Malware Analysis Report

2024-11-13 18:05

Sample ID 241109-2bm2baspev
Target desktop.ini
SHA256 b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
Tags
bootkit defense_evasion discovery evasion persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

Threat Level: Known bad

The file desktop.ini was found to be: Known bad.

Malicious Activity Summary

bootkit defense_evasion discovery evasion persistence trojan

UAC bypass

Disables RegEdit via registry modification

Downloads MZ/PE file

Disables Task Manager via registry modification

Boot or Logon Autostart Execution: Active Setup

Drops startup file

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

Browser Information Discovery

Modifies registry class

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

System policy modification

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

NTFS ADS

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:24

Reported

2024-11-09 22:33

Platform

win11-20241007-en

Max time kernel

470s

Max time network

435s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\desktop.ini

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.exe C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.exe C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\xina.exe C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
File opened for modification C:\Windows\xina.exe C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
File created C:\Windows\xina.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\taskkill.exe N/A
N/A N/A C:\Windows\System32\taskkill.exe N/A
N/A N/A C:\Windows\System32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756647148222474" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "165" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "7424" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13486" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13959" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070a00420061007200510065007600690072000a0041006200670020006600760074006100720071002000760061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000003c384f78b218db0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "132" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1132" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14926" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13959" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "12519" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1099" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133727767258620983" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "8391" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "7424" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "12519" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{5CD9EDFB-71F3-408E-BFF5-EA7EC80B4C28} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c200602000400440010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "132" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "165" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\xina.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
N/A N/A C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3300 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 4644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 4644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "1" C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\desktop.ini

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3d82cc40,0x7ffc3d82cc4c,0x7ffc3d82cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1780 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3768,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4408,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5260,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5700,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4444,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3468,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5632,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3280,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5380,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4304,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4500,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5716,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3328,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5520,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3844 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe

"C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe"

C:\Windows\System32\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im explorer.exe

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004D0

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5364,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5876,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5884,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5952,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3288,i,371491284925625927,18028582815113889492,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:1

C:\Windows\System32\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im explorer.exe

C:\Windows\System32\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im explorer.exe

Network

Country Destination Domain Proto
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 172.217.16.238:443 consent.google.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.200.14:443 google.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 92.123.128.149:443 www.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 consent.google.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 consent.google.com udp

Files

\??\pipe\crashpad_3300_SVXEWUZSMAQNOVYL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir3300_1906450266\753920e9-95c6-4483-9b80-8d93e6939fdb.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir3300_1906450266\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d0513f45ae9c3355a8db7e140deab215
SHA1 c24a50250d365836ef8bd62f9bc115af824cc04c
SHA256 6818ce4e8df6dfe690c099e4448d499bcf9cb2cdfb491162e25749097d7a349f
SHA512 4914aca4626da49b80f1760b771aa479ed19212137a26781fc5e2716addf3cab971e20f066d588c9978833eb12f4caec3867f7f1c545eece83ded8786c2277f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd855476755347107f0c55f3349ad5f6
SHA1 a49b9f94711f40a9f947add99aae037b74902b33
SHA256 3f9b8f8e732c0a2f26f91c1de67baf6e8e5d417fbce7165771898fd7d9a73554
SHA512 ab9f9709ebf5676f8ea855240ce73d4431119dae69d8a8f0a4da1a6e3c0e94791612e97f6a32188c6fa7d4a5a2e810b01e454bf2112b0fb39cc5e1287ebd0f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1f45ea563a6893dbeffe40470f4a743
SHA1 cf13b8f2c10210f00b3c17b3fb8196ede1935835
SHA256 2c44a91f936cc45b89eefa26ef68f7044011c912bd12425bf78bb7a187d7fda0
SHA512 7971c5e9cb34904e9f96119a6f7ffe7886e8017692f5f2ad0d1406a527cde9b34fded80fc00b21c3aa10fd15adc0ab35c099f0ff1287b40cbe9edbbc4c5007ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5669cacd7ea65f1d9c5b7d79853dbbb
SHA1 5543a09d6867841d4a5e4f0b7786d52d74c1a4ff
SHA256 504895b835c6489f33a86f0b4ea12dc1164eb448f3d419171ca8b0f6d742a94f
SHA512 7d364ea7a01052868403ccbad9a5c1138971b7f1afc6c0f085abbf0b51f472ece17146c3ed617bf650033cbc606ae65c61344058708c544a43b5c898913030f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6080f794e6540b73e34303d626aea262
SHA1 aea2ace34559a8e5597261507840920bb0175754
SHA256 765e388d50d7f906d08c55cb6c1975ba2fbf41b59e6a19cef833615bc2780c0e
SHA512 d6355faac2aa1d64e59a81d2e7454caf5d0b0c761afcc1e906f74cd637cc234fe3bc3fb88c27e84f6816125fd688d685dbf673a0137d5b4e6d286f89ad9ff0dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec83bbc623abdfbbbd673db8fc5f0e9b
SHA1 4ff6957b7a64007c87df058a4008d74bab10d6b0
SHA256 c4ea83f46da3aeb97496cf47c5799c25152d260a2b86f5b537c059be35f92ee5
SHA512 5cd1c3e69745cc4af0c67a8e23782106645ecb4de4247fe116ea4a76034f212333bc13c718af5253f95126c5a98d04f1352a7b3b8e5b3a0f153f86878773cd78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d38f0a5223f8ed6242d45e7d50c5008
SHA1 1aa3fb1cd14db9c0454a3b7a55036448d2cdcc70
SHA256 e83c0fd95a4859b700d4c5a8b82fbe1dbbfeca7cf1830bb651885bb6cba137d6
SHA512 74072d3df2459159d845d5cf121f30538838b29092e9a83128ea70e7fc08f3bab8fec7bb436abc225f7f4fa4276ab50358c93cc1e9b02db9c2623b2957994afe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0ff510a3fafe89f86293b7576d42efdb
SHA1 9074af4b160e5f4f41ec9a9740bb56e3373186da
SHA256 d2d600e06b5a7d404c0a014ebf90365bb4c462ee6faaf259473ea1eaccbdaf2a
SHA512 9518ebf971af0552b23a1e1ee5f5c272e6300b0384e465ef931b13ab96027b2b67235c20544cd1cc0f9ff22954c7bff0c1a9c3365191fa028017fac89f38af69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8b5dbd7992d5a69217be15a87de49224
SHA1 fc65642bc1df4fa86a44d33d76584593a582faa5
SHA256 188cc47c0e64e3e11c0683ce4972784fb3239bd62baf7730a3b01cde44eae41b
SHA512 06a7ecab73d2990d66736b2697a2e4b8d3f5e63f7f7262c8bcda14a63e170f71cbe12ad5f306604570c608e7254fcb427390e8a5e094d5707a49856c44c674c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24ea39e7500070487a22b652e2126aeb
SHA1 b3451f8c0812f38927ec3cbf367b87dcb6e8347c
SHA256 2b23666ae05c5cada5f1b9c1e77be536a532fcf2fb72880527b1ab604d6cd0ca
SHA512 668517f5d2aae53142e57b8b509e75c30da5608006983dbd4d00cc74feeb7cf621ab81915df077531cb7d04c63b90654d610dec6b4b59bd216792fc44830bb73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 14e34c5f72223986f82f70dbdf59b8ea
SHA1 83557bbc06c39c643cebb08f5616485583c11622
SHA256 3aaf831e8173e671dd411e7bd55eefaf50e2a95c0d5aad655cf3a3684abb5b79
SHA512 9ba69d81d002d7a43d2baeadc438499bb14be6f310752966273ae7188237b179d146b8d58b5eabc79cfbca0142ddd18b6637b2b076c907d30892a3172fe7fc2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 490ec964a5b33b1e8ce8863a49f98502
SHA1 3534b41713d72edd9b010688f4c05c6400221d3b
SHA256 5942739aa9e1903e808a54592176b72ddb47f3b76603e273b3a76b052d568b08
SHA512 1c7c54872e74b66dd9eea503ae1b2f0f418d64842c417e03580c616a9667b6ebff54bcb250bc9d4493ba0f05c88b01e767824e6fd394e46961c754ada55bb92e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e6ea78d3f0ce2a8ca0c643f8bacfa95d
SHA1 9684b5d8d7138790e2b2e14b4e8a2c2606d974a5
SHA256 321a9957f6c73d986ff88e973fa24e217e815e0f86d4bfc2bfdedd749ccd9913
SHA512 304f2cd46624eddc99cc5bd2df95d7227b711d525f25ad6a8801aa493a5942e07d7201d5a5540ab10a9b6a151e6223d8d6d8cbc90fff0b24b4ba2e8437ca6474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6dc0777c14312552851b1396099f5e5
SHA1 4dfe4c92ffa8f5f3af3fd2fccd4804cc422215cd
SHA256 0a7819fcedc7401717f2db7f6399db25aba6dd26d735959439d36100964cd795
SHA512 7170bd18f395b8c15cb8526e8719ebfee948dcc363e0f53efe8a46d2a84dd0cb40c5593ec271a4a4eb11bf91878969174a49b3bab5090a90a405f92daa3a4a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c791179eaef87dbb8c02370f18cd2666
SHA1 8b30d47c2aee8d052465bdd988c3e35d06167355
SHA256 2547558c479f4f0ad83093e870398c39e8860951d3aba6958e9b70e920d0e01d
SHA512 c3ccba9addbc1d78fabff31c9e9f5422454906d7c072708ea1c5c1cf97d1569a0d955b423d109a58cc319895f69edcf7a1891c869f95d025ca74cf3fe6a1dd19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2106f1c15a67da82a352071e9a59028b
SHA1 1e1386fc88e8e89b8ab481d37988b3d8e661a5da
SHA256 38cf702eef7a3a98e7858c8b7014c5572fa45f8d9595c8f29a924da59a7df7d1
SHA512 d31c6f7c37d6292b7f9a10729672d9088e455cbcd910393ebb9a1db1f2513c0f284e686fda5dcd0b4beb5e40ce8bbab901d9c3918fd350bf452f32e14186369c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 618b605b4a6b943aaa221fa1254ef4b4
SHA1 cc37e2744de2ec29d1e36b5b1fdd90d216aa460b
SHA256 61e9425cab3afdbeef396a67e11299c4aa666063f36ee291aa30cbee54a610cf
SHA512 aacb2ed60245cb38ab61b49057c6a5cdcbba79a322a49b11022a945fbab8016d56e5ded4c9fb8d874b835bc1941b6b13a525d0fdc332de3be26c573ee83d0fc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d3195ea4-942d-45cc-9380-6a66e4fb4174.tmp

MD5 9c4b8cc63dfbb6d4e4b7c808e393d50d
SHA1 40d282a31915a44d40da1ea594cab030bb69df2c
SHA256 17787f54795ad50accb4f499dee9f48fe9dc0555853a7a21815a7179ebb1b4cb
SHA512 8a704be27ab4bcc395c38d253b62f0b0c8c31e30ce021514151f11e379d5430ac030b84beff4daba96ef0dae467f514b1ff92a38f3530a0c0215aae68ea26c03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9c60e4864723ef6c269deb16e3b4eba9
SHA1 4810640608ff18233046bd0380514c60570fc0ed
SHA256 bda72a108b60d7298ef951bf8c9efa004071465197845f24d40b5fdd5b2cc8f2
SHA512 01fa8fc430ae70cd76e7a800c91176174214accc066f112782126edd4b5654964ab7bbb7a037e59ee77dfcae5e46ca87d04b88ca9ddf3a172ee3976988965b06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 070cc88f6e365817aa44bcb8549a3fef
SHA1 c14a7cfcf703150d3b3f6daca1dfa2d488fcc0d4
SHA256 6b2526dd675a6399570503d5427cc4b345da4d612ccb229db6213277e017a906
SHA512 12d1d90b86fc609026178a2f1967a2662d3fe948fbc85d2ef3a7b435a52c037a30c691748f285e65e924b4cdbbaa645e0e3e22f06279c2155769fb6be1215189

C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe

MD5 80c506da3df5e4580c06c48162bccbea
SHA1 43fbccf50f91cd8e1190869b0edc96d920519c14
SHA256 5699b2e12f78b7eeca0633c6a5a93effe7187565eccd7668acccf93c61ab7acb
SHA512 f4a424bf758bb48da944701397ac1e82bb72a15ea4e8818535f2e52199d37e9caf4361303fee4bd9d6db528e1c0171d1612aebc5f636ca9c4ee4fd795432b8c5

C:\Users\Admin\Downloads\SOCIAL CREDIT TEST.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4242456bfb888f480851db1ed532b0d7
SHA1 70476e4a2466aa8bb9ca9bf8e42ecab12ae502df
SHA256 4976781a174e57d49440635734044b03899200254a183c5fe3ee4ff1e634c784
SHA512 7514faeca106de8a8ec9b3ea4273a8db6f0ff4ecf26118a15b5b15293e467dc229ec8d7b1fdebf884a24ff1a766e2c8f8fec385028771e2cc711fd92d2a7e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1f15f23992a0107d77cdef69b5a70e0e
SHA1 1367cf952d82a184bcd75e0845277c82fc298723
SHA256 e8843f92032f3106316cd97306c5d2c00bf6286c7c4311c251a4092f2ea41ed7
SHA512 739a8843f7a44e820c2cadde9bc5df3bb5cbe93e51539609e9c53af3cbb6678d3e1d162f60c152971062bf62244b7de918484e1c4719cab618c34a1d815980c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a3dbefeac9a2ad277d28cb5b0116d60
SHA1 e52271e75d662c8a657b2fc5288cfa11d54f9836
SHA256 898a021252dabe79bb36b0f5938b7660f8d3446c9d038fd91308def83e691d16
SHA512 6f5dc85d70ab0b069b464fee6d808b57b2aedfbb6c84df7d1b1b6a06b2e72e983be0cf4d5800ccf359e2acd4fe3dc7755b5233136f48c7e01751f39726df3ea8

memory/3076-972-0x0000000000880000-0x0000000001C44000-memory.dmp

C:\startup.exe

MD5 12b162b0c010fcc23fa43b03cbb76509
SHA1 a696c6b6d5c0216b3eddf8dd4eb2a269abe19d00
SHA256 6be68911f16ec9283da61ce222d946c9e8e5ea39d71ad9d23216b4961947d180
SHA512 f983d2a19c18574cd09c1be30f44a6c8b586bfc74341367f6dfab26a6c7440f73e7ba252e66d1ed5fa6af5a78dd3f69de3909a369fe08ad78ca1e539eaa036c4

C:\backg.jpg

MD5 aa8212e3f48d35711f219cd9bf1265ab
SHA1 a3b17cc5311f23cc2db204f5b7081cd7d170094d
SHA256 ddc65eb885e5f89406a0b9ec5d23b0bf041ef9c15b689ddf6b855c9a62132200
SHA512 1d15ea1e09dae7d5c2b507f26dff3c052888deb7e5f8d17f5baac1c76a15cc2b0f11b470d855213ba17c03b32856e921b36c8acc6a32e9ff1ab9c04dc4ccf261

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61a706c26835de4822ff06cc715035fb
SHA1 6feac5883a57c3b801235e33aa150d4e608dc57b
SHA256 ed75f81986f4b25ad53272e19f3029adc0cda090c82ed52c6ed7dca304fa34d6
SHA512 ac2660a61e2a3d4494fbe3996471bf339da8fb515dc710249b6f4c02788f74bf17bbdf31b210cc71d1d1f0f6c73c74f00dfb92d3afa604f40ad8ab1ab060c877

memory/1328-1144-0x000002414C780000-0x000002414C880000-memory.dmp

memory/1328-1279-0x00000239004A0000-0x00000239004C0000-memory.dmp

memory/1328-1280-0x0000023900630000-0x0000023900730000-memory.dmp

memory/1328-1281-0x0000023900140000-0x0000023900160000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PQ45N7WT\www.bing[1].xml

MD5 bb97adb60b277856d85b68998f61bee8
SHA1 b8afc2c040591f1521cf9a2ff8715b4991c871dc
SHA256 a4f25938e4e13dba5c78e0f857508b07628fc0b351fb0100a2d69bbe230b37a0
SHA512 ebbe76d2796f6c3f91b2a5f1b3fcb90bd0d821596760effbf1e514d289614a38e341d6ebfcbf9bed38b4589e0b528c6c012d503de1935d4f26238f292540d526

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PQ45N7WT\www.bing[1].xml

MD5 95125f2392633cd1f957bccf67da5bbc
SHA1 31251d6ba19b7189cc4a01dfac5eb45e59fdf2c1
SHA256 4e68768ec099440eba58c5e4bdc797cf256fffa997be3b4aa5c2d7089b8a2b69
SHA512 bdf53301055ea7d4bb694a00e04bbafea1b1c299ca55a5d1d4da1f951ff037a21bc03ea93bf5df28345adda3c03d992e8ba1f4e8918f90c07978ece778e23856

memory/1328-1374-0x0000023904000000-0x0000023904100000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PQ45N7WT\www.bing[1].xml

MD5 ce2b3d4aa9fbf44a503129e9bb3a567f
SHA1 619201b476c3a0ea2d0b7469d8bb9846b3798f77
SHA256 1bd6bc2fdf686006129def5cb503143711d18ea1175df1ce34b9cb14b9dbf67e
SHA512 fb0c636ae13056ee7298eaa919aa43eca2a22d1859d0aace6a033f1f4b391b734a3548e9d4522b09fee6cd6241fb4941aec9fc52a2f512daf46b20370f391bf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f72e6046f7f0707b3890ca8f49f3d97
SHA1 d3a4b0ae377ad055eae8d423861511899cada3d0
SHA256 19516e4a13f2d9e7b273442e9d805f4bb4b2485a1c16f60031e996121658db71
SHA512 a338d6b7fc85df4a557a18674ee15d4f534317211f7c0167d5f903efa80056824befe1594a73cab09dc64dc4f17fe7d51d1e4a286be43b1a7644e533c0bcee13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c067fde283ecb8c40ec38e0c3719b73b
SHA1 f81d494dd0767ace78ce7d2153bd70a538b117ca
SHA256 e57992552a727b24778f62fee42fc4ffdaf66bd5f0eb10e95b4e258d649569d4
SHA512 e68f665f48f41d50cd591d6fdc3a5b4b6d86a6b7b52f9130d6a095b2b51a1ae4dcf50451e21b0c396f79af95e6ef393745c1a9a3bf6620d76e7ee41be47883cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e27ed535c3e62165acc8d46a4413aceb
SHA1 6aed9db4669c0bf8bb81682b1c337f15f37dcdc0
SHA256 0972887e5ca83c71fe9d94161f454f86a249b5d40fde6a253e7f5387c6ed5c05
SHA512 2bf8cf06b617a528c57ea25e5176301e16c22be68e025ee1833790f4c4a64b1a26f38407aacf8beaab6c0006d9e41c94a5440d7bebdd789a83fc41834208005e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d9bf1f9d4705ecf11debe601cba4d183
SHA1 bd6ee521a19f431ca918fc4e2f812ecdc085942d
SHA256 5a880b5f7066e2e1d2d6197539f6a728376d49be91ea932c0fff7e940cf6094b
SHA512 29cbe2ac797981661c408e7ec189e5033fca232073a28a406840da74fc633192c1ed1a1ce032decc46bc9f66ecc96492cd5b98c68e41c362f75cb51c3fe97adf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f96f68f16fe2bd5033636573bf06fdba
SHA1 8794ffd2195c7ac74d251ddfd1a157ea9be5edfa
SHA256 ed365a6186902ef54400e6f0437ff96f5e451a6294db78f01c92c1da5ce0a2d3
SHA512 df8867e70bb4ce343fafee54e23a05ac541f0206e071d7734bdb98f3e655ddb634f655b0ba34f4c50e07f4d0eab4dc0a7679aa4aa34603e0e24713591b42f6a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8796a08e3938f26c027a31ce6a732a1b
SHA1 e8c45fd210f23b27bd5864c3f7e1dc945a35040e
SHA256 df04ca1608d16423ceaa20790373d6419cfff252b1281a915569e6d32ac80de4
SHA512 1474ce8742ae9c4b02f01f9245d5607b99eed9b5a93e34aa4b6665193363f2d8520f9720c13920ef054b8eb8d7f3d09d9fd83bd44c50be3d691398696246b343

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c3d8671f65520137aef171673db0ffde
SHA1 ff0979ef77e3f8ae518ae4f3a0f1ce48cfb59d3c
SHA256 fc5a83cf39b224a20f037e4409c4b22f4adc4ea9de6bab5f29fbdd879a46f137
SHA512 cf69ff21b3416951b591086db1e89fdfd9a3bfff7aec0b62f1386e5dfdddcf61456f412f71993b13199e96bf8c7d760724137f6c2fda0cf212902620a75485b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 568f6f1c09c2d99a3079832d4c496aff
SHA1 eeb091f72a98725b4c399e11a282afbfd60bc827
SHA256 2d3b5302d94b832362a245dace964d9910e92b13017847bd5e4bb37a9f722b05
SHA512 9c4027962dc5bc814e3bdda46360ff1fed39156e074db4a47c03d4649c73d8a8c4f977575658b7bb2e558a0deafd5b664b6199e57d166d3ff58632c8227fa088

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6073ec17aea8a00e48b50c858f07016
SHA1 b2d4bce1fe52e0be963b3a9d51679b1eab30dc4f
SHA256 9ffaf44070424ec90bd110b287c92e1da6994d715178b59c280daeb76acbd21c
SHA512 e23df25bf4bda19f473058956a0fe7397efdedda0c0ed9099beb3ec0913069d3b5e21ab5596d0975cf579a75f7953d7ac665dd0594c408b29055b748ebb49ec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 d5e85cc4d073c21dcaeb80217d340d33
SHA1 7f236b9d77f87200fda9b624fb35ec7e280cca9a
SHA256 2043f6de79aeff45e590332e591779809a8769e08c9c602286f1a00bdbcf62e6
SHA512 eb9790c41501288c4b39717f5508291de64c782fd8a66105790052bb265b557395b96cb4fb4f534a3f3f132056d5fb16c7b6ad05fb9e530a7159ebf0c4fc6b47

C:\avocado_icon.ico

MD5 6d362a3e515cc18d537f74fca1f75293
SHA1 99a5b363ac274e027530fa7a532a007b0e6c56f3
SHA256 c87dc1a91720070afe96d3be716d6203540da4d08e9d2339967a8a2a6a521d42
SHA512 896ac439ff7ff58b33413fd978bee25afffd9f4b2a8183ad63db861b92c7118bad0b845ccd85390c8b8a76ba57f6a6fb7d0ad3970bdb0a28fb9f2ed718979821

C:\guy_icon.ico

MD5 caf2b6d49aae9303b222fdd06b91f10a
SHA1 12b967bd3aafa465c228551a7cb2d70f8b9f972e
SHA256 2b670bfb2029e8f023f13180780c648f606bb91fd5854e45e08c27bad2f4e1b8
SHA512 0eb51b3e222c4843fb3d79bddfd04faf41135845f1d20a320be84f076289be9890624cb34b73bf4093b2ddbb8d48ff409deeec5aaf3b10216204a24da4c2f92d

C:\amogus_icon.ico

MD5 43042269818924374a29891d79cb676b
SHA1 f34ef8a688e15efa9c0117816a617892a2730bb8
SHA256 77aa5f8536b9c30133f8083712b2d5434123d31a6ed41f0680fce52e06144187
SHA512 09cefcf48c1ebd4d5593d6d4f6973ff39330d23cf606da54bf79eeecd355842c675bd530b4e43d19b3dcc3fa6f4539d5d161ca423347197d6b319c17abab0e31

C:\the_wok_icon.ico

MD5 8e1462f2d993e1bd6fd00268623abece
SHA1 67367e20f64d32ab8d1840dedd91d686ac989952
SHA256 ac084f24272a89b616e21add98739a7c4dc55830e6c7ac8fff74a9d495eef4c5
SHA512 9184a8a87c2b5ec222df4d51a940977b2ec784c634ca66e5d11a46d35ef1a38162b6e1090e1df364eaef3fc1313a39a989a803c2ace603e90fb4473ec9105ace

C:\theme.wav

MD5 e4f642067670a4001d31ffb18f481f96
SHA1 538336f1beed8f74a0913454265cbcce4822c4e4
SHA256 5b41d14436cdd8e5467be6a1705daa108c428176c9fa4f9c74bd88cd4b703960
SHA512 5b7e27540c1bcd579d633597de005b7cb6a91f2dc8a6849c23b16a1fcc942688cd59ef0b0422a2832a2c84b6517e9debd87c5a1e9a57521837dc1c18ffe4a59c

C:\xina_icon.ico

MD5 0f111a8457f17592240624b2e80a6c61
SHA1 23b009e988c3a95d9e8ac97e9baf2979dda3211d
SHA256 8d49d92735d094885cbb57a63988e6205b5a477f2a571aff2f1e8d295f3d8e2f
SHA512 4e14e5e9c834723a23d3982fa2c5223eb0ac09403bc5cde638733c2a96dc28f820f76b6614e444b5a2aef3fb9f53c6e8f1fffd265ae7bb0af0c372aa7f548bfe

C:\ustupid_icon.ico

MD5 6e3e6e1a0f01c0168c7b1fcb4e63a89d
SHA1 785688b7caa8f28583e417a651517b721405d835
SHA256 b856abc28d3d026fbe327376bbd72f7a169012bc987d59dc9fe600e9714ff634
SHA512 d2038420bb997ff0d97561ff8b167822de36fa1f924962abed0f29b3c8b2ef7bf9a9f52311738d498b894cfd7d488ee0a1741150e45782e555028483bb1ecc99

C:\whenimpostaissus_icon.ico

MD5 57a21de76111fd67dd32bbf5b8cbbe8f
SHA1 127d6c20da0234ac8bc9dd65391fcfd695185274
SHA256 8a5f22591d81c5ce727cab12fa380c3331fd9a3118a69667bd21b8ed9d6bb96f
SHA512 4177b17475c7dff84fa577077d844e27af7d8dafba7f6beacc1b45174d4df2ae88f242529dfbd5f6e5b80bbc5ceb949ba0fcd2c3c7065dcf32226b0e9da85629

C:\ben_icon.ico

MD5 35ed09899d21d2f9806e5c4eb1411324
SHA1 5afa7972868a84f4e49d65f149aa09dda07870d2
SHA256 66775b29fdbd36e7ea15b038224a12271fe84b0e1129b11dec008af1dec986b3
SHA512 625d060ab49f371a9416315f85f6c01874cc19bfd5a4fb9b0a84287f1af0411695623e4176e62afa6623b16339b4c603f6a2179fe00ef505fdcd97e2b36cf820

C:\walt_icon.ico

MD5 fa516d1d0fce7db4dfa81e73cf74e917
SHA1 ecbb4b0ab88b6c7574279693bda9a7cfd0a2d9c0
SHA256 335b92e10ea035e1061ab8d44d02472d2db80a838eae63900b9d02ab9483c4af
SHA512 f9adda2c53121fbe6a0c42582f2af6d19dc8225f9422a2163210153bd5bc458cd4fadb1d97085fadc658b45557ddc3650ca96d68764241a153c70b68569dec8f

C:\dad_icon.ico

MD5 8883262af502c220932bbc50979391ca
SHA1 0be9ff95e86e798493f5f067a6dd3ddec9ed6832
SHA256 f500586d27d938ebfc965c59cdc42e361b78bc41246d52a075bc278271c96fc6
SHA512 ca78bd4cbf199ac1ec91058e48f357b3dae908a5bc06eba132ad9e143d5791d11e04462a96bf836999dd412ff0d9f37d06243c8b944f84ec354a3fb223b1d076

C:\speedrunner_icon.ico

MD5 a0bd05bdf6641d55fff217fc45b6e7a4
SHA1 9c4f824bda8ec17d0c23fbe50cd8f6c55d5784e3
SHA256 c34b87c2f0454d80f7b1989e80eb5b6ca04052c16f94ce294f15a0053cc76ce2
SHA512 bdecd28c096925852936f0aa96a406596a3d60bbff51ac1e12d9241f4c7552630bf12aeb73cfed8cf8afc916cad90d4e6d23e5eafea6e14f73b73ced4992bad3

C:\skream_icon.ico

MD5 21a8888b16b257c094fd38d09612fc48
SHA1 9ce7e89da63c663987c9624a845144a4fecc3e72
SHA256 e1e71925f5169df514d0c196f41fe91ae1419426ed28422aea78ab85b4dafbc4
SHA512 cc554f7180b8f79de7ee6278b19fe8a4331ab9caa5cd980caf66eeed973a3577b56dfb57e4c0797d7987ce55ff8ab305a9a51b27568ae0fb9414498d3c494af2

C:\rock_eyebrow_icon.ico

MD5 56afb11ebd7367af4c03b065ef3580f3
SHA1 4f30fbf3d5c0469533c1b33b98aa612e6704c14b
SHA256 da6e60fa7d074a5b8a90e3ebe53ed1c01661423ec0ec1ff154857bcef14ecff7
SHA512 eef0e1be7dfde83f546d36f41a6339ce17d5c7153da3f3d003838c333884458697b2d156abf9c119f4786d4d53f08563b79d17c0c3e316dabfa519db145e32c4

C:\obama_icon.ico

MD5 f89f675153effeea979e32716d1dcac8
SHA1 84780277f79505ccf920d13391726741e127a79d
SHA256 99232a1b8d11825ccdc89ad8a9e095c6a1c36731836c17207ec5f45cfc0270f7
SHA512 8c447c5a226a127cb671eac033bc7db370a5dd47aeed7e46fcbd112684bcbff300827292c8bd87aee6f21bff887c4c04b7620b3bc22a3b6bd3b6843678083fff

C:\hell_no.wav

MD5 22aa4efefa11404c5656516f4f257a59
SHA1 2b7476f4fc38d51303dc78dcdef4577ea59efa09
SHA256 88f4e80980753871fe322f8dda83e72900cca29961efdf25bd119b259a57d05e
SHA512 167d77f6f5aeb19fc98b6dc969f8ea91906aa23f5771b3f764884a685acbea5fa545486e72daf79decfa86265e6718a0d5e95c6f9c01bbc14a5c6b7c0ad2380f

C:\xina1_icon.ico

MD5 ea930fd90cdcf6d31a2ec4c1559b41f9
SHA1 498db95c46ed784d6c6b83b6ad30184ceb7f80f0
SHA256 aba2367393eab39caa359b90c62ac0231e7af228070c50496a984be89bba4f3e
SHA512 726bf8c578a9019ac025c2fc021cdf7c111597d182720d62c48be9ea4fb3c8f4da777ff2305695a27d0db61c3af9da48e99ada694eab71df9fec459c50a00656

C:\xina2_icon.ico

MD5 d129b378192f4f70d831fb7034d7992f
SHA1 c782ed401d9a33644568dd3d4c78b49ec3d9a4a0
SHA256 3d41e7d8040bc0c91f371f88dbbd7eee29e7c8408d2de331636096f81cc57b4d
SHA512 b31d3191ad62011d53f77e789333f3669b515172aa30f914ca116af0b8b6949a031b002aa391637fdd7ab9a63a5b0dd5ce37dd691766f3d896ff570dcf23b2a7

C:\xina3_icon.ico

MD5 37cf805ea6e33432e8bcd4e028938faf
SHA1 c0ea05823441d9115a2f079346efff5ad2967930
SHA256 c638d0fedabee0972e593ef24aacb2bc86ddcb6a3357d0ddc2228e76d73051bf
SHA512 091bd6d4e0f5707df74a461657b513cf7c61b94e780b80f8f93fb000b0e29b7f59c08a35964d4dbee005e7bd9d3c9be5a69a2486996e3a9f09a3d3784d424a4f

C:\xina4_icon.ico

MD5 5e3393e772f5aad126c10b86b8b59c62
SHA1 ac70b3a5ce29c2d432263a11a4f157fa53222c23
SHA256 049e8a377ff04c64b0e804d14a96f1469bfdf60c6b38d807d8b1af5b293221ef
SHA512 3903acb567fdfd0abff26dcbd4c7c9ebfe569569b1af78283beedd7c2343baa3e3fe19a2e851e43b7313017624435ce814dc839f79c67d3c7ee528b3c71666a7

C:\xina5_icon.ico

MD5 ef185b61dfa8298a39bd12bc5b5ad56e
SHA1 3401678e4ebf8a78c664994e864a18cde058c20f
SHA256 ff3838388c2ed572a4d2ce6b8b6d77490bc56bab33ccf8c586bac27d2df83b68
SHA512 e7fa3e4f302801e617442764a28b7f7a24a394319903a411f40d6da31d03b7530a8160193010ef868c90f9259d44085d113b73fc09a0e72c5a1f9f990d87e7bf

C:\xina6_icon.ico

MD5 fc5f065a5e8ede646d1595c50f9253f8
SHA1 5c9a10baa223eca0ca3005b760b21f9dfe656e94
SHA256 90a1510f938da7440b9b0d2f82428885684761898d4f76575b1c2fbdfc245d92
SHA512 49a96c244bacdf8b5dde05f3b57c18d2f83a53f3f82bf32f6c8026d890e047f6b11d0d7d9357e8d6f509acbaa5fa37d5aab72c26e58f46c99885f272a747f544

C:\xina7_icon.ico

MD5 cb099d15874bc078218294749eb7b6bd
SHA1 27647365028ef3fe8df37d9341595501c5748b9b
SHA256 2efb6ed0f26f8a561014536a1eb846cd4467d830998f6bf2c89f5dbd4a87f1f3
SHA512 c350bd8959004da8cf76a4d79a25629c4e38ad57e22230a29c339685c076cfc0044cc241dc206016183549ac66da685a3d673938f0af6c69f40c0bb6ee5fbc2e

C:\xina8_icon.ico

MD5 337dc66064bf405d08a2c9c2f8b80ee1
SHA1 34e79eaf97bc9274222df62331ed464b06c26deb
SHA256 0bcb24229a3ca5ab524b3241e79d71d0b190994b77d4c420985e8f89b9557774
SHA512 61616a7d4e29c9a47b8f0f6c3a21e68b51ee2a185a2e0e6d3f7933a932305a246091c9ae757aa4d49601f2631e3cb5c62618a1e2a2932b957b9b279d019db337

C:\xina9_icon.ico

MD5 c7e83c267bc0e3238163b11a968d59d0
SHA1 180d269f95d88ab98c4abfaf5024119ab22f5424
SHA256 939f8ad378a8372438fdea72adb3f56cf4ecf3ab3d517efdbf5588c3a34be3dd
SHA512 054593312a083ae7f86b6aaa18ec206193b08368a8166f09815056ed339d1370ed0f03500fd39ad45bcba7a4a450b819415e695ff0a8cbca6db2a5999f9bb741

C:\xina10_icon.ico

MD5 312462041a762b3ca42e106dd23c77ef
SHA1 199e0d9650f70bc9d4aceb95da7d7200668dddde
SHA256 df0e53d5be9ecf641313960c107ab41bce93c8cf4849d006077e33a424cb15c5
SHA512 4d57c6b4659ededbecb127a9676f6cc64644cc270e33ceabe469e84c2a1b38981134aafb8f1d1e53cd0d6cc1f22f08fa3bd7e8568e8f1d907efd4bd07b51f790

C:\xina11_icon.ico

MD5 a6a4e4e3398f437cd4d431d85e9d54a8
SHA1 4afca6d917412205203b9498fd1fde26a926b7af
SHA256 03f9584495fef61a2f54a0f0cc469f26f25f35394be48b5d954d449ca37bc784
SHA512 2ef129c544c12373b8eb06160450ec4c925d2b3075d1f7925859c4a0f184911dda59b6687944b7fc086276b3966e1111535e4e859b3f3715078e1e68dfe6ac2b

C:\xina12_icon.ico

MD5 813e47eaed5990689d0d53815c68d29f
SHA1 a20cf1de1b653e7267c5dd134db2207fb1150e3d
SHA256 710b492db43e192fdf281d9d5ae58a06500b506694ce4685c64d413188c4b245
SHA512 9aa5898a1e6942e41d7cf2ccb9dfb96a0b12c4d148d24a9ec8b9f5bf608bdc0312fdfd97c779a73ea81dcb9ce7df06941efd2a0841b2afc6b439528ec0f84fa5

C:\xina13_icon.ico

MD5 fafd6d2d4a64f53220994bd4bbb9de94
SHA1 05d90ef5327c3ec114d0a36cb29927ca4796e5b7
SHA256 a8cac8b5521a9ff85faa0999ed21af3669c57a9cf51eb14760c001305c44c195
SHA512 64cc77861e5a3679cf2f323ecd673805aa6df266e720d4e889ca283017201d25f194767b7c36aaeeb4a4eebe062d2597fc3e13f1b7e6054b4707ee74178df232

C:\xina14_icon.ico

MD5 398df692cd2ec1bb7920ea5449d965a1
SHA1 d4fb9dc4e31cb5ec3ca4e2dd2223a0d4bc4256ec
SHA256 76fe950ef1408b93f1a13a7197cd3221d8eb6f6660ccf9aaec3bf94f8b9ef703
SHA512 2156c194183d961a06daeca442fe8da4808f2065e8936f4fee10f487784721c0976a69e39a466f1bc1a0c31e082025774a391bbad2138cab638bce4153ca7201

C:\xina15_icon.ico

MD5 b28cdde3e6551f820fbf4d1ae4da6677
SHA1 8e1fbc56e308b24dca374eb5debc9e9bdd5f6135
SHA256 dc1a15e29698e60ac326185e619eb875e869ea3d01746ac0701d11a2716f6b85
SHA512 21bab2e588190151a380d0663f0d8f307c95805af7197bb2adf6019bf28eb3cf57d9e7f621395a7f23ca847811e5a9fd316bc45fa3208c71832966c4127b8cc6

C:\xina16_icon.ico

MD5 66bd198bf0cfca918c45067bdbc354ea
SHA1 04d7bda4cd83a7d1e950a8da7f409eea72033578
SHA256 06f24e06f12ce66cb87a29d7eac67befb737ee1400f11071d4ca83ecb5c78dfc
SHA512 d2d775f19e5cd72671c739d03b6bed554dcc517f93bb83cba7bbe54fc3408cb8d177bb237620894f0cb45117bd902b6e39a7ce3f630f21c8c45b08d2280306c7

C:\xina17_icon.ico

MD5 9225599ab65c613124185b2529989cd5
SHA1 94cf9fdd8808ddc34d8c552a5fd52dd3bd6b4043
SHA256 e64658b6ee5ee61b29cbf79812b1f6cc45367eeb2cbe9da9fa5f1e63979644e8
SHA512 b535e4bf42d1bfe8d0280a694e8663fdfda224b030a80f0ccf0568009e1476cc062c3e88f9e3a3c31b62e5156504570fc17f1466acc234e83cf1f3628ac999b1

C:\xina18_icon.ico

MD5 3807d3a5a2f9fb626c97e048e3b64b1e
SHA1 1b14e6ef507551e72370b03a876e9534b0da3883
SHA256 5d99c8bc9f302d87e86addeebe013c34ca4305f3c9752fd92e979ac6d97aca34
SHA512 fd5ee94044f25dd20495dc3bae17ba89257211be6ca36df224813d7a71afe8270df7e8a74d11655dc6ab1397b5ceab3e56bfeac149a09d3015f10d4b50755164

C:\xina19_icon.ico

MD5 f6ecf41acb43f283021fa952e762b9e4
SHA1 cdd89bee571630d93ceb186ec5dbef3fc28d0019
SHA256 9962141bc3e2a1936bffa25de1e8ad85aa630d4a9770f90e9900534784683be2
SHA512 af637de1c505023a03e2fce65847fbb596a3c7dc6789f636dfc78b185b583e801274fc00f63c12e531a6eefb505a0c2bb29222a133a4f0d08a1eafa3be17acde

C:\xina20_icon.ico

MD5 0e027d0c11f6adfa7aaf640ef5cbb83c
SHA1 b9d69ff6f1ea832de0c713fd2011a1d588cc1d6f
SHA256 93bd144b21f021708564d17a127b241b6236ec7922cc772a78bbdfa9b0fd8ee4
SHA512 77c242c76e6f3aaea9df664ccfa280af6c4931adad908a069073d35cbbf521f5650a0135239f6f831049a5d13ebab595169f27eb9f847a952f8a47a18e092d7c

C:\xina21_icon.ico

MD5 0c12f084e52be0801c90d48ebaaa9c4b
SHA1 8954a0a34e1344e0ef0a8920c9935dedd1eb4dec
SHA256 b1b86e511ff375352a46b9b6fc8f3a7a20c55b7516dd1dd9d5af38adb7f527e9
SHA512 01b8f27eb18a77a7be9a1b910b93c16afcfda1e0c371463619dc6562bfc469af34d152282bde6fd4c14fc191c6b7cf1877d8607e257489498ba1c96f68c52e2c

C:\xina22_icon.ico

MD5 adb1b10c27228fd7a59a50a5839ee6bb
SHA1 579e67dca36773986fcebdd955f86cb6d47a7164
SHA256 4e876b157be27295d52d754db4367a05e2bd10550006355fef27542de0603c1d
SHA512 a2efeda33021d205b11cfce73b9897e82571f42596438020786dc58abcb0e42287ac3730f5f57fe92249f5b8fc8cf74f391fab5ba25004ee84b3741be4849499

C:\xina23_icon.ico

MD5 cf293a4f73d67d90b43d6fe2fc707e0d
SHA1 c779c8794392ac1d907170999a15d8a7440e85c0
SHA256 d2767668d76008045bb9ac633f6ae30daba499cdd4c803030b3f4119169220f6
SHA512 cd2dbe59f40101d36bcf9b2da70ed8f03e66e5c57386be68bc929e1fd05ef2b806afae135ec703e960bc159400cb402d409e7745f7b348ff47fb24861267dea2

C:\fnaf.wav

MD5 a91d1592b7e50f377e7d173951c58178
SHA1 ba8c41495c9209b17b2538bc991a537f3493ebb1
SHA256 65c3102f1a750db1921c3c28064f94f1b53aec88852b874810cefc6a74f402c4
SHA512 8cac33c4b2964fd87ce396e519a894c6674f123e4c2f3642e358dba59ab64a17c110aa74363fca1436fc325f0a986ffdfe94c161fdeae30e425648576a8be1db

C:\alarm.wav

MD5 84b81f71beda7afeded4085a84808465
SHA1 7199bd12cc0ef1f77fcaaba8b3ea5645ab388dce
SHA256 0884ecdc6f9a9ce52f67f6fdeaf02d579b2d7a1c7cf14d20d77c2906e41196a9
SHA512 698bdbc47b061ad37982195a16930caeaccda52f95f9c0d4ed33653590023eda6a2c3f110ea2112aaa67c99ed588d9117797aedd9298b36b37e78dcc5c74a5ae

C:\bom.wav

MD5 1c782f17124b6eea9619acc46fc165a4
SHA1 aa22fe4a52723cf2ec83af3b478531c83ac1c589
SHA256 9f1c04f4d37d995f9f6cdb7751be399468c275f91c35f30bdb45ff9ff31190eb
SHA512 2b63129054cffd9037963f9e42c46c489e697f81109f8465c9cf3915894f143ffa444e9fb1bef195111ea915f36b51f08246b5ddc7ae5763d056bd0c8b0a7921

C:\amogas.wav

MD5 7c96d6b14ab956a856d47e87c4be4553
SHA1 a4626ab555204ae9221547b539fe9fe8b21cf500
SHA256 3e6482553b51c3bf6d419f8333647f59762240861c79f166d1995fc59eb189b4
SHA512 aef86dfb77cce4064a634f3b1accdebb3c066e6d9fc966538df80b2c0d948a017b1af1bd34d93d525f907bb983504544d541ae1a1f074caabaea55d71b4f3f3c

C:\rock.wav

MD5 2483ba5ed0b989e311c585760c624055
SHA1 e4a793b783beb97a94d04c2e2795f02aced64d14
SHA256 651ab26c519b7a0ac97e0adc3c452efbc9233f695f5ae0bb70d42d5b3e37cac5
SHA512 a37554d540383958614fbd898dd7435476480b4c7aa83b9191f626567c1835f338ec35c4799fa544d9cc0bc2aa7b2139ec929f26bffb4fc0424c10c09b8a72b1

C:\whatdadogdoing.wav

MD5 a55dee0b6901e6cc5dee3ee6db227b41
SHA1 914b3ff1faa2a3009b13044ba08f08a71f2f3f20
SHA256 6fd47a0e90adba6e9560ba5fbbc162b346b528aba268300f560d5a144924bd9f
SHA512 ecbd6e493df019e3045a420e0aa6235fdee1d1e97e455370e29ee7563e7c25f9d75afa9b7c1c9d8e2693e90e1271811dbe88072ba8ec4e93cf23d08cdba0f4b5

C:\bass_imposta_sound.wav

MD5 f6d67bd69fe398b2c5238fa4c9d6455a
SHA1 a8c7dfb2cd54dd46f2eb1e2fe6a19bdf40c47e44
SHA256 3ad823c535650fcba2de953fb2ce6fc46afeb04e529494e6b60b788cb28ddc32
SHA512 63e0e262338850ffe35929af320d17eb850efa046f860ca4fdb93518dbeeb2fe9ab3d4d13305c6d1f5c9fe78b42615ac0794d160b66fad5e3a30309dfed117e8

C:\fart.wav

MD5 e87a6a5fe2591cb8c7a88c0bd4cc8d3c
SHA1 75c4ca221b2f4782709f16230059bf8413de13b9
SHA256 840bbecc0e95ca503740df9ac0ac944303c4a4c5f163a3eb4d4aea329629371c
SHA512 2fce9c3827b0d16828175f8ac86029f615614ad0f147c95842113824d8177e2919cd0e09d67b9723396d259dea99e3b465b7a83972a8f1d344925cd8c14f0605

C:\sussybaka.wav

MD5 8853da13437c21bd8c8b131dacd73d4f
SHA1 844f143af3aab36ce1cee355eb7e7c5a4ba67f4a
SHA256 7616c3dc3ef9a7a6d08a54a5e955b33f001647f0821c29b92b022c044226e480
SHA512 31a3989fddbffbb8e6979bf3e855eb13ba97146cc1cee4ab6f939cf002e0a2e698a12383f0f2a8d3d6aab437da9bac7e641189565a7ced1d2c5ae1a8f149cf30

C:\amogus.wav

MD5 c30df0f1ba8d92eccb020946a107c7fe
SHA1 fe95d0b0246a4ecc25fc89ee7102647e12c1dcb5
SHA256 3d6d12cadb2ef6fe5b2a03d15964512bc32895e338c2da25ae2cb07bcb31deae
SHA512 624aebee4d918c8eed1716d17829a36104eb5aeb2d23be021e61f9d8e59a6aeb7215c14365ac081fa2f820e561aa108be25640d1634983dff7ca8ebd4dbd6a45

C:\ustupid.wav

MD5 afc635b14cc1d36ce347aa3ad423bcde
SHA1 306b78de47455914a0550229035516b951e638c5
SHA256 80d9439a20f9f0b09bfb6b7b71a84bd9875c2363141b323522ab0473df90c0b5
SHA512 ce4b43b1b876b741d312a045fede59c4b1287f084a4fd0a1929aa8e6da3820450f25ae9436d48885e30908201e6a82cd3ad7e8e9d92b16aa68aa1e0b37366d40

C:\scream.wav

MD5 2d714bed0f2a11e2daba10305c667e93
SHA1 20af1afd4f3283cd142904a285b6471b119f8079
SHA256 a65f7847e0c4ec164b204cb5abb90a4b58cacc4c957f0749b52c7130094b860d
SHA512 da26fb5aba9377c746993daf6ffbe3df60db4ce0992058b7d70a1a26398f9014a7c111775e1acfe26526500a90daaacf805dda3b8a7cce87c36b60f641fd0119

C:\omg.wav

MD5 4f0ad7516cd72bc8e78452edbfb7675b
SHA1 fdaf974becd0d3d66eb580df0e4beaf048ef22b4
SHA256 654700adddf4f3b7f18f08d3d7ba2df035a026fd38b86f700b950d4ce4cc0cfe
SHA512 d973a212cb46199bfbb938edd724e187f52d273eb92f0f32390f6b8c269886d55a2009545a3b46d456eb8a42f1c76e4956bfde803898d053e2164aa58a92f584