF0000-0x0000000003EF1000-memory.dmp

memory/6020-2151-0x000001C8C7300000-0x000001C8C7400000-memory.dmp

memory/6020-2155-0x000001C8C8620000-0x000001C8C8640000-memory.dmp

memory/6020-2176-0x000001C8C83E0000-0x000001C8C8400000-memory.dmp

memory/6020-2186-0x000001C8C89F0000-0x000001C8C8A10000-memory.dmp

memory/6020-2150-0x000001C8C7300000-0x000001C8C7400000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66521bec2109e8831c1c8ca619d63764
SHA1 8a8694d160c19aeb5749ead20297a8ab0d5bd280
SHA256 4abfe9ff38535f5da5251001db3a34edd7624ca9a3027ec317b6470e050144f8
SHA512 a7d46116420cf28f4dc6ea0420b6daaf7553e721174d1168f095e11aac175b8ae8890910afc30feba58887240a6139d59c6d6d5c55377b5f1d0377a5d4c12849

memory/4100-2292-0x00000000033E0000-0x00000000033E1000-memory.dmp

memory/4172-2298-0x0000020D86D00000-0x0000020D86D20000-memory.dmp

memory/4172-2328-0x0000020D869B0000-0x0000020D869D0000-memory.dmp

memory/4172-2329-0x0000020D870C0000-0x0000020D870E0000-memory.dmp

memory/4188-2429-0x0000000002D70000-0x0000000002D71000-memory.dmp

memory/4432-2432-0x000001B2EA900000-0x000001B2EAA00000-memory.dmp

memory/4432-2436-0x000001B2EB9B0000-0x000001B2EB9D0000-memory.dmp

memory/4432-2431-0x000001B2EA900000-0x000001B2EAA00000-memory.dmp

memory/4432-2467-0x000001B2EBD80000-0x000001B2EBDA0000-memory.dmp

memory/4432-2466-0x000001B2EB970000-0x000001B2EB990000-memory.dmp

memory/2204-2572-0x0000000003410000-0x0000000003411000-memory.dmp

memory/4736-2575-0x0000023522500000-0x0000023522600000-memory.dmp

memory/4736-2578-0x00000235235C0000-0x00000235235E0000-memory.dmp

memory/4736-2573-0x0000023522500000-0x0000023522600000-memory.dmp

memory/4736-2609-0x0000023523990000-0x00000235239B0000-memory.dmp

memory/4736-2608-0x0000023523580000-0x00000235235A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2bb656b50b1ddf8594245b8349362b34
SHA1 80f12ff26c0ab2544a83d7ae13cc05dff7998676
SHA256 2d7ceab2c9074c199e0a1bec588efa20237e6468bffea4cbb7e182ecbb44ac18
SHA512 67d4d071b8a667ccec870d531b42e5aa76a8716b4d41d065cb1d0030e61303b8c6c40126a65adcf963c8b086d5ea7030fd603f54b711fe4a98226f50f2fb3947

memory/5168-2718-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

memory/5920-2725-0x000002A17B6D0000-0x000002A17B6F0000-memory.dmp

memory/5920-2727-0x000002A17BCE0000-0x000002A17BD00000-memory.dmp

memory/5920-2724-0x000002A17B710000-0x000002A17B730000-memory.dmp

memory/972-2835-0x00000000031B0000-0x00000000031B1000-memory.dmp

memory/6088-2838-0x000002095AC40000-0x000002095AD40000-memory.dmp

memory/6088-2842-0x000002095BD90000-0x000002095BDB0000-memory.dmp

memory/6088-2837-0x000002095AC40000-0x000002095AD40000-memory.dmp

memory/6088-2872-0x000002095BD50000-0x000002095BD70000-memory.dmp

memory/6088-2873-0x000002095C160000-0x000002095C180000-memory.dmp

memory/2132-2978-0x0000000004B40000-0x0000000004B41000-memory.dmp

memory/5568-2980-0x0000019B09F40000-0x0000019B0A040000-memory.dmp

memory/5568-2984-0x0000019B0ACA0000-0x0000019B0ACC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 982428ad3d01327691a94548ab22b9ec
SHA1 2bd7d25dcd794806f45cae59bd52f42f8f22e538
SHA256 49fb8992da66fb6656d0c76bf9b28b4570f93aad39af589a9e1b3725a1403c18
SHA512 50e62d5f729b2eec641eba7eb33d6c7d38573a96ed0e867b4086d5cfcce6320e071fb99dc84de54240b1a2f5f0a72960e6c783a2772bb737f4da92320164d880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 134cf09c4d990221075ee5d66ada9ca7
SHA1 ae8794631bbf78b755408ac431e2f09ac344fc29
SHA256 841ff57fc36d9959b94114e8e9354aa9c50cf67c5efddceb483824d2a77d93e3
SHA512 5b7a9b5683c52ea244036b9ea9fb44babb27f469aca02be9680da8b45fdd26f26dbb02375bee4ab5d6ac7c00375ff886055c4026a0f3567a87dee0a39c73eb9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77d4d0bd2848a0d263f25ed37182f7a4
SHA1 04978ee36d71bdbf9a698c9dffe8a9d439771045
SHA256 a988ca6c8b6c24345822897a8894ca9cc8ea3baeb89fcecb1c7455e8295c2628
SHA512 abbe4606c28653d83b5856f89559abd47c7442d43a16d6d2d0c9ad410f49175d0108cb418ef46ef53a9fb5bc5d043e027167af4147e2a7d32bb135a55569698c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81a421ee9fd15d5e4f6c3f3f3258e1e1
SHA1 afe80dcd80b137d7e3c96c43270dd8bccc425b7a
SHA256 698a48be499157f6d3f375faa0a0dd28b3428292dc6fca0cbf319eaa13778a8b
SHA512 989e8599964a7bed44b7247b02fc7aba08fd781ae7fdede1a66e9025aa2c77dbb5a5c0af7f79aadf1b4616aa7d31be777ced19f0f6207e55ec84a96b033a9bc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 30aee57eec08c5cce73830f9fd9663f9
SHA1 d02d3a4730f63a6f4949d44bf06210dc34b0b5f4
SHA256 e2552fe318f1b7f324942ce2c7f0fdc72666b6eb07a3b046c31fcabad3b448ac
SHA512 6a508ab6fd0bf001412a129284a9ff1cf12261161d8bf948476d92bb2d186f5efe16254a5d892cd31cf228059a1d84c1b42bf722b73ae2094c27aaa30045b9c9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

MD5 0e2a09c8b94747fa78ec836b5711c0c0
SHA1 92495421ad887f27f53784c470884802797025ad
SHA256 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA512 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel

MD5 fb5f8866e1f4c9c1c7f4d377934ff4b2
SHA1 d0a329e387fb7bcba205364938417a67dbb4118a
SHA256 1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170
SHA512 0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eddf77ec1ab8951fa6381d1695217434
SHA1 3ae437795c7e8270fcaa52634d82add74beab932
SHA256 0e9d9e1c209963af1f71ac73e1880763f277b973c5115e318732078da38f470f
SHA512 598995c97bae4d58b4aff677b0011157c2d05654bae5ebb74135dc9123d27722188574e6c78dcdb0ea1d6cafac7740b674f50415200d9486667fe0a2223474da