Malware Analysis Report

2024-12-07 14:32

Sample ID 241016-wvx3qstgma
Target https://dashboard.blooket.com/my-sets
Tags
bootkit discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://dashboard.blooket.com/my-sets was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence

Downloads MZ/PE file

Manipulates Digital Signatures

Executes dropped EXE

Checks computer location settings

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:15

Reported

2024-10-16 18:22

Platform

win10v2004-20241007-en

Max time kernel

408s

Max time network

418s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dashboard.blooket.com/my-sets

Signatures

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" C:\Windows\SysWOW64\certutil.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" C:\Windows\SysWOW64\certutil.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL" C:\Windows\SysWOW64\certutil.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\EternalBlue.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\EternalBlue.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\EternalBlue.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\EternalBlue.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\certutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ARP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\certutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ARP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\control.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133735761484452201" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\SysWOW64\calc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\SysWOW64\calc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MaxPos1280x720x96(1).x = "4294967295" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\SysWOW64\calc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000640000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\SysWOW64\control.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\SysWOW64\calc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).right = "668" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3460 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 3940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dashboard.blooket.com/my-sets

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd1d1cc40,0x7ffbd1d1cc4c,0x7ffbd1d1cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1728,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5100,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5204,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5372,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5340,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5516,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5044,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4952,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4956,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5872 /prefetch:8

C:\Users\Admin\Downloads\EternalBlue.exe

"C:\Users\Admin\Downloads\EternalBlue.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" takeown /f "C:\Windows\System32\ " & icacls "C:\Windows\System32\ " /grant %username%:F /T

C:\Windows\SysWOW64\wscript.exe

"C:\Windows\System32\wscript.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x49c 0x4c0

C:\Windows\SysWOW64\cscript.exe

"C:\Windows\System32\cscript.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4768,i,6337279751492265550,15972961968614701437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8

C:\Windows\SysWOW64\certutil.exe

"C:\Windows\System32\certutil.exe"

C:\Windows\SysWOW64\ARP.EXE

"C:\Windows\System32\ARP.EXE"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\ARP.EXE

"C:\Windows\System32\ARP.EXE"

C:\Windows\SysWOW64\cscript.exe

"C:\Windows\System32\cscript.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\cscript.exe

"C:\Windows\System32\cscript.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\wscript.exe

"C:\Windows\System32\wscript.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\certutil.exe

"C:\Windows\System32\certutil.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 dashboard.blooket.com udp
US 34.120.37.181:443 dashboard.blooket.com tcp
US 8.8.8.8:53 res.cloudinary.com udp
US 8.8.8.8:53 ac.blooket.com udp
US 34.120.190.171:443 ac.blooket.com tcp
US 34.120.190.171:443 ac.blooket.com tcp
US 104.17.201.1:443 res.cloudinary.com tcp
US 8.8.8.8:53 181.37.120.34.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 171.190.120.34.in-addr.arpa udp
US 8.8.8.8:53 1.201.17.104.in-addr.arpa udp
US 34.120.37.181:443 dashboard.blooket.com udp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.192.176:443 js.stripe.com tcp
US 34.120.190.171:443 ac.blooket.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 176.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 id.blooket.com udp
US 8.8.8.8:53 s.blooket.com udp
US 34.120.37.181:443 id.blooket.com tcp
US 34.149.18.126:443 s.blooket.com tcp
US 34.120.190.171:443 ac.blooket.com udp
US 34.149.18.126:443 s.blooket.com udp
N/A 224.0.0.251:5353 udp
US 34.120.37.181:443 id.blooket.com udp
US 8.8.8.8:53 126.18.149.34.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:443 google.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:443 google.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

\??\pipe\crashpad_3460_QPMRBKBCKNHWKHHL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 1585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1 aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA256 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA512 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 877a63e080c9bf4c78898909a876d56d
SHA1 5624e98cf0e7e3bacf874164f8f2e4548043eb5f
SHA256 dead14083edbbdfe8c58f42e69ede7462f89ae99d79ae181ede27ad9f9aed865
SHA512 4d469b7dcad226664b5bc19dd4bbe729cb5ba5abc85c8f95974b323943f1cae7022921c5b5a8f78aa9439285204f36da2cc918becb463ceab3c365d6992b58eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8758e4bcba1d715c46ef363296c3929b
SHA1 7652c95801125f36d5af133ad785059592c27a3b
SHA256 315d3aa36a79095a90a3ced68a4eab97916c9af89922dab8f4ce5b58b2865253
SHA512 2b1c065f205a7e5b832c7d143cdbe948830b8b164ac16ffd0cb2feca0e08504246f4d1fba84b1464a689250b43a0c15ba47d46e4d69c0e1b224e34f7bdc648f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5867ae90cb744993be328b4575cc973c
SHA1 fda6da783f2bd2d5228eeb048d7c97d955801eab
SHA256 e5d2696985de185595e2cc6b300fdbea6f1f9a943f8fd43cb3e2a0f9d660d51d
SHA512 5fcd1e9466f83c7d1a846969175f618aab084d583afe309b1ce4f88d49342a6c35f219f64a5b2430d6556aad382215370090cf8a0ce32ec0c314cc450ab71f24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e01d4d5f7a13a5a3c4adce865b78e1a9
SHA1 5523d07d1977c33a5a5aac9813c5043b7229d68e
SHA256 4a10387dad5fef218a520763809673cf6a7443481e39f3a96726f554b67fd568
SHA512 37e72df6da3d2e7afb9c42d2e78abe532496bb2466f93db6c0c1adb876dd5f432687b02fd7d8b29feb21c905dbfdfc27647881a20eb41f05395eba060e25381a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77b7ef8464f55ecb533b97dfc7254023
SHA1 d33934f3dba905590aeb2884997af7b6ef29a0ea
SHA256 0da8b946b2874f5d5ceb9be33a9ba5fc634945aacc66851568854d19dcc8d44f
SHA512 62445275f300c552fb6d890b32ccaccf8ce4a0c7501baa3b1694ebf6e40945d580cafdcf28a9b8cc60b4a4534521f73255cac71077c2fc9ea5f9ff031680c144

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0b19e34c296163e5e6bd830e1c4d09c
SHA1 1b2fb2685d81587ce46930d6b2fb5d78dc76c864
SHA256 1a6f5bc28c8158207185bf79956eec81d62be0b5caf45f72e252cb2af369b304
SHA512 7f3bbe1fdd623768a18341db38b7cf1ad14a10d3fd1150a961de6a1c7fcd0458424c177a91ee558ab78d01b594920ee082846606e90b135e9876be77a09c3865

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba72c6f6edfdc91af81603fc45a13838
SHA1 e05fc7add42baaf228c282e88341ecd88cbbf32c
SHA256 cf4b6edc2b92e8a583d18c349a5a4dd4991e8a9bb9496adef152f2e40e3422e5
SHA512 7749933451d6c0634d3d0c43edf2615ac9ac352e68449937bfcf54b8a5aaa673281582355ec08413b2f506a181c0532aaab757f26bc5f95f846c3b94a0b0fafe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 141089aa703c290b73a1c72736875d65
SHA1 a22479df33c7c5e29f668205014c8cbe7dc7ea93
SHA256 29f48176345a49612cc107ff96a3a7c8e7f2945881cc427b07df69d838484962
SHA512 06300fe1a97a6adce961904dfb122108bd85eb90b488f3191c9679d848018ce4588bb29d0a0c44f01d6434289f4983536993ffcddf66e16ec2f20d0e28153cfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ed5a9710ccfac57f5fb18aee8d4f6e4
SHA1 bda27a3818c563e1d09efcd1bee42b3fb14dd0e9
SHA256 44f1d989785998b141506ed56ee8f2824a9f7bb45978c82ca06a25474a16fa61
SHA512 b0f0f872c03f32c17ba4adc7ce7f771c04c3d91004b0b6c25bb8ad2e0ca5fdb8cd4151de7daace63ed6167c09211998a99beaaf900827ac2300f8b190e0981bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b96b4f41f9f6805a0714aef197d529ca
SHA1 79c44ca3fb5aa5a37dbdf05d27371aec6674ca89
SHA256 5d17e17b16c80cd79b393f694f40ed5e8b33ace3b08c85da7414cea02ed52c83
SHA512 39e9a27292584826709c9bbf9b9d1ab047e36a20a629992a75c76d14cf693a6f5e09b313ce2ead683038f042aae1d1f66ed292097a4261a06de1f572ab854383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9467e202af141cd138c43abb50746cef
SHA1 3223e0cee28cc56ebe3aef70924f51fb2f1b0e21
SHA256 c3aed3002fdd32ccdf3269591b509d0e725496bb6641e27f902b63341a1e9afd
SHA512 21ec9fb5cb83ed4b95e929f51bf35f2a67f1294f78cf138547050a517b390dc341a4198adac8e1e6f1668274a01d6319ffb5c952f4d5ac3eeca75cb088cc838e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 df673c561f2eff8b4c2db799fd66c825
SHA1 219ca08fee4a8334ddd4697d03fa3affe1af08d1
SHA256 a2e903a4c4642071c6ab10f0ecc73265cd383cf1e51f5e84de37cc0ccdcdd63c
SHA512 e8be212d886839af13d18ab3a402be8602a6aba5ded99ad6d16dac5c035ce47c5ff6c8dc3c28dac43fd94f0038923d198de3cc9cf20a6afaade6a66293d5ce99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8657c950dbec45859253daefdeaa179b
SHA1 5e48e65ab1e872fb8b07de2e97074c4b28db68bf
SHA256 f9304ce2c7dc9be69e6dcf9b3a39322bf31b259dbd9bab54aae9745d63308fb8
SHA512 a1becf166b3c453b5a57a961cdaf772742f4ff2e2e9490da7665b12c2b651c045f362b85a2a9ae3e855adcb1caddf48d238620c0999e7269850a351a8ba2c672

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 805edc5bcf89a73d2981d2f5d5d79c39
SHA1 3699405b2f700da8442b9eadc855db2cd2ad08a4
SHA256 c207c0f1b66a4d045c2bc722548d565a64a984ab94caaeca77a68427553f7ebc
SHA512 b716e0758e6c3a9fc623adbacc28e07547d79448184a40384df3818c918f407cfe5bff1a1aaef790010e342e5ea7b6cce5dd88b220e012bad672ccbf34f8ccb4

C:\Users\Admin\Downloads\EternalBlue.exe

MD5 7bdcacec09cedc22ea9f1f7ec6b53ba1
SHA1 466911763a80be467ffeb5ef2e0eff8a9ad3c423
SHA256 0001516e3cc56135ae4da69b97c403315ce31a0bf8db29c0fb05cda2d22fdfe9
SHA512 ed62006d8421fd380400b180d41ff61beee78291e03ee07865102cd082d630a3646d6909fdaf693c5ed7bc5c2838146383d2ad84555c0bbd08940b7a4bde7b88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8145b69116858f276b0b71a987cfc747
SHA1 1f684a63d65d525cdbe93337a3adcb5cd12396ac
SHA256 aee5033a817ee5ca720c2ea62797bc4f8cab4030077a3e9ebefbaa23bfe01c26
SHA512 98cc078f420447fe57e0461d80ceaf084095a08db6b110f3714644dc3d20c61fb76d9d41db295d0b77771c2367453132b796880640c0dcb08cc1b52e3c5769fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8655c130b588272cf07c91d72230f4ca
SHA1 32ab59d79243a8d5e808a969d54072e1c64517d6
SHA256 1a37ca52a9d520a7667aaad0ee7c214fcfb42338cf7f4dac4ec241c7d9fdfaea
SHA512 dbca9a4e932006f5420921e5ad381449790bac8f77ff0b68b9f647a19277d5b61f71204b323c4788d0677a15949ffc521aeef7671f1fe6093b32d2941a170443

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d475d1418feba5389097824afc870b67
SHA1 3a3915092d594b0c7c124996c9a8d1ce25c7030b
SHA256 5f016a2cba57042b4be8ab2889e0d63b178f690e17c4adbda18dd44302bed584
SHA512 669a4347f65523171c5b655c94a2bb20a0f41b4ebb8acee1b0a7fd27694e20aedb29f360f118470dee1ad94415c9470355c6e4ee43a5a23c123e7bed0446d4ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db19c5538dc4736baa4b07a6ccdbbfbb
SHA1 b8de20e158966a21639d253836b953998700a639
SHA256 05e6dd4bf4aee3cff58ff01b8f3dad205b7d3a9760f73805111a8535ca1c65e4
SHA512 7ff12ee9f78db8bbf3847321492d71560e6d091535ab38353e3440f45c703f4f153a9069727c42c8fa60528741ffe88b218779239901b6c92daa229918cb5e4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e2837af137e75d6c2a388e0e264966cd
SHA1 99b0f5a7c7c39b222eb26e34ff87d01312f821b3
SHA256 4104f8b131380bae25921af2e39aec35dc79d2f5373807ac4b8cfae12192e8f6
SHA512 1f40810eb59b78a10c4aa63a305fd84b9acc84b5e467e6252637da45ed8f9cff3612101019728c927a5e518f863777792136da868048fe72fabe45427b5dbf9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78cc2944957bb1ad24047ca0e5c6df18
SHA1 8c391fba6e8c8122d4e00df3fec22ce70165be40
SHA256 4a9d15393900d19b0aa950345220e313e5c8b917ab85616737d670eddbed45ec
SHA512 15242b2c6b201be0b9e6e2edafac61679605c4d354ae811b73acc95f333920139663a0caaf67ac4d92dbca00acec632504177df43fdbb69f2fc44a8e1bfff49b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfa4cd1f481f1b41d22ec52ec0e98c35
SHA1 125c871ce3bb302d96f35f495edfa60bc85b812f
SHA256 ffee681395ee2d6cb37233e15653bb3ee31dbb6de850eeabbb08f7ce53787f2b
SHA512 a0e7c64ae1dd95318e79ba0e8d16acd206b5d79be9732279bb69c064636ae66ce3bca2f63604369ec9f1668dee28608b2a8f652ce04498bb038d2b545d3d0412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6137162d7026f24ebb7b1865ef0c4ed1
SHA1 1a07abbd9169e46c628e127313171cf637a0a425
SHA256 54caac1d0557851efd8edbbac14a41fa93dc4c2752aa20c4e9ea8c1fa502270e
SHA512 bf0d30e3762b55eb9cc6ae0fa6d70182a2c1522fe48678cae70c6e778b02b7634709384388ddb52cf43c008ec4ff76cc001ae8fc3a4cfaf351cd5b00a82f0961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc3492c1c47c7b493922957079c4f84c
SHA1 4580eeda7622547a799ed47467888e3075ac55c1
SHA256 9fb64348e04a9891c4239179c8bdd3ce9063a92352f4166dff71e5580dcc21f8
SHA512 649077e7cb88098c699d609e52a98f6a309da022c8aa096ae9a4c87f3a230b5fe5dc6ef1faa057be353c8c2d64211991c089e9629668e739213314a52df975e8

memory/60-507-0x0000000004D30000-0x0000000004D66000-memory.dmp

memory/60-508-0x0000000005510000-0x0000000005B38000-memory.dmp

memory/60-509-0x0000000005320000-0x0000000005342000-memory.dmp

memory/60-511-0x0000000005BB0000-0x0000000005C16000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kal3eelx.5o1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/60-510-0x0000000005B40000-0x0000000005BA6000-memory.dmp

memory/60-521-0x0000000005DF0000-0x0000000006144000-memory.dmp

memory/60-532-0x0000000006150000-0x000000000616E000-memory.dmp

memory/60-533-0x0000000006230000-0x000000000627C000-memory.dmp

memory/60-534-0x00000000072D0000-0x0000000007314000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d51e91e2da78bb5943a9c85eb39562d8
SHA1 ee36c1cf9e07dedbb1537d7d50ec5a64216fa488
SHA256 645a87fe6bc928b96ea300ed7c577337662ac7055cfde0760d5fabd4a21631bf
SHA512 2d8cdb4af1d8985c5809dec9c58c8d522c51faa65927e5883567539a97590b52530025cecac0cf31ffe40755892a84e48e331c5f580d75059873cb65d515a681

memory/60-544-0x00000000074C0000-0x0000000007536000-memory.dmp

memory/60-545-0x0000000007BC0000-0x000000000823A000-memory.dmp

memory/60-546-0x0000000007560000-0x000000000757A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ad2e0cc1e20af82b864b8d14a2260a9
SHA1 c62cad9b361abfd692e003a859004570b21f04ac
SHA256 1b736839e5bf3674e726f94a884ad555827dd7f9ee60e6ec2ccc3b5daa2d57c0
SHA512 831cc19b5f809c46ff1eab8b53f13cc52561a9ff43da5e413195a5c53d424c8f6b5338240caff4d801344ad1be0194568a745fb982474e6691e01f74c0f97182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92d3c36b52c109535449397cfc8edf75
SHA1 3e9e5955ac4f7d6d9ab40bb822315c3264971032
SHA256 6df57f5372bf2465817e1109bc9b5251519100a99e8090f9f7766f2816779a5a
SHA512 c9d41c80b699f62462ac8d14e4de1f5e827170cd34410ac125cbe9e776d076e1f841852c667a4625822189d40a158feb19095603bd026f5f600a8201e185d3d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bc9c081222ac7864224b95c292b67f4
SHA1 17ece68511d233a3c486dee368f7a7cc6d9c69eb
SHA256 958e5204f1426dec11a41a8cc4305334315b29b50d09feca8ff24a64e1139c2e
SHA512 eaebd6d60a82521dce7198bc86b43eeb52a31fd0f366345600e1dabeb627e80f3559f97e499aef304c4fc60a44ddc9f66fed6e23e50a28bda09ba291d507fb8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25866eddaa1c83d50f1a284ea444360b
SHA1 510109e3178e20d83c25e52173942ebfb24147cd
SHA256 9f1e65cfa146ccdda76a3a6b1866fe65bc0fa422d3dfeefe34b3c44f82ad5c23
SHA512 f87cb101d7e42b5c1ded23482c1ccda34f1cc10a39b9974e592caadca9e64f7ed7a70f2839218a94d4ce29513e17c807189160adc7e280cb50409f2d769d2275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 314b4b58cb2592fab84d8cf85ae7e740
SHA1 8d350f18291c734a5bf5e46b240cf2b582f31350
SHA256 d068f6514cac3992f9b2bc75ce877b2c132aa7cb3abdb58622e459334773810b
SHA512 8bb6c7c900e1a5694ee8d8a8cd8cd2ef24af8c8b9302e5f648cb7dc2135a78265588bd1adf185a9198234b453f87335ff4ff8e60227c6eb9ff95f81808172894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1f437f464d521248636c45ae5f8f41a
SHA1 80b4c06217dac5dee22ce06ec41874486db0673b
SHA256 cd88f37c8eca689d0d9aa5240f9ec360fe875dc73113ecdb79219f27ede06076
SHA512 853fec19aab14ab139901da8e8bf62ba987b2497cde1da680a47a5863a89e4ca4c524b8248d477149248062ba3848a9e3d72196f540a8657d72e0a97960d437b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ff4de2ff420b19505e305f00c6dec3d
SHA1 80cc521ec19950e078d0999ce7ab2b744e9970e5
SHA256 419f4790a6faf44002114b280d16d7af80e4518d553f0e8a43e2757c202d2e82
SHA512 d595a2af57010bb87dd0c725b3a93bfcb10da548daefcd5a526c34ee1f5519090c763bbe74360bcfc92ae612190eae6070ab4da574c7cfc5da63aa16186c34c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 01403fd9c58f7b43835ff23f9fc2bd6b
SHA1 df23185ceed0fe85b5f0c3a1675043a6aa4a1a31
SHA256 b5ed10e50450c37a3c47f45d21786db3d23bb13b6546df3b7208e99fcbe475b4
SHA512 fc295c6abf50ada47051c370abc399858629fd117d3c9631af8a2eb61d5ff152ab3ed6eb3a0273fa218899976794290b0c155a4ace78a7c051b3d82f6860d178

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 75b736fdb51022d8acaf27c3910c3941
SHA1 3d1a5e2ed7f4d95e44f94386c2f989bcd4ecb4cb
SHA256 d688d53304998cc395e0d3ce7f7606bfee3f4b4e7b44582916a003473fda1739
SHA512 ca209864e602a75c98e5399de1678a8147ba67d64e877878178c699fe1fd68c024c08703b0d92bd1930956424b93ea99e9f20f7cd1f13f1c9f6fca95385fbb76

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 35d78bbcddf0b88e61fd5134b08b9575
SHA1 cebc0f043d8df3770825ed3d8f5564af5c8f8be7
SHA256 0c18edbcbdbd2fe46435b2a73bcf96dc97094297a775f88d7e290521cad4d2fd
SHA512 8b5a3ed5de75da133eefce6c90fde41227321a6fce0cb75436b8d12453b26951f63e9f057c26fc490c8c635e55bbdc016ea503f1231fec561d9285ab1dccc7cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3337d66209faa998d52d781d0ff2d804
SHA1 6594b85a70f998f79f43cdf1ca56137997534156
SHA256 9b946b062865f68b9f0f43a011d33d7ea0926a3c8f78fb20d9cab6144314e1bd
SHA512 8bbd14bd73111f7b55712f5d1e1b727e41db8e6e0c1243ee6809ff32b509e52dec7af34c064151fb5beccd59dda434a3f83abe987c561a25abfbb4cbcf9c7f1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bb6240fe90a6942c5a252b4690a8720
SHA1 6a5e58e79b78372d454c77cf369a2a9a65f5fec4
SHA256 e42f0776600f4d1cd48bebb39e0257123f496a901b50b0f692e51493bcda3a57
SHA512 bdfcd6289368f13010e609fe7f230a83903c593d0f4f8ce50c7f2cae20d571f9662e987f87159506feecc6fa53cb6d4988ad73133dcd930419253f661d79817e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 525d347dd2f075fcd959807da15edc17
SHA1 7bc39ca802ce87cffa1db16c4712aec0c345a491
SHA256 0af0322034e0ac4d79d310bbe4b6bda9d24772e55227774ed1f8bb5190c63f55
SHA512 246ac626133acd3916919bc3b926ac30929304a9bccad26012089482f9c41fc0e83c1cf39d2bf89f8a07164829d2cfe2418b87771d9df7f9309c2bbebfb5383f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdf5cab9c1aab5739df3d2401c7c6815
SHA1 ed8d5a1024b503a6c32703433e1c3d357ef6a9e2
SHA256 f12cf899828ff266458ece670be5ca843cf3be218659956416b7c2dafa334eef
SHA512 aeba13bcb7c81b4899a7e85c858272530c57358f7365b4a2f1447291e5c2d42c359bed58f157dd3fa3724e326b145eedaacae55c42d89f0b3c540b68ef76344f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 f45a9484f07f0123d4ff07c9192dc387
SHA1 2f9f5a19be463bacfbb6c0b4fbaf2bb0e03b8737
SHA256 343d6afb64e8a126d5c73f407c7119907bc7e53494d128e408d7e55e91f1f448
SHA512 dd52974b0d06d63c4f7db191abb9d4a233c653e69340c147ecc0f0e2089808c1b8730267e19f99f44023c000be861294ec541599c2678ac76bf36d0f5de43bf4

memory/1852-706-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-708-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-707-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-716-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-714-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-713-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-718-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-717-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-715-0x00000000054A0000-0x00000000054A1000-memory.dmp

memory/1852-712-0x00000000054A0000-0x00000000054A1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de060518d30f5264c06e430d482fa8e7
SHA1 9550a9d293b2291148e1d004c85d18f76d2b7a0c
SHA256 657c11aa55604b17e28ffeaff5921a7684d19cd40152bad65cc566fb5966008b
SHA512 f1636f01f2094899610178df6673965e881b62b394b6801a39da2e02600e6a8e7412e73e64ac18d7b7a19e196139c1001d20386305ae01a4641f241f325b5bf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 485ec12a11436096c9083c7657c356af
SHA1 e59be51f9ba396646697af252f6b063b6e4849e5
SHA256 677e7cd44125c24312f8e2346f9c75979479c37574f8281cbb08d047645f0343
SHA512 5b04a80684046b4f10907c4575e97897f8acf5814107142ef5b0493262fa07a51ec527f4e2dccc8cc0bbb4f6b74c0dbe70c9c1e7517be30b6cff7f5b7eb24878

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51cd90d0e094827e1309d0fff799d96c
SHA1 e55d0d900ce66392ee3dfebeffc11c8ac1d2531b
SHA256 d88cf558013d28c8fc2ca558580ac3bb6f405ba3ed678178385cfeaa3ab2597d
SHA512 cd4d4152d5261cdf27e7a866265cdee6b55ed100b982021f88e27613e8d606521a1b02a59a3840e506a531a99b6e1b8cc78b3ff4050f2076f1cbec6e176ea0ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03ec857f087c1324ff9f06e63808a426
SHA1 34ef772f5a1fa624fbf96bbe0e7111cdb1db3f2f
SHA256 ae694f405eebb30a04bc26b17adedce5783b96bcd478b909c6bf060529512409
SHA512 c9f79191e425ed2f71a357a3bf50abaa0e13e1626ea56030299780237768bb2ab2b990640ed62d8e47eb6c2e768c0a870f7e2a9e50855c2cf71786077005e727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8bd0ff5ba97473fae0db70148963e2c
SHA1 1ae0408d3e6e118c1ac936e1861096bef2628eb1
SHA256 eb8cda5cc831664b6cf11766801d5ed096395f4e2a350b2f201c0c42600b218f
SHA512 50ba08b0fd5cfcddaa568df6e61717a3766b92fb841bb64d97933c4e869963920aeef2e9c29cb319951dec607984c6cbc4b44483a1e6ff780259e7dede0be973

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13373576400303691

MD5 12a5822f84bf9611e57bba1c0a51ceae
SHA1 a301da4261d467f086dbc5bb022751e425d689a4
SHA256 813976285f5d4b4d3818e0c5c6d9917e103d0841def532f2d70676dfc3f7580f
SHA512 e35945d5a4cdee5c132ef0176c67d1ac45edf33a4ec139b0ae02a130617fbca9a3a12e737256d834bd1e0f5d730fd1999e54e2a7fc6e496de7480bbd7c666f27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 217778f40c37a2df409cb2ce31bad63e
SHA1 e1d8f0449f146c79a81cd2cc0835e0692033cd50
SHA256 3430ab5a161500cfcc00c6294c091291a957fc6ef46afdcd251092d0444a504f
SHA512 55bef6a8b378d23b3d4fbee983b09d5c4e71cb9a790ab3a5863ee8fb4f01d91e5cfa4d15522cb885a1021bce566c345e06025b4a85874967050859955774abb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dee029051ee6d365ef7a2dd253f54385
SHA1 fb651e46b2c75f0b7ace5198d47241fa4cb12d34
SHA256 ea4c34c751238c7cd6ed12475b5f2a23f62b75783a5bb21cb805862b744ffe91
SHA512 1652e4f05aeea74b717dc623445782ff0f242f152221af56cfbe5be6fc0db8d6b0f3bd09d03429315f2e29a1d2c958806c8e8e3af618e50577cc7415f04bd9ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fbc6d32957d35f63763102050a6df12
SHA1 c26d45f451adca619e07137bb5777e1775b30643
SHA256 f71e3bc180c537ed4edad617facda213399f19f7843cc3a5d50f5690ce80958c
SHA512 764191df1aaf5b8fdbf3da87a66cd26bab87ab0a0083a463fc7ba694ee9a1f818a089087e1b3cdc1ed7e86134e5b3cde604df0fdf30f7dbe9e9f710c4a252b26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f7f94ca0426ae0de2605cc5f8703747
SHA1 4280c90cf54e8cb541a762e8d134163d7543bf7d
SHA256 9e6b387371f3cc88b12165d35dda43978f8fac2148a51f11a4564d48741673bb
SHA512 597f4d045f6c2485ba99d7df3a33a725e1a464a281e4c6de44402b849b50d7504dbeb5e25090e662a71e66d5603fa082617dec412d7f2b1df23992a9ef97553f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 492f9ba39399cde24ca3a9c262511710
SHA1 b5c7bb1c134ef2d9635531112c4bc037245c8c26
SHA256 c84b4dc41567a00b9e4d6150ea67293c7e0bde4c0dd47e174953b0cfe00dd26e
SHA512 e812b5696ffba3616dc48ebcc4feeb41b6d2d312c163997292d87dee06e26ca51dedb201c08972611d9242c5accda41981e4e2eb9d04ce6a19fdc61e37293b46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9090429b97bf1ba22779b6d8d50e418
SHA1 2a19241dc8d05a304e39b5c4e5eff5c31831f495
SHA256 3951cf367e7014678c1c5b69aa33c3f7ec4c465a7b9c0658766f8e34533bc11a
SHA512 b7b9778255e82d5b25fe7503309163d0bf422b752579b6a617bd9a0c1be1cb4d42a759e30070900d55dc70ccbfac818b91f9baa27c9c8f3f7e5fc157ebbe4611

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 e421025aedd0801c6a51bcf30e8bf53c
SHA1 b06aeec39df4bc382fed904adb34b83c6639b8b0
SHA256 d13730e9ee54068384273bfc0de7da6f512c3f5b218573901fc425babad37991
SHA512 0476275dc61c5063f06017d27ac00c2408c9e4fbfeed5e1798b3a9c745a6d195c78d682b6dbc6a814983e356d0af6aabd7b7d7c301cdbaed27740b9f8601cbd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 766aa79e25db7bbc890ffcbe23c4702b
SHA1 4f7fe66d4f4005829e31222fccaf4e030f6d622e
SHA256 24e89731e18edd65a16b66242c8962abeae225e6b5d763f511d8caf33e0593b9
SHA512 622d2d3046e1af4cc48fe04308c6b5aad8127c138c113d3b91fffd36d6ff476a2a4f7829ae9c95ad69f5963bdf7c744eab14c093287b50faa0bdd35e28f9b562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 093ce960af604bb4df120da0e51afd95
SHA1 3373bd540ff56e4c7ccad9c980b475a468c44384
SHA256 7deb3a9df8a9dd6145b7a1b9cf67ff027795616aef97356679ca1f860e346ffb
SHA512 dcbb58b98f78e3c813d34fe51bfbdffb68b0bd23fd588a2e1f54c9cf872c74dfd9cffc1d0f1372f7c8f156aff151ac4f001663102b77127ddba51521e93e4164

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:15

Reported

2024-10-16 18:25

Platform

win11-20241007-en

Max time kernel

599s

Max time network

592s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dashboard.blooket.com/my-sets

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133735761520072524" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3840 wrote to memory of 8 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 8 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 1376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 1376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dashboard.blooket.com/my-sets

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc866fcc40,0x7ffc866fcc4c,0x7ffc866fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2092,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4776,i,17763459190483264387,15859581709603291034,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 dashboard.blooket.com udp
US 34.120.37.181:443 dashboard.blooket.com tcp
US 34.120.190.171:443 ac.blooket.com tcp
US 34.120.190.171:443 ac.blooket.com tcp
US 104.17.201.1:443 res.cloudinary.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.190.120.34.in-addr.arpa udp
US 8.8.8.8:53 1.201.17.104.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 34.120.37.181:443 id.blooket.com udp
US 151.101.128.176:443 js.stripe.com tcp
US 34.120.190.171:443 ac.blooket.com udp
US 34.120.190.171:443 ac.blooket.com udp
US 34.120.37.181:443 id.blooket.com tcp
US 34.120.37.181:443 id.blooket.com tcp
US 34.149.18.126:443 s.blooket.com tcp
US 34.149.18.126:443 s.blooket.com tcp
US 34.149.18.126:443 s.blooket.com udp
US 34.120.37.181:443 id.blooket.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.200.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 172.217.169.14:443 google.com tcp
GB 172.217.169.14:443 google.com udp

Files

\??\pipe\crashpad_3840_AWAQPVRHPEXORLGC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 1585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1 aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA256 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA512 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\05a921d4-653c-4a70-a54e-51e823df3944.tmp

MD5 a42983b114f571d9fe1b9f346d5e3799
SHA1 b0e8414d2825f2764ba8a196d89bccb1c9fec159
SHA256 d53eec8eeaaf9800e4a99126701e2a2163cc82a0e86717db387621d9a25afb33
SHA512 0b19267a90247fe6153e10d02f8f8e71c4f5ec301025e7a2ad5e00d3cf85da85b41e2afeff040225f8644b0f2460fa26cbe6b111c7ce1e96111f45a6107013ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eca25da0494ab89d4fbd3c99aadf71e3
SHA1 a45facad2127127e9f73214fcda8d82c3ccb3a6f
SHA256 8fd18724cf9f9523a1c3f963927f92d5ca9414c9ae94c526e43088398355b37d
SHA512 5c0480919de4ec35821fbffbd672368fffd2280e781a0b2601e30717ff91a255d9d0fe2c806d612ff98096f9e1aa66f629810d48cd3034ab137b68b8d7069407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e4884d7fcbb3f33c68624ff79c02d70
SHA1 6671cae189fd2b7d10f5f8dd04978d1c34182ec4
SHA256 fe1ce9d2becafb6fb0c66a12d1973496224351a7c612b7835d4415e3b699f2ec
SHA512 d24337a3aa20191e990ed18b888495d8b36aa67265df63c139c5766646a9eddd25776c3b91191b93f7480ce0ba085ed3f50ed4fb133c129b4401702503753353

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15016fe9a8745711c12a7641cd63537a
SHA1 46aaf8eca8b856542443fd7c67991247a5448f7e
SHA256 342a1fbb9d31f3a755072ea07c6ad7694032c3c9e01c0516f2672a2028ecb810
SHA512 6585f9f0a1f28f13602c45c8dcab91aebda9a972b5777f6e8cc8c38df4d72e9f369486ed64b8b2d9a8eb2f57aecb7e154ce42d588e016e2853f165b92f172761

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b09493e5062536b75e2349ee9d69d86
SHA1 69ff712dd4f95ab8cd5bb5a2e747295cd90e5510
SHA256 39c92d685b4cad473999dc07c078c7eaaec0597945f5e1c6aa138afc00c3ea76
SHA512 a93e169fc86a05d30806801ffccf1abeb1024275077d95d1107997e02d6e0cf21e2abeafed5555bb9a990c798f57114095a9d74a0d83654ffb23bb16c9b76be3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1053afebd58b604bad3084162a568f09
SHA1 8b58c7dc32e3e37068c3b253b004cd480c0bd630
SHA256 15144bfaec301e6af4a9edbe2e36d2a93c7cc521928808a711bee2c5c8e63197
SHA512 b9c167402a9ee4e0277f6fb3c617a6882bbc6e5a51ce96427285f733c366817ef9571e1b682866ace55f22139f8b589821aff965c15a2e9630c7035ff1478bc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 128b704c649075b4d61136c502b60cc4
SHA1 b85337715d506c32b4cc50091f7ef63309728da1
SHA256 711f93993ad9c1c768d77b36815bdb27c0f9e23a49d0586f8ef13a5386dbc671
SHA512 15ae109034a08fdafd4f33b7cdf1112e1a4576dfabd6ab864ffbbef9af6e20b29b925fdc06f7b41777a68bbdb8901ff12d5e8f22d01a5a8eedb5d73794635ce5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0eb857f8ed4dafbfeb43fa87982941e1
SHA1 2691735332ee8f4e6c11857085b1fae998a60c28
SHA256 3ac773cfaedb8078e93d6a264b1ded8cdab70ba20983b6f45d586e397cc2f3bf
SHA512 84367d7af9ab6252119ee8422b561838d0302449fc47b5f6cb7d087150697a3b8bec477b1907cc1ccccabcc034a78b741c9f00f7ae93b2b6b81261e1eb30d3ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b231b85174aa796520faef2f7d69da5
SHA1 dd8708d64ccad06880f5fe953212db36c18d6e84
SHA256 2a019144ac46119629cd9d448259ff7df6edf0fc5311dfe4cfbb911dfb470814
SHA512 f3ff3b5cdcfc99f5628aec19266e2b62e8f986804c718b856af3667454e3372fd3fae0ffe8ede89fbb5f6559e8a6192881da6a3cfa6d57f4b1158fa4546a5c5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe2840e77f6185f395399d16dbfa0db1
SHA1 5bea876375f8f2a4a89878f3a170902b623f4411
SHA256 13b14fb1613a7d4eb9425b09c2ba55e170a38f3520d2697c9ccf02f96d7f312d
SHA512 27e5858cacc6e1f553bd04cbb488da246814c7ef4e1b803be741b93c81d98996791470eac55456de367aa27e8570d8b2606d9788d71ec0b20184649c68eea3d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d9efa9eed8d295d39e019cbd6fc3b3e3
SHA1 48a3d29bd3ac8fd60555c73621eb832856fc6901
SHA256 5e2aa28fffaf1ab1a78914cd3f3b301d6fdc675f57b5c309c7d22c3de831532b
SHA512 251f41613052cc8cbb73f3e05fe8cdadcde6d1814b6085e8d7030acb36624a16cdae7f312a977e5ab24172c813f49650b112a0ec62852569ed4690d9a0974789

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a1568314838d6ebf272af181d1e5a5a
SHA1 5b42c45acc69b30a0a559fb1b5ac232d884378ac
SHA256 a8edb5082c6e5376cc1414e6b2bfa68cb3a33caddab629ffa10809f25ef86186
SHA512 fd699882556b7314d14466024a5536b4049ee5c1f77f583663fc60086c6d023d5fe0c00359ad692be302de63a14f3e2af6368ea44f4391a13bf4438f51f4e288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a494ed41f685d626053b5370cb322fa
SHA1 22796387cbcdd3df3a2ed494d6a491d50e375f40
SHA256 86b8b1dd60e24e90c3387558aa2c836686376b5ac0892263780aaf79ce6175c0
SHA512 8ab90219fc6e04cdda40896eeb78f02c0c89a4a11488220f715a6f870994d9dad75fb7ea819f5fade31bcf7ba2dc6c4d2d9dd994de6bad177dcc2c6cfac8d06e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b08393115cfc2c8ed984be92f4bbfaf
SHA1 2057f93c72dc016cf6c2eafe6c14432b5d28b90c
SHA256 a34a81a22f1aee2b6b6fbbd5c161e4a0605b7789d623f6ce1cbda56021f4d98e
SHA512 20136d94af65beeb2a50079cd74e32c043cf5b1118bd9c4ae70580039fdad294229cb2b0a7f1c2de04efc139ed7e941085943f29e30264cf03348eb1623f3690

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 666f53efea6aac18c864e02dd8f3bac1
SHA1 713cf12430e93281620d87fa994b774571f0b7ce
SHA256 a06216ddd48103549ab558673f07084ad03d506cfdee7c3322b9e4f53d55549b
SHA512 2db63b96371efee86d64039b089506276d907b7f664285ab413917dfea7d3a157509ce90a239bee41279777f2d54ed42d97682f1f5313f3ee8fc9a0be4c9cdb6

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 142719cb588bbafc971c86f023981eae
SHA1 b08327578bc0e35e91dcef65aa6514c0630afd75
SHA256 e085a32c75433fe97687c21680ab8d7da17b052105c8fd51b20f9a04c8d6eba4
SHA512 08f2065ee6edbeda8691c484f8ebbcd2da6de094537a70445cbdb9791f6ac44e0bcfc5b6e7eac3e5984f389b5ac2aba6dd9a50be3a8cffbc8acfaa8394881974

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5214575959deb9626f352087deb35fa8
SHA1 79d55d52897b61fbcddfa4ea7197286fc66a7a4c
SHA256 7c29c802d919d91a294e30ca2b87c939d358698b2bf843aafaa101dc441dee93
SHA512 28dc87b095cd9e3beee6e50ab174849cd13348a39166dff8456479d5d398fe17a53e8c98c056457c48443d1a2e9da9e6bdf93800c23ed40b9145d79604f8183d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9427913ab97fc5b1c8db011da4e75800
SHA1 63ff66561dba185b1fc086a155f15dda83fec46d
SHA256 4392c032b4927ee302abe62b17099e52caaf024bd31edfacb33df19fd8679e81
SHA512 758c7ba697a78ddd9afc5208cdfbe4c4bed5d5e457877b1d465bdc669459f62274e6330538a3ed2eb6d0cbeeb138b17d6d9df39f993a3480f6e0d1c15776a758

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e04b507903d00682b6d14349ba1d7966
SHA1 31a188522779e249b1ccd7b1daa3ca195a1c5c45
SHA256 b4b48d9ffce05f74dcb9ac5936790771d5c59d792d96caef3ff699725d5f584c
SHA512 19eae9c5aa7873e8d0f6121c857ac6842bed1d122e5f3bb3cbdabf49aabd8459a00945085136f040b172d98209d68cf83ebe128a9af9b44b9fbbab285357c079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64d189c206e671126cb180c3eb24cf52
SHA1 c5cad8c0776c072e138d1e96b5c64b8e1a3296da
SHA256 e140c088ea976e6e0ad43d5f7829658277d536f55a41d272eab5e19c81f0b9be
SHA512 4bef081bc61e809d000bea7c2fedcd6e19b90aaf8279ded0f8c83a8240d59a15c085ea642c6e8f79751f9e513c2fda5200d9d40f6ad1dd3b7d73d3084ecb864d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d6d72d74ce1bf32daa77c3a615c3cde
SHA1 72fdae2a998d9b9ae0dcc64e6971286d38aa6c59
SHA256 3ebe89c9b1ab729cbad2b845c94550dd57df46ce49bad3b5f77daa7e6d742411
SHA512 6f3c08c984618ab7a582d67ff6b56f06493b649004dce516e84bd16fb3ab7b228e87ba5835fc66f48e778eed1a7a2fd0ab2574282e662f1e1930735349b4f77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c526d97befe5a5fce3c9a94af428b39
SHA1 4bc2abdc37f82879d00bd40edcb9058ab0c8f652
SHA256 4ffa5d8f0718ec1689622cd1c6ea65adf2d970609486a652d5023fa39da9e270
SHA512 f5d789cd293cc38360e720d96d14485208dfeabd9ad7c50d9215dec4bf77cf6bec034361e108650a82b1b44b4e723c830a26aa2b3682ff2d066665143084113c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41791003caed4eaa36e8233479c706b0
SHA1 a1d9de2e1b45f9ce996a30306ef2f2dc4d8399b8
SHA256 6af3c9737d69d4321e9fe5a140ea78ac38849ad671eb804436838c5019e06598
SHA512 6f3015ec7051c77615bff217dcf022aeee8e05dec40d3d691774db3f76b57734107f16cb67ae6ec7c94706c705d060ae4ebd80ce634069b22b4296e215a2a362

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2e1f148c0aeb81fba669b446272d284
SHA1 304038c7112a44788264a0af2a47ee7034edfe4b
SHA256 d245f693259b544de0bf1bbf2c02ce79a10eae61da52e25f41f55b26b10c7274
SHA512 75f1e6391c88a9308f47e8aae7d0356809f59c7a4d81041e12528475446332b870a9a4656151c6d5db31e4cd2b34da0d2833b3cd98f603d4afd6ed53f69ac62d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f3eb91a36cce9402ac94788fc3a24df
SHA1 05a6100d88eb63603ee8b74bf74e6c14a3f35a75
SHA256 926d6c3e0488715eb3b3a5a39dc0ea4222f252b2fc2edfe7bd73f8ede19f12e8
SHA512 d0e6575baf32551ad70240b237838f557f7a95fcaeb955b9e458f2b675a52e6e6ba9e5b643f47341a968e6e9231568b328de38496a36dcbe98bc6c0db31c6daf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 770bb42138f5c2a11e9bae4a11983e09
SHA1 0831bd6a0d1cbebb3c16d31394edf36e27745e12
SHA256 818cb2d0c1c9ee42146a0dd741cf455de1b73319ff1bb3d994fbdfd48a87970e
SHA512 2be066c0e0473009c35ce1f92c5e2f16153a06ca65d9aae6ea809f20f34c4750ad1ac7fa10c911fdcfdb48d9cb6edb4e835257b2c7c6cf75837fb25c3ed95d98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d9a461eecae0d1cc3875c5681eef8f7
SHA1 408c8efc017b017ec094366b62bb8123d72d4545
SHA256 6593e78c7ffde198c5aad9c050480a13ea993aad6879bf748ea7e77abd3ecadd
SHA512 50b164148ef92f4c4a62ef7f2ec113ab459ba3c90019f7664cc7ca95012312fade4c48e51846b54d5d02073fd9924c3b1b15cede38dd219f9c739ecfef7e3058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ed0a5db901bc4032f46529b725bad67
SHA1 6556340ef18f5b4e70d853e7ca4b1964d89edba6
SHA256 cc02f51cdd34ccd8041bfdf0f56020dc17a663f5938195592cc280017ff25337
SHA512 0d32ff79965dc0dd8d7c3c0932c6835e41fc58808876a7564b6cc13e2a8272593b81178e82309278c628516396bd60bae974ea99f94ec939c93040888199c01b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9213139dd0d51bf9b71bd34c7dc9346
SHA1 a75f10a31236df02d49902f3c31a0fdb171bfd57
SHA256 1876e841901925ef9fa40d7983599c2b1da0766afdeeafdb13d1be82d9014b34
SHA512 85196ab151204f621ff76bb737f7f107dab8fdb14e2ff71d4bddba95dc42e7645d306cbdd50a6e0d7202b92718610cc9709f0794afd9da00e66bc6ba39b227de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19e7735edd5f5c56616ba1d8b4d5f280
SHA1 74064a066613fed0999d26a2c95308c06053f12d
SHA256 c21a633f29faaeb8cae55bcbd90505b9a54f54492f38341fbbaeb44b4889864d
SHA512 af8425f2a8fd6816bbb3c9052030f7ba2d6d0e518fda8ddbb6b5699f362f3c8a2426dd3c1c5feea8dfc384dd05096d946ab47bd46096872c337a8081c293006e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5641f3318b17a7826b1c70ffc8d530c8
SHA1 649f4a3a21c6a685edd9cd1dcf7811c744a2c87e
SHA256 d7ae120caf23130eb4c83f69a9c3f142a55ebf3feff8ef7839295c10a7a414b0
SHA512 8d383079fb302f5ea025e1c253ff63d997479c4a8eafc686cbe1fada1a4a645883c669b4840ea86ba4b4ce63db32903464a7e6a078290586443bd33a73045218

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d717a47397eb5381eae1b4c8bea6d307
SHA1 e7416d8e3fedb5da2a41e251673ddbf12a448344
SHA256 132a7b9c6a2b11be4797c193b5c2a2f3de80add90ab5db5081b719a6b5dab39c
SHA512 5adea99733ad91e190d386681ac6f2a2e45a5733421ea28556c2fb51cebe1753f8361dfce5c4c32f880393b93461c7279ab64b06ad3e9e3fc698e9348743bb7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59a82526d5a1e4175d10c2ef3015c037
SHA1 dc8469daf675d59e8fe93de8ddd5c0ec6227aa44
SHA256 22b77727735633cc5d9355e4ba94ba6534fc8d838bda65a4966cc9c3a5d89423
SHA512 daceeb3dbc17d2685c306d9b3ab1c2e83dd4191426a78bff4687916cd46a99f1e3feee696101dfbf2b01f366c33d19f428f7be57cd0f0ff7ddf44c29d3ad1b82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31a1e8665e1532f4c3f510a8b3603250
SHA1 b3e909eebbe9d8e26c33f0fe04ab46779bb205ae
SHA256 33fd74353bc50d78566d27692969341fc69fc4bbe65acbdf2b0dfe336ce80379
SHA512 ff27111991beab788e1d2375ce2100a16eb7c528c36c5ebe526a7530c8b1ab8b90246b08d3f4265b457bd046481f0f79e45b353654e4793aca9a885c633ae1e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b6008472cdc6bac5e767a5e8193e690
SHA1 966955026387c10f79824214ce58316814641f1e
SHA256 326e99f4b45f36f6beac0a0d215f22162bf0a94616dbde062dd530be77e2bc74
SHA512 53adf2bc51b84b889ffc16d9ee471faea183fcf5a2388793f8bcb4b06621857a2ec0473594cdd291395dc9030f8aa25ae38681aee13107e3e31791a3b52a310b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74bba72037cd34c6915d42bce27a8c71
SHA1 d2f1c6e5ca8a611671014d1e26ff2a24ab70f59c
SHA256 f36f0b33c9380ea61a1110c8e4e11476aea19d15dee46f2cefdc7e72b5989302
SHA512 c7374f7465000ead74618c60f5737e92bfc7f4814b43d96f9e4a4a447d94b40c1a9f42b2a78b567fa3baff1ed1f224760bd34d9c4701334379fbe15de00054e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e28df69421ff941f448b9d01e817016
SHA1 59d2c426401d9d41fd211f31f0c14d992db1c575
SHA256 ded1ef9360f76685e514eb73b8617c3b8ce0537a9dfe4760d0b48767f409b555
SHA512 ef3f8582a845f8dfb8cacd208f65f504d71dc961b57bc3e1c13ce9487965a90864e518a3e1b54edf3fcaceee0cd74b25e1986368c10680e9a5d3aee82539e182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f9764d5a1ea2412afa8f7585b68a7b1
SHA1 73318954530e19ef23ca235fae2e7ebb75344ca2
SHA256 86310bef85a69cb87ee204355bb53387723161b52cd62602c2d0a5dd353c3c5b
SHA512 b75fa0cee3fc7e09bfcf32885dfce5d6432e0bd3fbff0f8291c387f7da7eb08038db11248ff98612a06ef893ff8699b85420f975d65ff7439f163b5326e0f790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfe25c481380e451059f5468e389c0cc
SHA1 b10a65a201b0ddfef440a29ace274bc1a524a830
SHA256 e6f672a93109bea982e0c9a824ebadc82b25bfd635c5979766dbb87011167078
SHA512 7edb1623d63760b215b864c7c5d77c4d7592de6f98850d6357ae9b620c6c9e32cdeea9bfc09fe7d6e578067c6c0169b8e6c3edae969774d6a86cf8bd72abd3d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0beb1986237f899a1c21226a1af280bc
SHA1 b3a26389de4b41866e40a773513cdb88eb55acce
SHA256 b907cd5966e31ceec9b81d5e4854afcf01aed6bf38f673041bc8c22eff01cc4d
SHA512 306b4544557446639b11d726c283063dd49c78c9c082f22744d7b710eab59539f8da8ca20024f49a326018129ab6a159365fd56fa028097865287a35c86f34b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 506516f0f55436813ab099e7532353f7
SHA1 25b5c3e7dc042a4a5a36f523d339df1d6d52c3cb
SHA256 81c269a6d8623897604782c6888dd7a965aea0a2d05c72f383338714f833d919
SHA512 12f90332240ec5fd06cb130be3b92eedf9d5516d3d85452a6f43bcb89cb2079204f15348be5b6941803d112dbac41912d3ececb191e1b22b31ce0c24d133e230

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e20b1cc5195b379dc7d046209418060a
SHA1 e69da59eaf2c456f406d0189e19b7358271a8bb9
SHA256 f79c64b49ce1332d8577788e6f0a544bd9f5df0f3140b69f451281df779233c7
SHA512 41e65f260981ee6cef76645f1a2547907c5339a3ef6613ce4209e6684c484f58edf83481946aa7bdc81cc8e6bac28f849a02bb86290b249639d7f20bbda8909c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4395622e67752509d2410a175cf8c2d
SHA1 f91632369cfa1ff9caa3895eed221c15feb22b2f
SHA256 cf8d02d318715c4e8becb418eec5475f835dd86020fe7fd45ee701293521f35e
SHA512 ba3d2bd87ca5083eeb4af55ed0d46d146884208a8a51ffb81fb2a8bbc044daabc60f7a573b3dad5462c6306961710a9c2b787c2df61bfbf4dd21e80d907f8a02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da170ca1c361ed4f24f240f3aeff3dde
SHA1 a75d1a55a1c02d5d01e261d9cc87a7f64ea41ed4
SHA256 f4ca46a626e9364209e8a10a78db65f760694c3390dd924a09024c347954c85f
SHA512 29d368f7e9b8e89266cf90e4d2b154077c910028808854b04364f55659740c2154ad44a96d6272c78313b463d3e63dd5029a6ba43dec2670715a943c99b7e445

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfc201a31e686acf257662d506885248
SHA1 fb6ac5fb426eb00e84c063f3c2eeafefafc97928
SHA256 808b6f87b5bfcbab3ba55810a9af7e5af777cd41afe197ef927bfbda96fe2811
SHA512 24b2099d193f705c518c594bba5779bec54cddd5c12f1320dd0c77adde94bbff3ceeb41e4be05ad5f3ec0c2cc78ddff896f4f60da92ffd74cb015466a36e4fa9