Malware Analysis Report

2025-01-18 04:07

Sample ID 241105-fg27jaxmgm
Target kreo q zi.7z
SHA256 282d6f5ddc83351dab51e6decc1293b078638f0cfd0baca4673afc8246fd32bd
Tags
quasar office04 bankofmontreal discovery phishing spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

282d6f5ddc83351dab51e6decc1293b078638f0cfd0baca4673afc8246fd32bd

Threat Level: Known bad

The file kreo q zi.7z was found to be: Known bad.

Malicious Activity Summary

quasar office04 bankofmontreal discovery phishing spyware trojan

Detected bankofmontreal phishing page

Quasar payload

Quasar RAT

Quasar family

Checks computer location settings

Executes dropped EXE

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Scheduled Task/Job: Scheduled Task

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 04:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 04:51

Reported

2024-11-05 04:57

Platform

win10ltsc2021-20241023-en

Max time kernel

327s

Max time network

332s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\kreo q zi.7z"

Signatures

Detected bankofmontreal phishing page

phishing bankofmontreal

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "22" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752559464167996" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3495501434-311648039-2993076821-1000\{FCE8C7E3-681D-485D-9380-8AA1B8054EFA} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\kreo q zi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: 35 N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 3028 N/A C:\Users\Admin\Desktop\kreo q zi.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2368 wrote to memory of 3028 N/A C:\Users\Admin\Desktop\kreo q zi.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2368 wrote to memory of 2304 N/A C:\Users\Admin\Desktop\kreo q zi.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 2368 wrote to memory of 2304 N/A C:\Users\Admin\Desktop\kreo q zi.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 2304 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2304 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 744 wrote to memory of 2720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 2720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 744 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\kreo q zi.7z"

C:\Users\Admin\Desktop\kreo q zi.exe

"C:\Users\Admin\Desktop\kreo q zi.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd201bcc40,0x7ffd201bcc4c,0x7ffd201bcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2340,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1984 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3676 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4732 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4428,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5500,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5460,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5476 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e4 0x3d4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3396,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3384 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5628,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5596 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4932 /prefetch:2

C:\Users\Admin\Desktop\kreo q zi.exe

"C:\Users\Admin\Desktop\kreo q zi.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1132,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3552 /prefetch:8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5920,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5624,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3512,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4492 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=2740,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4912,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6284,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5856,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6280,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5036,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6508,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6240,i,12524243245834438748,17521971063784770052,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6320 /prefetch:1

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" /s /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39cf055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 hola435-24858.portmap.host udp
DE 193.161.193.99:24858 hola435-24858.portmap.host tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 99.193.161.193.in-addr.arpa udp
US 8.8.8.8:53 ipwho.is udp
DE 195.201.57.90:443 ipwho.is tcp
US 8.8.8.8:53 90.57.201.195.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 chrome.google.com udp
GB 142.250.178.14:443 chrome.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
BE 108.177.15.84:443 accounts.google.com udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.179.238:443 youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.238:443 consent.youtube.com tcp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
GB 142.250.180.4:443 www.google.com udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
GB 142.250.179.238:443 youtube.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 200.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com tcp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-aigzrnze.googlevideo.com udp
GB 74.125.175.231:443 rr2---sn-aigzrnze.googlevideo.com tcp
GB 74.125.175.231:443 rr2---sn-aigzrnze.googlevideo.com tcp
US 8.8.8.8:53 231.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-5hne6n6l.googlevideo.com udp
NL 74.125.8.170:443 rr5---sn-5hne6n6l.googlevideo.com udp
GB 74.125.175.231:443 rr2---sn-aigzrnze.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-5hnekn7d.googlevideo.com udp
NL 209.85.226.41:443 rr4---sn-5hnekn7d.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-5hne6nz6.googlevideo.com udp
NL 74.125.100.200:443 rr3---sn-5hne6nz6.googlevideo.com udp
US 8.8.8.8:53 170.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 41.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 200.100.125.74.in-addr.arpa udp
GB 142.250.187.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
BE 108.177.15.84:443 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
DE 193.161.193.99:24858 hola435-24858.portmap.host tcp
US 8.8.8.8:53 ipwho.is udp
DE 195.201.57.90:443 ipwho.is tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.200.22:443 i.ytimg.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.187.225:443 yt3.ggpht.com udp
BE 108.177.15.84:443 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 maps.gstatic.com udp
GB 216.58.204.67:443 maps.gstatic.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 www.bankofamerica.com udp
US 171.159.118.100:443 www.bankofamerica.com tcp
US 8.8.8.8:53 100.118.159.171.in-addr.arpa udp
US 8.8.8.8:53 www2.bac-assets.com udp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
IE 18.66.171.57:445 tags.tiqcdn.com tcp
US 8.8.8.8:53 target.bankofamerica.com udp
US 8.8.8.8:53 secure.bankofamerica.com udp
US 8.8.8.8:53 secure2.bac-assets.com udp
US 171.161.102.200:443 secure.bankofamerica.com tcp
US 171.161.102.200:443 secure.bankofamerica.com tcp
US 171.161.102.200:443 secure.bankofamerica.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
FR 192.229.133.92:443 secure2.bac-assets.com tcp
US 171.161.102.200:443 secure.bankofamerica.com tcp
US 8.8.8.8:53 231.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 92.133.229.192.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 bup.bankofamerica.com udp
US 52.247.36.244:443 bup.bankofamerica.com tcp
US 171.161.102.200:443 secure.bankofamerica.com tcp
US 8.8.8.8:53 rail.bankofamerica.com udp
US 184.72.205.49:80 rail.bankofamerica.com tcp
IE 18.66.171.20:445 tags.tiqcdn.com tcp
IE 18.66.171.83:445 tags.tiqcdn.com tcp
IE 18.66.171.128:445 tags.tiqcdn.com tcp
US 8.8.8.8:53 200.102.161.171.in-addr.arpa udp
US 8.8.8.8:53 244.36.247.52.in-addr.arpa udp
US 8.8.8.8:53 49.205.72.184.in-addr.arpa udp
US 8.8.8.8:53 stun.cdn-net.com udp
US 8.8.8.8:53 stun.cdn-net.com udp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 187.80.208.52.in-addr.arpa udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 secure.bankofamerica.com udp
US 171.161.118.200:443 secure.bankofamerica.com tcp
US 171.161.118.200:443 secure.bankofamerica.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 171.161.118.200:443 secure.bankofamerica.com tcp
US 171.161.118.200:443 secure.bankofamerica.com tcp
US 171.161.118.200:443 secure.bankofamerica.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 200.118.161.171.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.50.97.18:443 dpm.demdex.net tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
US 184.72.205.49:443 rail.bankofamerica.com tcp
US 8.8.8.8:53 aero.bankofamerica.com udp
US 171.161.118.200:443 secure.bankofamerica.com tcp
US 3.215.201.186:443 aero.bankofamerica.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 171.161.118.200:443 secure.bankofamerica.com tcp
US 8.8.8.8:53 18.97.50.52.in-addr.arpa udp
US 8.8.8.8:53 186.201.215.3.in-addr.arpa udp
US 8.8.8.8:53 content-cdn.com udp
US 34.237.178.183:445 content-cdn.com tcp
US 8.8.8.8:53 stun.cdn-net.com udp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 boss.bankofamerica.com udp
US 8.8.8.8:53 dull.bankofamerica.com udp
US 54.175.161.4:443 boss.bankofamerica.com tcp
US 54.175.161.4:443 boss.bankofamerica.com tcp
US 34.197.33.132:443 dull.bankofamerica.com tcp
US 8.8.8.8:53 132.33.197.34.in-addr.arpa udp
US 8.8.8.8:53 4.161.175.54.in-addr.arpa udp
US 52.21.2.28:445 content-cdn.com tcp
US 34.199.195.55:445 content-cdn.com tcp
US 8.8.8.8:53 awuseb.advanced-web-analytics.com udp
IE 13.224.68.20:443 awuseb.advanced-web-analytics.com tcp
US 8.8.8.8:53 20.68.224.13.in-addr.arpa udp
US 52.247.36.244:443 bup.bankofamerica.com tcp
US 8.8.8.8:53 content-cdn.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 careers.bankofamerica.com udp
US 171.159.226.121:443 careers.bankofamerica.com tcp
GB 142.250.180.4:443 www.google.com udp
US 171.159.226.121:443 careers.bankofamerica.com tcp
US 8.8.8.8:53 121.226.159.171.in-addr.arpa udp
US 171.159.226.121:443 careers.bankofamerica.com tcp
US 171.159.226.121:443 careers.bankofamerica.com tcp
US 171.159.226.121:443 careers.bankofamerica.com tcp
US 171.159.226.121:443 careers.bankofamerica.com tcp
IE 18.66.171.83:443 tags.tiqcdn.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 83.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
FR 192.229.233.231:443 www2.bac-assets.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 privacyportal-bofa.my.onetrust.com udp
US 104.18.32.137:443 privacyportal-bofa.my.onetrust.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 stun.cdn-net.com udp
IE 13.224.68.20:443 awuseb.advanced-web-analytics.com udp
US 8.8.8.8:53 www.bankofamerica.com udp
US 171.161.118.100:443 www.bankofamerica.com tcp
US 8.8.8.8:53 100.118.161.171.in-addr.arpa udp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
FR 192.229.233.231:443 www2.bac-assets.com tcp
IE 66.235.152.221:443 target.bankofamerica.com tcp
US 171.161.118.200:443 secure.bankofamerica.com tcp
FR 192.229.133.92:443 secure2.bac-assets.com tcp
US 8.8.8.8:53 stun.cdn-net.com udp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 storage.glancecdn.net udp
IE 3.162.140.83:443 storage.glancecdn.net tcp
US 8.8.8.8:53 tilt.bankofamerica.com udp
US 171.161.102.28:443 tilt.bankofamerica.com tcp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 83.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 glassbox-hlx-igw.bankofamerica.com udp
US 8.8.8.8:53 smetrics.bankofamerica.com udp
IE 66.235.152.221:443 smetrics.bankofamerica.com tcp
US 171.161.100.253:443 glassbox-hlx-igw.bankofamerica.com tcp
US 8.8.8.8:53 d.agkn.com udp
IE 54.77.248.233:443 d.agkn.com tcp
US 171.161.102.28:443 tilt.bankofamerica.com tcp
US 171.161.102.28:443 tilt.bankofamerica.com tcp
US 8.8.8.8:53 253.100.161.171.in-addr.arpa udp
US 8.8.8.8:53 233.248.77.54.in-addr.arpa udp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 secure.bankofamerica.com udp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 stun.cdn-net.com udp
US 8.8.8.8:53 aero.bankofamerica.com udp

Files

C:\Users\Admin\Desktop\kreo q zi.exe

MD5 28ac02fc40c8f1c2a8989ee3c09a1372
SHA1 b182758b62a1482142c0fce4be78c786e08b7025
SHA256 0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b
SHA512 2cbf2f6af46e5fae8e67144e1ac70bc748036c7adb7f7810d7d7d9f255ccf5d163cce07f11fb6526f9ab61c39f28bdf2356cc315b19a61cd2115612882eab767

memory/2368-4-0x00007FFD263B3000-0x00007FFD263B5000-memory.dmp

memory/2368-5-0x0000000000B70000-0x0000000000E94000-memory.dmp

memory/2368-6-0x00007FFD263B0000-0x00007FFD26E72000-memory.dmp

memory/2368-9-0x00007FFD263B0000-0x00007FFD26E72000-memory.dmp

memory/2304-10-0x000000001B360000-0x000000001B3B0000-memory.dmp

memory/2304-11-0x000000001C9E0000-0x000000001CA92000-memory.dmp

memory/2304-15-0x000000001C9A0000-0x000000001C9DC000-memory.dmp

memory/2304-14-0x000000001C940000-0x000000001C952000-memory.dmp

\??\pipe\crashpad_744_SIILBSLSXHFJJUMH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2304-49-0x000000001E370000-0x000000001E898000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b7ab3b271b7b2127f01fabaa8e516797
SHA1 ea5912a8e6375d6e42a3d1640e1bd55a9d6ee3aa
SHA256 452092472ff856795f6c2d37092b9416a4bf904ca0392cf0e449339245de0a20
SHA512 98fc9c7022a021bf8c62ea5a5494fac27b6969a5479d831e2deae477330cfe4896fe26b78809740848aac6b1bdfcf3bf78d66da272511e787614f7f5b1df99b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 54808db2ebd73ab1c55c05cf9242c898
SHA1 fdb6b63e11a81bfa3186c5dd17a59a0d449cdcea
SHA256 bae99e111e141126d34dff3fd8132c6d269f56d6c634c9c47b8c69862034ada9
SHA512 44d5f8234acda759c0a31a947028a1960eadbf96f797df5c9706590d162f4386bc827e2479e0281c5bd7620812e35129107e82ae80db7b109889af7966d135f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86ee44a745c89ad70564fce1be76b3e0
SHA1 700db8c3c9977efcc1bda7ad515e0a73709a950c
SHA256 ace786a8f735c13d98e40e0326544952a241be5878d71e3c99dd5ecd5b1b037a
SHA512 e5275844c1b134bb09b1dcdecc6603a1ff2dc68287e9335b13e25c833c6377a8d8249c0c99bb55cbf77b29031e3118fbe3680d38b4e0b2833c313ceb30fd1f40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49ff213d77528a96b710cefeb7215ae6
SHA1 02ef5e9db298ae8f26310ff32a22365d13f9dbfc
SHA256 ee366a9213ce6491aa04ec0a956a6b05245b4049bd72b9a13037e5de2206bef4
SHA512 0b2228504c04cfd4daee5e3e04d036862d426be4be01e8d559b994802f1cf6115732d06e85f05a1da7ddce3554454aa84bd8f0cd4397b513022af5f6577f8500

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 318b5cc9f093d54942e021b8647212b0
SHA1 0c63a189405f3cbef98f9ca1e2fb787d9f81fd3d
SHA256 f7b3ee1a4c123a37e0f465df18b5871394bc9fac6fde75b21438fdda5102b365
SHA512 b4096b9ae5fe41b0083abf61d854489f7f6a09d4101b3a48c126df17f11c9c033f6c9371381b1997c2752c67f3db194c50ccb12a65d714911a0f42e832f86255

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d84ace6b742ff00eefdff68949de8854
SHA1 81bad4edbe5946f4f9b7b7a1880907abf1c9eb90
SHA256 4aaf599df216822f0e3cca4a8a8b7f5b605ee49dceef8ae86302b061792a0e23
SHA512 7fd6e48c7f59b80c582e6786c0e6f6ffbe16b2044a095211bc2980862ce3b5449ad198dcdfa9ef9c23dc8a09fce42f1a6a8cb8155f59d7a954905697b82ef4fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c4dff1a1c7bb719f6fc24e6a6e8cd8fd
SHA1 82f1216f2180675e6f4abdf41fb04c2fa9c71a71
SHA256 5f293e95b546eb2f2853998bf2cf7b5b44958f171815f4624031efea69057890
SHA512 682f7b45fdfbea95b49820185b03020d4fb3d2572316996fd81a8fd9ef911c79b18ccaf81981d849172fbf77cbb5437c8eb026b879b038642c175bfc6894c841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5863d6.TMP

MD5 51c5861649eb080f8a4cd52809db9a46
SHA1 585b2bbe646a92a40dc6bc64165aa88ef512a93d
SHA256 fb743783bfc56ea8ddbf150b70f50712d93610e132eb65af642077028adc150f
SHA512 8df3a1d02bfabd15e73369f09dcd2d92a723f83b06435aba08eed3c2926799ae454afa244e4a0ec60042a7cd161818fa76a13e8866fe8f82583f54acf04c7d67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir744_1461947395\Shortcuts Menu Icons\0\512.png

MD5 206fd9669027c437a36fbf7d73657db7
SHA1 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5
SHA256 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18
SHA512 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir744_1461947395\Shortcuts Menu Icons\1\512.png

MD5 529a0ad2f85dff6370e98e206ecb6ef9
SHA1 7a4ff97f02962afeca94f1815168f41ba54b0691
SHA256 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6
SHA512 d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0953a460-3b22-4e82-b212-7ba138c67e03\index-dir\the-real-index

MD5 75a12694eb56c6c656d97caca4b61034
SHA1 66d402d74ff7b02a1ccaeee7a9104081fd650b39
SHA256 2846a58f35e419953857a001b96da6ebf98b1a7686d668fa2ef5c71cbc554a92
SHA512 57fc0e1a7d9bbb233b334b810ac9a277c91bf6288936c6b81fd64e0a8773cad886488e2a34db1a1db53a196e599f7228f91ffe3c9fe7a5a488caeb2a4845829c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0953a460-3b22-4e82-b212-7ba138c67e03\index-dir\the-real-index~RFe587a8a.TMP

MD5 86b1ee4e36068040c266d790d38b89d9
SHA1 72e9583372f2c7bf5fda9c7968ddd8b7bb8203ed
SHA256 c59a1c2f3ec972b82c5084b601cf644ffcd6ec516932ace8f15f983c1d3b3ccb
SHA512 f64c67b82729315afb39e2245de1f1fd421544faf971292ac853f5b001580fdc0dc02395c3187116a7582deb7a1bdadc899a88c88b3b9497f996af7222a8be5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6276beb3727c038886f41af18b98bb60
SHA1 310f09dbcb9e9cbd2d56db4564020dc983e451f9
SHA256 e395a4334884e2de4dc15a0577335e79a07b45a99beb5d7be0fe5d3d1ad99aae
SHA512 734e65e990a6b0e3d428625e644b9c67369f4e6486bee299abab3fc938a178348efd1d85cede11d8dfdb35654d8e05aa4874bc6caeac20e48f35fbbb221bdae2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6cd019da55bff993492255fe8cc6e7df
SHA1 20ee82863ba3f9a94f13e44bb4d4ea7c13bf9349
SHA256 958dc9ea2bccff7a5526d4bb8be738d9056172735547d47b3b109855d2c1192b
SHA512 7e040f62ce3b3d7f23a333b9f76b1d05667a73b532c3868310882064e328302cbf24e356d475c5c90e043362a4c5f51727fe932e255cd0e4bf62d8f2f179a9f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\445cd837-28a2-4829-95a6-4b260f74433f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 71cf48ab837006f3444437d3f2d755f6
SHA1 d295253c13338baff03a5273693ffebd63bb8e4b
SHA256 d01f98c8d3d7681306d51db8444d0c4c319d815044f35b7a11ff3981f68cd07f
SHA512 6ddd1e9ff28e989eb8f3af49513d73d79da48fe7c87aba1c72f3b389591371ceda4d80343a6a1a5855ec4a6c85c8395fa497407aac2e4000ea79cb96e93ebf06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26af74c456b3257175c9ab18549fc247
SHA1 122a4ab60cf7506bec8c8e0bf4785584a0d0c808
SHA256 1a9fe694f80ad1f4ea13688c7607d74aaaf0a2f9b1d3cadea86fe1c980b8bfdc
SHA512 deb28626689e847b033da23aef6731c71c7363fbbb836d9d30237083cb545503cddb6920ecec82a17b51eee06edbc7c4f384bd95d0e61c21e72bdb5d0b72530a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 482d4011215a56a8f1cae5edf507a90d
SHA1 514131f9583799343244860100d2b6893dd4b2fb
SHA256 30cb7883a3252f234fa1af727ee27da8e72110caa7110044880013e29880a1aa
SHA512 ecdca114b1de32e588e117470ac8c169a09a2bdf0a30eea3acdea8f9a34ebe0aedd8bb31d18598ef228f781eb16c76194628690da15f0ea15806618eb69c8231

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 c13a4abe06af6a47d5e62517fcd4915b
SHA1 a2ae312b8e96890ae55f56c73e4e4c1afa96685c
SHA256 c0e700686718ba247defdde0846e7e45f7c2afe880e4ac520373094089cf2d36
SHA512 442b611fb1a9b330e15ef1c37ea42b1479861668a9e4233f27d6faa135ed8a20dbe9dc600cca519167897994cd03669dd2d980e3aca6f75bb3498be0917a3545

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 ed8a5563031cf192b229adc5a34a6568
SHA1 ea6f28812fa98e24745f8331ead0d99bcbdd1fd0
SHA256 ee97ef78e5e2fd0903f3b0c766e57287226d819a72b9b11499da4f3a6e023c57
SHA512 2402235e78a8c8af0ec0d9b77e3c1d69ffc7061d3889683e2757f5fc17560ae04fe0ae8d754364b896094af28e96272b268d848d1119eda9b95fe15c7fe3a903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ae9105015a17ffd25e513cf07f9d32c
SHA1 f8152eb48aefae4c4b6a0aa42420d9c6cc8ac40e
SHA256 be411e9eaa702fbe70f6304a2e6a5606690632f5c2f0481e5701fe36e357b459
SHA512 6c709fb281fc0383818c6f508dab4e7934cf922e567f5335898549966d8e4ad89f3a2216a1dd949c73aa2a3c39d31e591833759435165881358581568a78107a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 27d28e1ca9ba29c9692d527d8c9d5b38
SHA1 45470fd64bc00570d10b2baa537e82c4b6a177b5
SHA256 18eac61511697a508351592171e09505fa5fdd7eb1d4bd963a60aa493c15dd58
SHA512 8605fd6bbb6b714cafc33d05c02fe91f7b292013e53a84e15f4a1a75f5680f1b10d7abba900134860ad0f3b2d4f82a95b22caaad4f6421b5438ffa956ca22580

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 c516fc64c2ce2da54e42fa31bd5e663a
SHA1 91323242547fb20ba7c4751ba23469907dcf38e3
SHA256 23625b65966e0e7aee05db5af64384107139cfb3b23783e51e2d98bd6b7c8921
SHA512 69b802c19e43c72d0ba03b12ea31b9a4034073ef7cd9db7c6bf1ba649a927abc99ad08655c78bc9ce380a6ee48442533ad23ac44e2728252f040a20b598f7296

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 62648e6e3910199480832b555c8418a8
SHA1 870b6a7bb756b92f3499a20f3d3fea6b320b25ab
SHA256 8631d292e0c4e26adb84ef6a8635aac042ca4615b3fb2c610c66581093ccf274
SHA512 196bfbbd286b7567480513201df291e2295eaaa361ad77620a63fb97b2e657dcac50b34ddbda274a8070385d15359b58b8140f72e38e77ad78e01b543168c401

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8fe20183b308a708bf88fafadba3c484
SHA1 60d0ef399d6906b54e0dd72971975da57cf4f508
SHA256 8ea16dcc8bbe433d990719f896b804db06bb6a1e2b03323f36430415b08dc34a
SHA512 f63ca626c0a2537cc65c657d6fc090c659566aba41d97d69c80c0c77e75a7a3e0df8529bb03cad08514cf79dadbc7460405a8df0ad88f221b2c00c4b9a01f405

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 45fb3c7d16e41b5c282a895b4c96b37a
SHA1 3e9cf7baf2a87351d2ba514acbbef58781ae532c
SHA256 788914ef7ba78f3d941620d71a64ace93ee5cf57baabb3e798d7ab192ea34674
SHA512 2a5edb937bba31c99edaa38ca3ff5c3edf210b978364915f650de5abbc65f4aac69170382234a0d257a718d2a83ae285c4f6636faebf4166b4237ebca5191f45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db10f7ff-d9ff-4dec-8630-9d71fa46bff0\6dd12ba48edbeea3_0

MD5 7e76237ca1dc600d541c11d5b9f02222
SHA1 aa6085d08af6639c2d93079e8a40cb330b1af3b3
SHA256 38a512ad5d98421e3d7ad9f8a8f81328ce56a731b5d2e04f492f475ddc4305b5
SHA512 d3af88ee1c2b7a3f0bf1abc0cd2688c5f0734316d689f267ab77561a0dcd93309adb094dfc6a7205093b28133d6d05f328582910c039517ee35a579f8d7b42a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9bf5b518dc7db3af8c48d13e43763fd0
SHA1 78a90e4699878737f3095828fef99808dc1e2fea
SHA256 58a9e784ebc7db71fc754baa567858893ecde50031cb12ad06040db0538b9407
SHA512 a31fc218cf85e839be4874d9cac832419100f7720e50e0388fd9fe47bcc759cc5532c76d71be460cfafb1643feec6c7784a33ea916972e287389c59ee25b7bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db10f7ff-d9ff-4dec-8630-9d71fa46bff0\index-dir\the-real-index

MD5 13f59eb1f6a3ad28fb6e8e658ba09af5
SHA1 28c8844e8d2fe03096fc62aac609d3c7e369aa70
SHA256 ec722eaf0e067824213e14e76971eb14009489e8158b56f7bf2fd51f7e9e47e3
SHA512 b511fe11499f5e23736c172ae3552367a0d376d505e2ae716871a914e387e2b21886245c1dff014ac8cd8d63e105a7e303b0c72301b32357baee5ced177b7c9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db10f7ff-d9ff-4dec-8630-9d71fa46bff0\index-dir\the-real-index~RFe58d646.TMP

MD5 9b895097bcd2147e16c9f402948e4752
SHA1 a892c52c109ebf919b85c79b8d3eb12dbb2ca655
SHA256 adefd45f2e4d4387433023edbda02c5c7ffd259a5bb362f9b273ce1fba1f4ab4
SHA512 08946975ef4dd03716c4de464ddc60bc7be2c7313f15f3f8ae50f32074bc8bf5815b910b349f7f87b06dbc57222029f302244253399008d4fd9d67dc2a69a264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c738cb68dcda3939e5f9302b52510b3f
SHA1 d440228eb0d7e80862f310465e9afb9b96682248
SHA256 543ec7d05f10279bcc115c422f6471aa0ffe54ae737c6cf9c819933168582f25
SHA512 109c7d8313a13731d7b3f22648c0d82ba44340ef3b1ba69cf62d611d86de012314370b3a5e19109edccf3495489bd2174b7a4b81ea38af9191f54132772392db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e20e2ccce0ed8897fd2c272bf55b5d8
SHA1 589c6c6f53099f84b52bf3960095d38a47d8bff2
SHA256 32069e9943cc6ac9395deb59682e61842eca50da00634bb569aea9f3750bb505
SHA512 85ac723fdea1b548524e7820d6ad0b83bd6ae462675d481b4f4a1b5c95b06685839bb6ffef3362c74aff474abf50850b22884343bf9d70623ee520db2b041526

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 dc85cc88bc1896f2b68ba48e32d5d9ac
SHA1 94988706b5b5e744e568c44523277c4a0a06cb7a
SHA256 ebb1091dc264b8b2b3ea234f764c77e7e6f79ae313fd0a4a8aaa2846bb1e0add
SHA512 d01202289373068ed579883d4c061dd12806753bf8f7254c1589339de50731d9611d68cb51f1cd69aeef26933f79d66aaa06e1015c95860f111ac8b95bbf87db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\445cd837-28a2-4829-95a6-4b260f74433f\index-dir\the-real-index

MD5 965eb691c648e9cfcf6cb90f90c8965c
SHA1 670313fbfe979d3520ff3be1b76a6b38cc261489
SHA256 01dc71a3c2076dafc494b3d4f028d52a1cad669ee2bfcbd0c51a3bab4d9a35b0
SHA512 e0d5ead7e59443e8ffe8c4ac8af85cf125a651a5b417b7d72f220bd490e08badb6caf009076b801925d1088929e9cfccc4061b354bda2107d4bf698c77300cc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\445cd837-28a2-4829-95a6-4b260f74433f\index-dir\the-real-index

MD5 1145abd953122b20888a063751887a6c
SHA1 baad8b0301b27ca44bbf3b22e96deb83ee89db11
SHA256 ff891a05fe29ed4531aa4eb98d057c40c5aec0d3637eb3da12642769bdc6973e
SHA512 9e4ed6ad67a658cf0e2b2b48bcea637b0ba443adf8f1fdef4bcf6945aa28d7b15006ae558d08413b1f81673fae1c586054601e3b8aefd4309d7480afebe38223

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6782ecf99e7a8f80df51acc882ccd5a7
SHA1 f59c69d792b9e9052233ba6f682fd44dbc2670f2
SHA256 cf584150c2b56c94e08c646cac3b3384b9192b1144940cbbc6c2e85062543288
SHA512 f9de44560dad959cbbc8451e3955a4635e0f8c7700f30ea0704bf326d0fc281f088b45457a0c2e1823276fdb156720337ec5bc4ca2ada453127c58c28ff968c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000010

MD5 9b10a2b3aa2076a6c09018c003e7e8be
SHA1 55c03c3691b68e7b1ee571420405e45b63dfaf00
SHA256 5f4fed572bbaf37cf4d8cb6e5cbdcd4869f5d2f34ec019272639490d428a7bc3
SHA512 050a713470cab4a476e5e4c55af85d5a91fef1556505fed273a64fe4f276cb4863b58d41977ab6f20db6e144b631fabf80adc40c0cb1a01e65ed424c0a4dce42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a82f6df41ab3ecb8844a1d4cae30bc6d
SHA1 072cfa12e8e96bd0895460ddee87b8e18b089f00
SHA256 86977aaf2058d7d6080b49ec4c89b471b176c1d6ca9bbd7dc94506da3a39997b
SHA512 573f95d85a694bd074450a6dfb161de7a17988fe5452554a2b0a11e23493307b4db25e56ab3dc49b4e2ae2fcc65d3eb8ab17e2b165998971b413e9271615f501

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 34102ad03f2b1bd0a6e662cbe994148d
SHA1 4516bd11b4588a2f2795555d90ee53ee62a5dc67
SHA256 4990b3fe57a6656cb9bbd02d14bc7631ab2dda3f4ec1f400dff75db1f95f5058
SHA512 0aa5f8c8869f8f74cb2bac4c70bccbb711d4addaf53d7836d6e604fd6ef306b64c3ca079fc33d46ce358826bb8811497b543ac0849146572a3aaedd56d6f5cee

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\kreo q zi.exe.log

MD5 b08c36ce99a5ed11891ef6fc6d8647e9
SHA1 db95af417857221948eb1882e60f98ab2914bf1d
SHA256 cc9248a177495f45ec70b86c34fc5746c56730af36ace98ac7eb365dbafda674
SHA512 07e62581eace395b0a9699d727761648103180c21155d84ea09140f9e1c9690705c419118545aa67a564334bbde32710225fe3aa92b0b4b4210cb91f0058b1ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9657e9d31d1d7f1ddf2589609bf1ea5e
SHA1 076bf64ef02dd76eca7c63ed3713e403189aa635
SHA256 ea660fd2b23c718dc888ea177231cd647038783de28286164aa3d50ea428244b
SHA512 215d07f0e7178a1fc0660258fab8950fdcb0b954d5d2560e35d9a540dc002c579666f60cc6494e90fdd6790dce6211f5c1c558b63e2be30299b8323f36acc50d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\445cd837-28a2-4829-95a6-4b260f74433f\index-dir\temp-index

MD5 01852c09d0f1262910ba48e554b67ae3
SHA1 fde9e6fd3c497f06e3dbe507cf86a6d7ae340429
SHA256 659b2645af449032f6ec678614bc3d66fbbca7d07544d77f906353ba7ee564fc
SHA512 ab9ea7848c439359ee21ecae32050f66121887e7d57cb7e497a86239ab5edc98c985ad4d1339bceacc580e190290997aed78c75c4fa9197c71d65472bfb20296

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0a3d29826ae9d95624424f45e7e40f04
SHA1 68beeda5e89103733b14728c0d3c428de7e52a17
SHA256 30b9eff3a735cb3cd1a24d6d82a8121c48e378d4c4a228df25e3d3f8adcbfb6a
SHA512 17fbbf1a9fa1bfc3c395c68f96da60a30156d7394aa061ae45ae638834a57144dc98fd38b1d13d5a92fb98f2c47321fb1f1a637a92b8990873a632c2a3485755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3ff547f4d34a1694d84827449488cf0
SHA1 e60e2020ce4cf20f88ecc29de7898800be6402ac
SHA256 4894c55648985e29852c03d2c151c724c0ed25e5c4bcba4952b65118a6cc5824
SHA512 76aaf4e0dc95ea2770d2e5f941f16061a2de3daba6985b421b0af76f8c57c42af597373053af497b0195e4629b601922f1af336f69796c88c7877e481b8bd147

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 437f03791676d4054047a78592c705c9
SHA1 45d78c3ef22bb907edb9bfbade3390bad92ff5e1
SHA256 fb0f53fd26b451329a02bad3aa3e89b029b2e6e14f9aeac5772065d8f3162e95
SHA512 713c64e293b920158d32223dd6ef2d248b58789b341d75ea934028f17108afcc979ed6f9df5b42980586297c455d231c50340635abb73664d10ad0d9da77bdf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec6c106889854edbda8504f8038cf2dd
SHA1 dd78a344665b36868f2c3e3ca733e32e7e75651a
SHA256 0c8f667b618340a80b4386cd35b84ef581d2a2da79e065ca05ba36349297094b
SHA512 40b9ff51a6cdb996aec2256aa5f23e67c03db70a7f498f804055cb5e8a7b5b8e2b0f63153af42dacc451c68816f136ef5fecbbf4e4f53f3a7f6c00ab2305028b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9f4128dd110458f378ce50d067276550
SHA1 6c658a74eca09fb9e90823836ff21fd5cb0c8e11
SHA256 4f853aba4cfaa6ee6e4510e0d5c61c14fa412ff0868f53cce01730488ab7b126
SHA512 b86ba7a9cf5cf5462712e954bf50ca802623e6b023a27b750c4e71e6d36472ba8de101c3a6bf5a36341a8ef906ca34d9603db74c7904f6b5c74de9daf9bd47b7

C:\Users\Admin\AppData\Roaming\Logs\2024-11-05

MD5 cd3e639ab2ac520e8e21ce4a7235f199
SHA1 8b82f867eeaa101463c75ad89f024840c431c0a4
SHA256 3bc135dbdb9878d998a271238bf4ef2c4cdc25e0c02bd8f992b7dba3655e3d7b
SHA512 be34ee09b2d1a4572dcf5f34ab07d3c39e546df50c43e55deef04d0ae9685289149e49d662a8100679574e9acc9362896ed040eac987670de94d0dba6579473c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00482ce398431f2145498d14358b6d7e
SHA1 697da0cb3be9d46b9c8cf3f5aff68ad25edf05c4
SHA256 3cb70ad1551b9b5e271465d70d645efdabbc877bb826736a8749beb3c11cfc93
SHA512 cb9000831f1e91dce277977e8a19f4db469fbd16b5ee3e3cbdb50a4553116fde45dcdc44d3e49cca5198a21cd3d4ce5a89e4b7e9f26fccc46f81438a5764489c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c57bc98ae8d9577e7fdfcea00321d986
SHA1 c9d10203e99e7b31bb9bc206be9e33a438e8dc23
SHA256 fa07c87069dd440d7581d511723665de7a4ba938f3fc557e2f81b84d8ce50d76
SHA512 45d790d7dba856b6f983e6aacda624185a7b3ab86e2d0279b801615984430c61f8e6ed284ab0984e334a7db419a6ec8276d873e87537dde1ce45983cc7765e54

C:\Users\Admin\Downloads\a6f21233-a3f1-4efa-a8e0-baa689c4c82e.tmp

MD5 7d84635cd2e3cd7e4b6648b1dc7d5708
SHA1 aba181e86c536549bd1cb047602954c7f2a00916
SHA256 4f37bf66509cf7d7f8ee67b18380874743ddfd4509e4af2547b75607a01e84d5
SHA512 733d53d9beeb4fbdb729773242339eef068c87813d4e46c232eb56df4264d3531a8eaa49c62d9196c7f5a19aa3bed8ae1e1f69001915c9d2fd66eb04db99e448

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a5af36cee5d77c4f708a99a9a7ced29f
SHA1 930d413662a9129ed366052c1d9716ca5c83241e
SHA256 8bba81b06f6ac1bbe875fd41c4c58053388e54d8449b86e8e3273fc3e274f31d
SHA512 480fdd6a35728fd8a0b7dcb600629873cc758fe7ba2530ded141e0f3c3966d01620988647eafb67091c734af34927b142ece75c52ee615618199e644bcc733e8

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1eb49d2937fdcd53db2e33c39a1a1f6
SHA1 d2928dbc622e49ddc0238e49531e91fd018adf2e
SHA256 4b957c9f50e4d7ee5ca44c3045b9afb98f0073ac8463b7e4ed2ae6a8ecb83162
SHA512 be2379774880b70fa7a0a0aa70e79c5f44e36e02595d7547b85ce9197aca10faa8dff4fc98043a5e5b4dd60c4d84f5c786e08ca4a02ce44101a17881f1a34279

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 af21a900de07d86279733b14a6198986
SHA1 db234f57a3cbf88875b7ea39a619b3dcd2f5f42a
SHA256 c8ffa43f245a547f2c07fe2a4af848248b092c5c5fe38f9a355f60a35843fd3f
SHA512 4485dd7c7127b334fbca3f6ae7301cc01eca5501e270560de5177ab6645b2a8826aae2308b6a65ea96261ec68c7c80b37f8055dd2c3968c762bd2c0d64a9ec72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f281a9c005e6a2176f47fddcdc9a884f
SHA1 1866e2698761c373802bfb3e1a744c6bf59c4419
SHA256 2b1c0a6204ac096c597a05990a8e94dacb55175564e831fa1abbd2d8299e0ca9
SHA512 dc8646575cb6e412f33d77cbc6427cb297f6c9edcfdeec81ffe70ed5262887fa5b1955bb2032dfdd462f9d21936af141ae654b947fc2fc160093b3fa4a91686b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b764e007a6bae8091db33e3dfd785ab1
SHA1 410967e8af3d5fbb8c58f6dd26e542ea47a55115
SHA256 857f1a0a704bb41c0ac46bb3f328bb50b8aaf202ee3814d428bd66e4feeb734e
SHA512 802cadb3e3a9939cf56ed6b3aaa2bbdb21356a9c990a5d37c2384859be66681f548f583d310d87a557fb1d89ad72dd2025b8b38405c2799ead4c26506aeedc28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

MD5 422279de8d0dfec54f333d834af3a320
SHA1 362801f18abc1c20baadfe998082aa55b7479342
SHA256 7bab8e434f7b2e86ca078b6050a11a4defdfd7b5181f793d351ad763179d12c9
SHA512 45511964ddba33b6d875e869836cc14dee8286fe2fa3c119233277b2a1be51f9158f89a08c3f8aff69714e01cc88eed526b750ffbb5103245066531fc05ff920

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0edb14bca523826ecc812096a8a5b5b7
SHA1 df8849ab5247a17d53068f8610544d2a12d8d6ae
SHA256 f467350599973ce45e3818a508b68d34a0232380fc4f031bdf55c33ac74e6d4b
SHA512 07927f7aa56e443b909584ffccb6556444aca91bbe0d5c9b43482f6390365540aec4f8996b53568fe13065c5a4e037b5cb3243bc10b3d406b237aa32a1974657

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1934ca828e66d2239452f96f1a6e80e8
SHA1 14a497ed5c7ad3b342efa5e9bb512036131190bb
SHA256 0a8152a43025efac7ba20dab18058a48456e03c580b41591385cd6f048978dc9
SHA512 f38f15d24d359d53826ea8f02a3e87b7db79c2a3abda68d90e753f3aa2274a3e34578db2fd3b03940f0b3a467ba478feb7472153d810c619eb443dadc0f2b988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0862159923668377ea7eaeb273bc76b
SHA1 1318fa0149ad412e044162bb9e848b202ca4ac97
SHA256 914ff2a683e92b7c94904d1fdb3a0fd44c99b8ed5a42bfe10f4935cae372928b
SHA512 646a9df49728c9cc41df1569c50d92ddca09ddaadf35a5e5d7bc5d153d32c889fa4e6982a4872579d31b8c07f1ea8dc506b20d996e296c61fbde2da83071a5da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 468143e271e41e6e52105c6a428c2a44
SHA1 ae9a898b09212527519e93f438b76be5e912c70b
SHA256 fea8ffe19038825e6bf67f97838554dde70aaec1b23182afe6282427ba69c453
SHA512 5e098085930c959f763c924eaa074ecba359aa7a97da7a1cbb89d27b128ddb7098d1f7d07c56cc11482a7ddf42a534dc440b5a2e5b83aff1f78df46725c5a4ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9eac177119a47aabdac7be54d026460
SHA1 1c275727100435bf5067472e32faad2ed6e6e48b
SHA256 1686a55ca2644438afe8dfa4fda826f3c6c4240ae2f59acae8a63cb1876b8917
SHA512 ec6930e011b45a14a3c55acd72e5a109e7cd079ac0a97e671d2a22b99d7501263c266eba6a0925bb5b503259e8f3e90eb8d8c36752d5fd2df51cd33bc704b7d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9237659c0fffa855adf1f84275572576
SHA1 287432a6515db30932b876462bb2f68640587d6b
SHA256 4997dbd146a331643e343983653a4f27311b04dbd80754ec67a71859b22bfa8e
SHA512 948517b59173a0e10f09a1563562872366696859ca8b501805642a5383746dea85a9693c23ddc60790afa1b2a596f2f1e25fda222838d598a4d1a3a1241bc3cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

MD5 172c174f0196d9630249ed652db05980
SHA1 e725aae2df51e261fbecfb8bee458f26fd443277
SHA256 b60e9ec0223b4c12a82be1ea27a3aa501776401a773a3de42a5901b86bed44c6
SHA512 227a8e8143acac9459d8192bf298f4cd8667320535847df7388e8665992813a3014df6b01a0182e1e26a9c86ff7eb85f0c36d32341d631fd54fbda1a7df2acb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 fd0247c9d23545fbf4148de5eb50f2b9
SHA1 d18e9274c622936a389d9217e66fe195b6570a4c
SHA256 04cb103618ed5b2ccf94d8671d067f24aaee4654c4026dae837d14191d32ae3a
SHA512 d2945a8a8943af95b21d3b287c429b3de650380cc260527b3bc4a72d543f5555fb389884e8b9ed24e62c29075b1044f127dfeb78f8e773893c8e8c263020a589

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6607bda79407e8bcf66d7c4143eb0f1
SHA1 0cf9785cdc8019a40e36c428603db8e2b51b5022
SHA256 ed0f2d19cecd3301b65c501f9418e952854dabef00ee73d429b167fcc81da2aa
SHA512 16a7ffd9ed7cdc18f1deea9a1cf72a9dbe1edf549a6933b5f6d1797b24fe859ce85ff1ef507c2ec4fb127ad0256ec4c956de38fffa765383ba8fb32001c05aea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 536fc5134b5c8d7adc697c191b486ed9
SHA1 0e82efdd5eef2f804227d7d262c16861b0efa843
SHA256 1fe23c31a23eeec0696005455fe5c00f62329b1326028a02fb2f1a2e1fb63ebc
SHA512 61024ec0d892a5550dc8c9c0061f82a35e438a9c9b34f53877fca11e848f90f5c99ae5587eb5ea637b47dba81b48f41cc4a9a043538d1ae1b0b58d8b6f7598e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 6075d7844221cd66b4b5ca7ad8948d26
SHA1 d0117ce9d3c291f3dae0ebe488513cc0e6d83e84
SHA256 188d46586dd06aba22f71a82dcc61ab170ac30fc22c06554b02617ff39f81b08
SHA512 02d1f91d85816f47a8556cc11d59985f28ee7d7ada61e6c4b4d856a7554512033643b0892e17a3d978e001baeecddcd912c1ec888f438709bf61c344a35a4490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

MD5 178098b4327cb4e5407e4a69c8cd2d18
SHA1 0be208356ff56bea3794ed175f3682c2b0701415
SHA256 6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
SHA512 9c2827d361a2a9e02aebec6c00f3f68f13503735a0f0ed02068421cb2fd89aff1e7a3989038aadcaffdbc9d83ce6e18cd90c122dc0f5a5ce8321b2a937b28787

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 c9cc8631233299d771765f14a02b503d
SHA1 a89c52e62458e40dc8883539ad168861055fe45e
SHA256 d434813963d512e5b0433c5122d0bdc94b1174278a83b83e29b2447262739713
SHA512 de37a1edc327f83dc130c4f8735a8829c685951a745bafbcd44d3a621cb5c153f60bab2552e478710baa03c3d1cbe551224f59cca803d922019d46b436801176

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 2ed5595458d20d0becb09c6020e332de
SHA1 9edad17c9e52654965d61cda8d8374efd87c71c3
SHA256 9c1a780cd5c7a5124c525cb72e2be052f0f7be884ec928afa83f620743040cdb
SHA512 6213ab21551c2ceb64a891b8a117063ee968b2cb197e9eabaf4b37ba78c744c24c9caaa0349c68f212409477722f098e821f2826e3a5d4b58da59da41d874ead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

MD5 c03413628c7c69bf9bab87bec2386339
SHA1 05b7abed20bb3cc4306dff2904601e6914b41960
SHA256 152d3c14592dc8ac4f33fa857ab73b99a47c033834da8850a49ad2e9bd0db771
SHA512 e46259dd2bd04633f34285e3cd41925762fb23fcbc0aa6a37b92b3e212724bb6ff6cf52a16b00f614d08311de93459c01822638476ca84dccd565f8fddefbcb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

MD5 0b11b36e2bdde4b8cf810a85296a5d99
SHA1 b5a2027952f0bbd0cf0a829aa66b7911d3d6103c
SHA256 b584c2c7997bf9f1810be40c537a064f152881981026cb5116388e0433dbfdc3
SHA512 86e659397c1cd9a004ab3de1cfd9909d6213672e452c418854a49eccf6c2cdb37452bb2f83c23913933eed81b1856613e7e079c4564427d478ccf13e63079d80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 fbf368512d6de369ecf24f2778db0aa1
SHA1 ad621d647f845c66d1780e44e5495e606605c5fa
SHA256 ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
SHA512 bdd72d7a1bf77b77efac1bbf349023be73cac86892e012d62835e8eb3d747824754a90538aba403ce83277fba630617531ddcbe9a43457ad09a698e7045458c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 5c332a57bc4da5305eeb648fd88efefe
SHA1 f9d487b780c35f9c4b9a39f13d6751ec9b78fe2f
SHA256 620fb1a5593cdf29c9b2a02830f17e2e1f81a5a882d95a686f985850064ee070
SHA512 1f0de10fd73c1f29c8c8cd9fd7694eacb244dd7e11e83e21f7463a0d9429f50429058249944f807cfef2f544e2ab9fdb487a42cdaa120532ccd98cf6e63f6c10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88196f676ed4e2750440e778312470d5
SHA1 fdf14436667cd6faa89ad7fb8c52ba5854d06162
SHA256 396a1429ea75ccdbb772904e889231195517f688cc9dc8053a45cb67b3f65337
SHA512 e0007326d52af99141eedf45aaaafbbf4514e33881c3ec4d788fbfd119e9e4d9cfe08210c1ebc146cabf83ded9c7fc908884e0b29310c8fc9f5be838b17364b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a12e05efa234cfffc59843b75335dc03
SHA1 3062f04f6e34682a16be855a47df683b92fe7f16
SHA256 c49cdde72ce5cc9a4a2edd17d52aa6eec644315ff8b489acf5a9f1ba314f09dd
SHA512 45359b5188f44f14f6bc18ab631ad89d3e5260e267eb3c1b53be5d0e955a97086653109556e237541392febf6c35a7bd07e01e68975faf7e621802de508ebcf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95cdc1074fd48b8389ab3400e692ff9b
SHA1 85606997ca53a50513a4db23b90b26876e00f214
SHA256 f0bcc8318458e135a34bf75e51897fa81aabaae25f8720d480cf042f940cfd7c
SHA512 4e5a3c2ada48a5044b5b76adc68835616084c662f5e51245127e89a6b63134145346324fe9620967aff2e95f7270147852fc11a681b627e78bcd6e3850b6533e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3bc9e4e6d25758630838034aa7fea7f
SHA1 bd702824b4eaa7fcf6108d52ba4d7bf9ab7e614d
SHA256 4aa0c9a5062909fefce4a1c2b7845eff8184afe6f2159d34a1b8fbbf73bcc70b
SHA512 1253c1ba28549cb20b6861881851cf2df0a28e6759beef1be756040ab59f78a54a930b82d55a5536085a20571c0573eff8578d5c1f69735e11c73c99e955ac24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f16a78603dcfb86b44066d47f4aafec1
SHA1 fb014088975248129cb227c8650f832b41293851
SHA256 e35f65ae29517db9f989522f45e61b3ed44381ac167789881d1558190f7d2b7b
SHA512 bd7b1f5f5e9789aaa9e5f660a83d304dd76eeb7bde351d7e8a9440c3af8d934bcaacab703dc15aad0a9b4990e8fd380606637655451f81a01b9060082ccab3e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4f8151e543750745afbc8e7cdcad95e
SHA1 08f7e9a793b48fa1b22623d4cb5a7fa80fe34f81
SHA256 67c933d7f0162c89e32f47250545a678b3f779cd4381cd92081049df91cb592d
SHA512 b1642087d77e09a92ec157ad365c1b00b926ab36a2a47e81535031e0262c0a8848d2e87dc54ace741fcaba5a4a1cccc447e9f43ea1d9b8148597e7bcaf434af1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a27a962c031510fc7cae5af40f588a4c
SHA1 4a0390879bde8462c1d85a800b8af2278d5b1cf4
SHA256 1a186e94a61d61d853898294e7f8ed870d26a519150dc3807816642b15df8ba1
SHA512 4433c52ae62b74fabb0821b654fa46359ab2d519ba48ba845ed9a8bf0414db5757da6bd4951c3901e74150e8b2dd771b6be422607edab2f02087886a53227543