Malware Analysis Report

2024-12-07 10:15

Sample ID 241112-r51t6atmfx
Target http://adjustclient.com
Tags
discovery evasion ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file http://adjustclient.com was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion ransomware

Modifies boot configuration data using bcdedit

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Browser Information Discovery

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Opens file in notepad (likely ransom note)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 14:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 14:47

Reported

2024-11-12 14:54

Platform

win10ltsc2021-20241023-en

Max time kernel

394s

Max time network

397s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://adjustclient.com

Signatures

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758964537718349" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\ef\ = "json_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\.json\ = "json_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\ef C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\.json C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\json_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2332 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 3124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://adjustclient.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd0288cc40,0x7ffd0288cc4c,0x7ffd0288cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2020 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4076,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3440 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5064,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5188,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3760 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x450 0x3e4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3916,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2308,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Adjust\" -spe -an -ai#7zMap19226:74:7zEvent27991

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Adjust\launch.bat" "

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar Adjust.jar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Adjust\configuration.json

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3144,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5676,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5164,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5620,i,9502560507982818150,251694709962952259,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\jd-gui-1.6.6.jar"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://java-decompiler.github.io/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffd0a6c46f8,0x7ffd0a6c4708,0x7ffd0a6c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9010178170490154295,2417585518789852177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9010178170490154295,2417585518789852177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9010178170490154295,2417585518789852177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9010178170490154295,2417585518789852177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9010178170490154295,2417585518789852177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\jd-gui-1.6.6.jar"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd0288cc40,0x7ffd0288cc4c,0x7ffd0288cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4700 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5096,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5072,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3540,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3512,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3256,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3216 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\pcKill.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize

C:\Windows\System32\Wbem\WMIC.exe

wmic os get TotalVisibleMemorySize

C:\Windows\system32\bcdedit.exe

bcdedit.exe /set removememory 4193744

C:\Windows\system32\shutdown.exe

shutdown /r

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5320,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4692,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4596,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,8717485440087374476,13139330626971067337,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5820 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Disable Windows Defender.bat" "

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Disable Windows Defender.bat" "

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39ee055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 adjustclient.com udp
US 104.21.4.78:80 adjustclient.com tcp
US 104.21.4.78:80 adjustclient.com tcp
US 104.21.4.78:443 adjustclient.com tcp
US 8.8.8.8:53 riseclient.com udp
US 104.26.15.124:443 riseclient.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 78.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 104.26.15.124:443 riseclient.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 124.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 userstat.net udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.36.55:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 adjust.club udp
US 104.21.17.168:443 adjust.club tcp
US 104.21.17.168:443 adjust.club tcp
US 104.21.17.168:443 adjust.club udp
US 8.8.8.8:53 168.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 adjust.club udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 172.67.177.180:443 adjust.club tcp
US 8.8.8.8:53 180.177.67.172.in-addr.arpa udp
N/A 127.0.0.1:50137 tcp
N/A 127.0.0.1:50139 tcp
N/A 127.0.0.1:50141 tcp
N/A 127.0.0.1:50143 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 java-decompiler.github.io udp
US 185.199.109.153:443 java-decompiler.github.io tcp
US 185.199.109.153:443 java-decompiler.github.io tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.204.72:443 ssl.google-analytics.com udp
US 8.8.8.8:53 153.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 185.199.109.153:80 java-decompiler.github.io tcp
US 185.199.109.153:80 java-decompiler.github.io tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 185.199.109.153:80 java-decompiler.github.io tcp
US 185.199.109.153:80 java-decompiler.github.io tcp
US 185.199.109.153:80 java-decompiler.github.io tcp
US 185.199.109.153:80 java-decompiler.github.io tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 216.239.34.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 178.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 search.maven.org udp
US 54.161.203.229:443 search.maven.org tcp
US 8.8.8.8:53 229.203.161.54.in-addr.arpa udp
US 54.161.203.229:443 search.maven.org tcp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 104.21.17.168:443 adjust.club udp
US 8.8.8.8:53 adjustclient.com udp
US 172.67.131.203:80 adjustclient.com tcp
US 172.67.131.203:80 adjustclient.com tcp
US 8.8.8.8:53 riseclient.com udp
US 172.67.72.82:443 riseclient.com udp
US 8.8.8.8:53 203.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 82.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 20.26.156.215:443 github.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp

Files

\??\pipe\crashpad_2332_KXNOMFZWAIRGFMOH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 634d6a1c0df3b8cfc5faa1e451b6d456
SHA1 fafaa08047aa4aa2ca555d29f22ee887c5b96f1a
SHA256 011580ef4ed557e295ba60a50a558893627226fd8c93f2d5f678046340f9f907
SHA512 fc756a3e6655022266a54f9eeb34c4e6ac716b840333214b04312e953df36ca6eb03f943afdc29cb8a8bdae46c2914ab0fb4c0a60d7f6547c4868a4a3652ec58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 83e782356ef4f63e48f0377344fade93
SHA1 b748f9856103a17e73a8ac3cbd488411f853940e
SHA256 80aaa3552b0c143cf8430111936a13468065f5ee2f2200594ab041c7c5b0b56d
SHA512 3c9876c205de60e97ca3b26e47f6bb35f1ffc9a0ec8a344c0d959baabe006e21164af9d22bd0d757e16127827a0f5c708600c2934741a922a65744641505da10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8116e288bf732e300304af6c06ea1071
SHA1 e0b38cadefaf3c11d69a28ace385132ba57fd21e
SHA256 875f43ad375267cdbb383a85a87d71a98981a8cb14fb0a74bb66a8dc9e52538e
SHA512 8b67bd0310453dcc32bfcfcb12ff5c5471577964b16780716b785313bde48fd6201814b338f37954b274f333004d1b4c639bf909e07c979a0b6e5319938a9b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 978a463fcb3e5743bde923c6bc614400
SHA1 10a54ef13a698685ab342e6920b9f433c5840ccb
SHA256 df535f8010bc82da3b00e2ce3b2346768575c4150654323d8ba286d7820f87ec
SHA512 943933a3fef0e1ef3dc8fc4e341f98839a4d6780dc7f72e980caafee288a5303c6e7c58aa52c26c2851179b5076e28a03864c28653da5006080be270be9fe1a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 213a9e405f089684b6be64cece3132dc
SHA1 91312a2dad9412bfd3f50697c9df155482d49fce
SHA256 6b130a9ace5b5d6e8ffae7aa1d1916d9758a4b3d299aadb02329ad9c43647284
SHA512 405782b6866d6fa26da317f5ba57004adcb7dac6e2ae2166af88b1ad1257f49703d83d029ecb0bfec28b6432979aca075a675b8a31e2b0bdafd719d098790502

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fd2181a8c88fdafafa0c6cfe22102e4
SHA1 0d1052c57f0c964e4e8559a81f72f59fae673396
SHA256 08663d9d1cf7c1f7e121531862182d6b8c7c576de876d3fa763af59969475cf7
SHA512 cd477c56be7991d617a58f17e5b6a3ec21cfcab1f349fa9077aafa9fa71e3ac43eee09a49553da936378f072ad7a7b4f4745300ceb270dfa10161d4ed8df349c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e66ecb41cc0388b8c5e378f3e2cf5cab
SHA1 ed6f368d81f6a8c953ded39206daec68d106f125
SHA256 0cee59735821a70ab39a4e731ba25d54cdd1082153230949cf9c7ca36c8c4053
SHA512 19c74568a034d622ef13873f228e2b84e537afa298209bc18f1a3ec0c26b639a1591525158846c42d2e5ce47ee3293a63fd6606fec599b1302a1403c397824e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 7978ff6b461b0b9aa23da30b7c1a718a
SHA1 820013931204f6f0bfaa321c41251322732d6ef1
SHA256 3c35955e042c63cd23afe6f28f1f0be67e880a7ecef655159984adfe5551036d
SHA512 9ee1198f7c9c754128701504a6a3762d327cb2da9cce4854ed6eb54500d010f332175fbc0f14d126d6840463b29d710cdc8908a7126e1884e4d88cfc82a0d5d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 9d3efce8e141e4ea88d25443ff7fce79
SHA1 02a736679325bbc111fb027648bdfdce44982c1e
SHA256 a59d06eb1a7ee16b33e3da78159484f3d7000686b23b7e0b657197a3b0c053c6
SHA512 15afebc918e7a343356dabb0404363cd7e4c592993440c52ba2bc68bf6bb37f1f9053d450b656f4f3d5e58ac25a93fc28a889c6a207097827de79f73b954c200

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 23c54eec49071e25ff88a7c40e6f658e
SHA1 2bc7572ddc00da6e25b45f5167661f1ab1bffaf3
SHA256 026a35d9780fee08a314f5c535b848da0a5fb5f91dce8774f760a234c344e99d
SHA512 98336254d386044127c7bf1b87e566c30e200139b8b07ba187c51202d7fe8f29b4f7238d7f07455502d437629f12b9257b47d20576430e1cde21d0d0ffaca2f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9da37d88992080e3ae09975540bd7f4
SHA1 fe3640697cea6509f07782e0c3bcfc7867f0fbad
SHA256 16278fd7a569a9532e75481031724d1c891d51dd5ab8a41b5a69769b64497969
SHA512 dcad98d28373a5c0d8388de2c2ce6adaed3c8d35951cea2e0400b2bdbad4cead6315314439060ab4017ca379ad69c0a25fc5b01a4a9dce734a18a1e23aeb9759

C:\Users\Admin\Downloads\Adjust.zip.crdownload

MD5 c8477a0f195d94e4fcc490e82015ce1f
SHA1 48efa15f8e1dce2079c1520d55be983c5c6cdbfe
SHA256 54faddb279bc76961a18f7b23ac661b335f9aa946d4a84fea3885118a9ba1a23
SHA512 f8039aa6ca0ef01fc338d99b06a2c6ebf08df8a001eb6c9efd4a8619f74598449804c531d5de927c0ea503de0663ed22710bf25180eb5daa83339580d21bae89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb0ac65b338eadecf72016390e13282a
SHA1 83f0919b8ee4d45e007063b5be4ab4500795408e
SHA256 448c00ba4047995a70f0f288598126f0ce43618ec66ceb3caad9bcba1607d998
SHA512 db9e5476ce6eb890ce3173db6ffd7ae17618d3eff9b316e2de099cef104f1ea81a32ccf85353e2eebeb613335faa7f1f932eb17e5dae6ece448aa3d67a7870b8

C:\Users\Admin\Downloads\Adjust\launch.bat

MD5 11f888c721558d771d9d7e203146102e
SHA1 87b76b891ea646de40798dcd2522065f68aaea0d
SHA256 9fd1f058d59563dd1dd723608304d989f5ee91b20166755b77a8aa87c795e295
SHA512 6023860eeca2a817b3c4866ec74e39bce008a16f6a6fc11bfc63acc2d346f371af579b9ffc2655ad953e2379d3edefb4f1ad658bf2dd99ce7f87efe7407d33bd

C:\Users\Admin\Downloads\Adjust\Adjust.jar

MD5 90fe08b9d7540a0f2a77707b731c3a96
SHA1 1c414406229302db5a1ab9efd7bb12c4d2f0f4dc
SHA256 2721848247230ff1d79fb6e3b431bf5b1ea1924c9023b8b9f5ed59b066e0ccda
SHA512 76957dcfffa6b4464a1221ffb81a9bba2ab8ab8c6005001dd657e42b889be65f25feec257756e9ec8c1393bd520efca11f6b06d724b2f8ed628e6ab5a06e1a24

memory/4652-204-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

memory/4652-205-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

memory/4652-235-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

memory/4652-237-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

memory/4652-267-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e4491b0b79beaa609edc5cd8be4d045
SHA1 74b339fd37b6c02b3a9f1a3855c5aaf88246d6fa
SHA256 3fc659c119ddf12f24ae2b53237077eb9bf499d5117f81eb60476dd10e670220
SHA512 4041bb6d706b1bcc87d7bb2dac4293625937cfb22b3afeaa037f5092a5ad1ad8d11633641660536fa061829d2108a4319163297535cf6045288cd01b014f007e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4018f5802c0494ba85c38392d0388e6d
SHA1 f0618b76c0800d85301c90d6b1815771f1b6d2c6
SHA256 1c60194bfc75cc494e39c132fb61c510a04eff8f34f18b2ea02dedfb5a0e9a36
SHA512 0e8ba796182465ffe9ce86bae269643e2496096fca84dff7c04ec6258d287c4d3f4735bd8a020b79d410adafee6469454592a4a3509c34a4e62745e5c370f8cd

memory/4652-334-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

memory/4652-337-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

memory/4652-342-0x0000017992CC0000-0x0000017992CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 158af30eabbb31e5624358f509e98e94
SHA1 fe393910603c8c8ca185b7f073bfed19d838028f
SHA256 26e2cbe0ac975e73ebb120449c9a541646c0a345eddb58abdc941cc3e65a588d
SHA512 4d9bfe4b60b4d3cb342d1f2c2e219ff313f47e67de07a02cad84b2bc887637e95189f209e20d198b24d8d01e97a54fcdcac0e2290efae3ee18dced818dc1cb29

C:\Users\Admin\Downloads\Adjust\configuration.json

MD5 b4bc7a19df6d800d72faf549a12e2d88
SHA1 5ddd2be788bc1423ab34ddc5719a3d8eec2d8f91
SHA256 d35bf7e8f951b21ae1fd0093b30309553f856df15c23db5187fefc7ed74e02e3
SHA512 b5c0fa35dc4976805bec32a246157c93e9575f77e15f0d324bdd51f789bd0560a0e136fc14253023ef5ff99445aaf4c5da1364ddb2dc469eb63ee8c83f8fe233

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f14d856f23e62713156bca80d83dee6
SHA1 aaae4829dd167d98a9ea7edd9c3fe6fde16d1ca8
SHA256 79c453e77064e46a586f6528a728950da0b74fd3dd94b024d4a8c51579580491
SHA512 eff67b5437c0f16653dcb4f8e191354df9f62febe4df7a77b23477a36b76e2dec4da2f00e26b355a9ac18da7f8af6dfd21687dde8d8e26898d0e88f2ec2c6850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb84345c3a4ad5a548bd957cb39649a6
SHA1 450aac45a131716c20766a7c9546c4bd67974111
SHA256 c5c3acaefd98f7131714dc426ab1745c19294cbd9f3841c00d4d9b135a1858b5
SHA512 f3a8828aaf48ff1b33dd62a196df7fcdb0149a8dc85380dab5c0d637269109016345b512168ae8ca263e4f1b97731284c99bc441f61dc25f286b6edb8b5b5602

C:\Users\Admin\Downloads\Unconfirmed 158024.crdownload

MD5 5b1e5dfb3f38d089a092e2079289155f
SHA1 bd4fc400c2e41e31a8b516f4d15be726eb44b386
SHA256 2c9d3efa8b06438a7284139f68f6efcbfb2a11e0b9d20a3370d50189685afc0b
SHA512 ac05eade3bc70ac72fe92d52f178a4a8a028f00430fa709bcbd4e43564589339e731eb2111c9ef64c0bed26f2edbb510afafc73a4891d0bd018e813539ac1227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1290823b9b6583fcce12b6b1cf6a8f2
SHA1 ba20585d7a682f1e8cfc28c07dd1c8bcaffa85af
SHA256 244fe8f99e21953dfc05a7182915fdce8782b47a2dd6a75f6cd435218c049367
SHA512 4052c452475de47a4035585268935e1d01ff813ece3abe140e7f5d746c5bcf4aff0ce194babbe1ae50010c80733fdac4365e12551695d53af74e05e27ffa0598

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 edeaefbd828db2d8f97d8f9b33f39ab4
SHA1 22d63ec48858c240b694c6815f985c350381b214
SHA256 23bda39447afa4d911bfb692beecee59b902e502d99a73fa681e6f6bb528d7cc
SHA512 242fcda5da095bd3114beea452c1f101873c083748abacd6bddb17ab97bed6f4527d1ed03f64b4d1a7dcc27b9171a11d2fb2d2bceb664508abaead13664bd9d4

memory/5640-429-0x000001BA91480000-0x000001BA91481000-memory.dmp

memory/5640-439-0x000001BA91480000-0x000001BA91481000-memory.dmp

memory/5640-453-0x000001BA91480000-0x000001BA91481000-memory.dmp

memory/5640-462-0x000001BA91480000-0x000001BA91481000-memory.dmp

memory/5640-501-0x000001BA91480000-0x000001BA91481000-memory.dmp

memory/5640-519-0x000001BA91480000-0x000001BA91481000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0472983a6048a794838e44cd3abe0c24
SHA1 b0173edebb8dd0e3d8fe71442ff12906263eda58
SHA256 491b97355c8a2cf50386c99fd2e7e0a5e7d97da7bf1b68603f61f7b293a03ada
SHA512 1c2d97f498c5660843ef7843dda9a3cae51b2e8b582ddeaff07d195df2537b7844e14e81293d58bf3c0d751b8daa9198e6bae0792cfe6328848c9b6266c5ba05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a60dba916b98ddc58aa8dc013dc1eff2
SHA1 eb723865b953d9c59f4f10a43807eb742eaf36a1
SHA256 c191a5f59cc5a7c2e54f582bfb274e67c63d94283e97b34ca3d46e2b5cf1b5a1
SHA512 1dbb21ae87c5d2d5765d18110f067d22d6458645705f2c3e3209075519309d73feeb418fa21b33d7758d4cbb18cf048088e56b84e32a264bf4e9f9967f87e961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3963b92f9906984249093ebc45769f6c
SHA1 c60d3d83cf45b64dc8aadc280d51665d8f46f232
SHA256 ed17d09e5cd2400874a46b4ea1695d7808d253839553b4a74c30838fb7a30880
SHA512 c8cfba843abf125b53a86075ce7c094d5fed80db49d778a3389737f1da429da7eeccae965a66edc1db35fdc28f093af1279b2efb528a273df5d0b89687ca4704

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 32d05d01d96358f7d334df6dab8b12ed
SHA1 7b371e4797603b195a34721bb21f0e7f1e2929da
SHA256 287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e
SHA512 e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6e9bb3d5ce6a816f8c2df5c8a316195
SHA1 af5d442cd3b5942e526c51e035ae62f2dba25c10
SHA256 1a692738f4e041a09436fd11d5a1b205699e37de97a9c0ef4b7f53e6bf32c906
SHA512 8dd5c793ef906e66b177064339fd8fb9751922070d5cfef7793353bbcc779066beee96b290444934ce54e5d59f0620b58d39f4d7f0f4ae3356a12f0a3a521ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b5fffb9ed7c2c7454da60348607ac641
SHA1 8d1e01517d1f0532f0871025a38d78f4520b8ebc
SHA256 c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73
SHA512 9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 6e466bd18b7f6077ca9f1d3c125ac5c2
SHA1 32a4a64e853f294d98170b86bbace9669b58dfb8
SHA256 74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc
SHA512 9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 59cb78967f768b667ae54ad1ce4ffd94
SHA1 69e58b4c88a3154e1d33c9cc01485de699452de0
SHA256 93fdf2aa8b7b816733f298c915c32af18bba2cdefbb23a7c208cc2fda26c8985
SHA512 6c6cf9d0f0b6acb98a039584e0d4c797b9addb68349bec2401b0a1c627326268129ca261c402d32db8bf9c71884fcbd8bca394384d920982df79663759530ae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b3d6626153af9d5c2c18591bc2fb75b2
SHA1 2fbf46d74ae994265a8aecf78b9ca811855702ff
SHA256 a7de665fcbf623a484dd272af834a9b5d723921821ed26cdab3be827b6aeb8cd
SHA512 eb7f75aa6f6aa7aa35f218443d607d22b055dbe5c56f26caadf8bb798a418b5c4f6a6a136222c08150bcea4eae4c35dd75dd362e11b6ad4f960e84d8c32dde93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed3ba7dc6308cd40c5c5567650cdfc78
SHA1 a275a5122d5481b51fd10f90ec49003a89ebc764
SHA256 fee167d59484fd10ea0c0f954565514f2b361b59edebc2ea48cd34207df60235
SHA512 9dacd9590872393f1cfbe27cdb86fce10a00e7dac62de8cd55f9c624e146f7a368b49625a9294846706dc52e551c590df741f77c1311bd1d1c4e98ecd1fd90a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4e09f255609a0b4da4750742199cb350
SHA1 368309cd0c779183a50aa76e466d59e334e08036
SHA256 bb8b53324d5f3e68b7321eac997b97e854ffc5be043768fb13c7b602d9ba8e17
SHA512 b12e6ca62e93c314609c482bb04b376885ce626153805da32beabd64d5b2201d6d3f07071253d98593d47f79eff060c8a567b747af69ad5dd843b2062a80b353

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 8d97ac65c35acc2a4db41c029f23d1b6
SHA1 ce80016b5268436e332d39de26a1d08c46e0319f
SHA256 535f78b19014b6a4412df37250262332869c74fbe4f63eb80c9a46d507c306f7
SHA512 8f14210be7b8a85ca4edf54c8f6a4a80c9cdb5abbdb3a500463db2225a0c39f89977f523da327e725cd8d1fdb73b055a44900b704f33a8e7ba0797a554adaffd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 94a769adb3363a8dad4459d027b1116f
SHA1 0e6f434487804e1c1ef0cc97e9f9975ba70d0100
SHA256 458f1f43b0f2e04804d3559bf78c8bbec64b820f2dd1fd3ed4bff0ca7285db0f
SHA512 b86f9f01fb5ef723f12e79de3168c1874379c20b5d6074cfef428d0a02053bb5274959317679b7289f4665160207eb9cbb68a11ecba05af047d37224cad6ef6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b04c748055416c7ff1aeb26901f3bee1
SHA1 7d825bafb2854f53bd12618ed18685fc1d4d7172
SHA256 009ff3fd20c6daae4c663f420fac1117dc7e08ee8e09d9f8f2be2bd1b7a0349d
SHA512 058e7a55cea6c93cf7ea828e16c61424545634889212d0b936195f2c4ac9ca029053dd9978afc7c95024e5f01e395e1038c6c50418ae22bfcb09f2533013a83e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f6916ac8521da9671cb22837b4ed3e8
SHA1 5e1b777cfbd96a6db0cf2be189983d88528d02b9
SHA256 db66c75f570326ffb8e4a572fdbf861bad36d57bc319fb7b3714624f3258c535
SHA512 0b74499733764659d442c4422c473500f935c667aed8119799d4ef2e7ba321c3d907d40f59120e6678249f4045385c62c2b120258ceea13ff75d7de82fe0aec6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 574e9b8ec6da9a601474a159d5aa8da6
SHA1 2e6519380e654284170e8db4b1f67c8b6fc3d2d4
SHA256 468953640f90c1d54369d65b1021a2df4cd37a9071ab84dcbb8a667440bb0cb3
SHA512 36901ba56caddc639ac79be0c93f3cb47889926e108332b90c98d0f383eff23034b53b7120c46172b5127933b852e254b7045d5fec6fcaecf187580ca96f3fb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 37adac9f7440df2ea39a3641d956efc4
SHA1 c21437926e2cc832da98ccb94cd2ce714c4246b3
SHA256 4b9879a44724b31c2a2a21155bd8f29aa56f10e39ca277aab86939d868916536
SHA512 6b4a823b414144bd7f8295451d3620f6d33b67c8f58e676eeb7a47c5d5418b9488dfea7ab4fa203be9a15fe1d4cb6cb42dc3cc6764143e0e341ef63a52cac273

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32ffb6a25833ae24fb79dbf72a4aac5e
SHA1 05a14ff2ef1617b871464bf89a96d58bc174751a
SHA256 8014644ff28284d128443c654ef87b048bb9ccae535628ca98d37101036724ab
SHA512 9a76cb60d6e82b43157c62e676ade923ea4d754fee39c6b25cd0666ddf2a4c2a7cf43d528c7146d767f21089f690f0a98df7db11f64413b0e3e2d1b90523eadf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3dde148c2c9fc8bdab6d87a3e4a2ad58
SHA1 f1939242591e62c78b390dbd52b52508dd76c6f7
SHA256 09a6fb93f5e594d0d7470f5ccb93462a98ea55f3235e2446d5e2aaa7888f216b
SHA512 847e407e6f8c3389672eedc12412d8f2a76587deb03f3a9b18d51d02008367ac50a17aa6ad53841457bbfa2e5e587d3f35c253b4abcebadd3020b569773a266d

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 17e39e319f8832e83e56a5927fc1dede
SHA1 2dc94ea77b1eb6b678f811426eefbeca4b310c5a
SHA256 cbec5e229088df0c67bdf970d30bb0eb15a3e41c15a1aa633a0af7e26e696421
SHA512 52df08a4ce0d34773354c3eafa85e9e51abd5da187ceb719709a0801bdf25eaadc5773e3bedd555e2d94145d79484ae7f4ac6e98908d54ad10fb03f893f58fec

C:\Users\Admin\AppData\Roaming\jd-gui.cfg

MD5 04cd130d9da29e0afdb7be677b6e380b
SHA1 7edd14afcf62568775848e47c07ae0af81454956
SHA256 26c67a8e770ec6c56dba270f42b179a4897a2545cc179ffa231beb5ea210fff4
SHA512 e34ee1428bd01a51a750c106ad5100818b37d5896d2f5388da806ba035805a118131d64841f88552255fba91a4f5c6fe23cd221166b21355601bd8dd1767e377

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aee1e6470cb385c680b9f92c3de66098
SHA1 eaafb6a20aa627bdb37e9794aaf55b10136a9c8d
SHA256 13fbb30451812905c194ffa212dfaac53c4c82a09d7344ae63d0ef1cc3e8e25e
SHA512 6ca5e56c62c3b28f213c296426d18302082b62f1180508b00754028e5c19c202e6cbb7fe8e46c5b1c28ae8eb4f276e7917c78dcec1b829f956d0f9def4ecf988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77a98381937b73e24719d7a365f2f09a
SHA1 86ec258c25323f14ba589c8f73a49c4c6fd9cdde
SHA256 85c9cacbea4d5fbc1fc84034f847a754de408c7417d739a6544f2350b774eb8f
SHA512 a28256ee20737104fea0137f75610ff2e3936b829d837f4fd23b2a55d7dead377dc717c94e9a6a4aeec15612fe8dcacffa258b699acebf3eb4ff1684851fbfdf

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2319007114-3335580451-2147236418-1000\83aa4cc77f591dfc2374580bbd95f6ba_80a3676e-3a1b-46a8-b68e-cfc55ef45206

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09a765f5f43f6bc06b940b8e5c8a6929
SHA1 0b1e4d9d5c6edfea7bf7bed562e8b397eab01361
SHA256 2bcc13bf64d539fa873d76b359d138a58932d30b4c76f98fbc067564da75d61a
SHA512 1dc0aa869581fdbe69bcbd89a69cd3a290bc498a588f449a1f7f4bf14a8f2d03e958139b3561ff58124f52e2340788065da8af03a30f9d57d147fac00ce89113

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df75bf86a9762e0af37c137ef67ce142
SHA1 de64f15b736b454b795b467df1d7ccdb3d4557c0
SHA256 be89912f5dec97263fdbb3960203a740ea04441f50d703a6c45c5397b5018ec7
SHA512 2e843b0dbc57b5fa5a93b3bb68b4438aba43625c0d2f39ac3cfe5c66105ff15201bbd5ca0e6ea59401208604f42810b1df0e9e346c620c6efa4190316f412dbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59f3061394f9b544a7b2eddeae4340ac
SHA1 81da427ea3d17bd3733d19d488d33837043e3793
SHA256 6599e428da8c2e40d6ca1e9d334b5e41313225d06fd430dfe9888fbfd2bf841a
SHA512 50db4a5e4a88ab3bc68b94198e92485d19122dd5048d82ae9200ec79ac958f7170fe1d2b3686e5f5c8c1ece2ee6c733f7bc3650e674314382bf0ad5193750fcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 632634e445385bcffb4f445fa6638702
SHA1 41c542b01ac62bf0ac15c9b4c9ce336d95867d7a
SHA256 f65090568b3d5916a28bc771576852fdbeb069d5366de33633ea0bd70a48ac31
SHA512 7ebede0bb5ca23ca8ffaa198518af79acaa074fb258e2d7284a952212633147168de1325ae97a72dc599958ca862bea53c98e860e37bc8d98e9fa4f1f1442ea0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3ea7c026836613d35e19b2a91a71633
SHA1 88b6a94185ca7f6edf3041ce688df016aedb389d
SHA256 8b0fa84de710dd1997e772bb88918e9fd2d098197e36eedd307a050bda97ce67
SHA512 e0227621613dad3db803b00c0611a4cf171596b7b456c795f7e8ad2cc75e66f2864ec41f6b19ee9a2e13d7ba14c740976aab9c2eb930d5c95acac1903476cb08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 816ce061ec49c6a23fb6b7c8128948d5
SHA1 6fa4065b3a254f59150f2c8ed953909284d655d1
SHA256 f74a15ea907e169cf0e6cd72379f42f3b8fa77fa05db3b811bafec7e2e0dea66
SHA512 747c98bcb115b0f29004935017bd260fec8572ecb5686951d569553d5ace19d7adb0ad4cb732112ab6aaca68f84cacd97e509360ea74d66e280bb52a9bb18f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 dea7d3d2af642301a0703fc2b318fc71
SHA1 2de977c68e886a4f620ec069ad02741090912382
SHA256 5647e63c44be7832f1aa372534ea1a4529cb75191ed24d92b43f3b8fd76f305d
SHA512 b11261e675b4485a21d4325e9b26f333de4492ae8ada03b7a91904980b96cc749b81616ed76b5aed86272ec79d44c5dae69bd9cea2abf28a58acd095c50d0218

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

MD5 66ee4288d4e99b0ebc4b483040212254
SHA1 ffbe105436b4b2cb7cc36f7567722e32a646ad4a
SHA256 62e9830dec84ae187ced9ed78fcb080ffb8d75d276adc9ec4aa5da987f4bbf58
SHA512 79c48326d10b1b32eec56baec10a7cdd5a160b4c7dd8251dcdecaec7f7a0053805d8ee45edd1b6dbce31facab7a551c1906eb02628a2a49ae5bc39e1b1b8d512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 335ddddebb34a5b248f2f29feacae2f0
SHA1 5dd3602a51109f2ea3a9d6a4837497040ed70fba
SHA256 d36b6fd9462b1a3c3b7947dfe72c441dc37cc435c7241c64d229b1280710710c
SHA512 ef04067922dc95bdecd98ae00f9eb13761313217e97dbbea70b3901ad19cf4dabea1dc7f433a761ceb53c05cdf0a8f9d6c36361cba49e0709c6170e10246d6cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 74816aef4c20535fb2fc6922d1d01b12
SHA1 0e072d84d336acea3227bfbc55a4bf6134faf2aa
SHA256 8a28c64623bd239536d8b6211bc106bbf30bd192ebde02321338f1b838baba95
SHA512 3843ade188947fd7f7713635052de7a61bb3368b017bd1587e539007a60e62735a5397d5171d40d1e116f4a593cbca72ef12da60f8636c9db8d9c16328f9d667

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 a56896678e0bfeaddc39405019663b51
SHA1 1b4d614b6fef1f4485969f79029d3f2fe74b0849
SHA256 9d3052c89fff6ae1affd6946134b0a527d79bd4e3923f9b6133e989c22c896ca
SHA512 40d767cea23cabce43668399eeae0fd93bb9581e0ee12d38010ca6868b2e2918ffdb6566de06f6f8a5d446b3536e1a20141456f5c6517e9be6760b1d9ef0b7dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 91fb7f406816398a7e50af967350d474
SHA1 d81a84354a77fbba92403fd75a71bd6ef063bba5
SHA256 a87588f64a619ba756802f132336789bb605e11370527f36e3fa574836aa19ca
SHA512 7493fda146b9ff7cb9c24e6f6b1c576371e893f636944044112cf9fd4d2d4b56db854d6dbeddd444a5993d29857cc788e3b20338a8a6a7d37274fc94270930a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1012231a-8ee3-40bb-a57d-ea8a7a568abf.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 397f52c3c5465ab933e84822b4758aa4
SHA1 512e07e4bb2c1f83708f6808c6632f49a58916f6
SHA256 40c9769985a3247fd6c10b1f84b44d89d27815a732a038121f5365c73e52cef9
SHA512 47565ea1af42e20d88633478064fa8ef62eaca02efe526fa7211024cdadd7be5ee6ed3a8d84997c58daa42f9d653aee80c93a79763a169880c11bafe7bbf4f27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 5aff83dc1f15681c63bac26750e098a6
SHA1 71a30a6e8e613ee88b8efe5b594e79bc99e049d8
SHA256 479b76736691935cdfc1cfcb4aec0e3b3d506f33b6ecc13e9d508586bec4da9e
SHA512 dc3bb164965ee7d951f6fec0d9b38e4cbce567db05ec35ae46c37c247a48a650e09e96b94fdfcb4b95c5610b28322adeec0db3dc36dc34b00e4c630fec906455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 af878bffd67074bfa9c0edb65a443c55
SHA1 44cf15ba76650bba1716800a7f9791ddfa84b547
SHA256 22ed8947cdd2cf93641e4f00142ad1207f4793b84bb0a92901209a260e74d371
SHA512 3c2f20191617a950752b875f2779a721252ef7aa42eba2ece43006b1c17302058bece045011d2b8256ba21c07b4d149a1564141a26b291b4833ef1461c9f07f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 6ede808b0a58d62880cf451709cc4ca7
SHA1 b859f940a858ec04518307c593b501fbc8cfd230
SHA256 d1bcf0f7cbdfd5bdd5b9b3986910fe4bdb4c595d5bf63c6cd2d7408bef6a0d4e
SHA512 ca06c55593dcc6fd0130456deb2b8db386a4c4f2c3112997262ee098c54a612ae61a70e3c7ed628b820943216f6d47cce1cc87b83451a7792587b07eedd00617

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 76fe1ffd0982dc085a93d022f6532345
SHA1 20acbd80a24e54f8b2fd09ff2c188b208e0498d9
SHA256 0e9b73f4a7f3ba34c6508de5ab61160603715a7d075aaf478d38b10fce22187b
SHA512 cc3be624187894efb8eee27ac68ae93e2c53550c93a96b5700b704b858a5f0c3246e5bf77e3c21de3a9c4ad5eb5e90b3753de6c1a5a92d5befca1bf3ae1dbb6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 405b39c24297263124ce3549c2276806
SHA1 636382f060da95df065633995a7a23c9b4f69d10
SHA256 898f73acc6db9c2bc0fab7576ef2c741cd5889ac47da229198e2ad85e472f49c
SHA512 7f3405225bbc1d154991a869f633161367efc813e0d64270f8c6af0a8d4360f235a47b490f1cfac00696fa8a2c55ca12ac995bcec1263d1aaee66626898a4b16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 b11dfdd35ab1e018405b87128b7934e9
SHA1 e11c8b0ad5d1b2036fe6dc21812d9b0e5761e30a
SHA256 6ec68847cef6df44412c0366f341b0dc595ad1a9862a688a841aacd725253f08
SHA512 7f6f9f3a8fd4e7d31f10d9ae0f21e163ca3f2d6cf1808a4621a93b55cf20e9ce6787ec4bdc29114c99eb4b6a572adbf91f69a220e5eb6f2a76066808d6d52216

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 1213a1576548d2901b2f6a6bbc35daff
SHA1 04401399b6fc7afa39eedd77c5c82d18fcba7592
SHA256 ebd398386ca1a7c6cb1d964b22f1a107805d84083df97ff5f06202b4810f848f
SHA512 35a01e9494c973aede41dfcf46051ad3f416e995db7e0e0df5385867cbc1ab5f65118a97c36fe15aa87cfcafadb2bbc35d1eeb5d15a6e156bfcf3837760b1bca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 b25c8af0746c1d63a665ea3ddc7edef2
SHA1 121291f0e555a4900d8e63e411532e2effc6414a
SHA256 02fdbc959b3d5798e25fb4370cc7fca5bcb4c3e121af8210ff37d75b259b6c3c
SHA512 c2425bd50a59bee2b05c6cd0af58af0a08d2e2d57b14003a7f2826702ebb1c2828c92018a42a6aba65e19e159bdb4e2809a1256607a87224cce606fb26e6d2dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 db707aedf582813d12a4def4d29ce30e
SHA1 d0c3d163f602b8a6c4eef87a8018cfa52a54cb71
SHA256 2dd914b491fb3b4ca5f920cdb5c81ab2219a7909e2e5c24d5731e1b585d7cd0e
SHA512 9b8c2b40ee4923f65290a4e78fff3a6cf66ccd742c5dbf81aa928199b86f99f76ec61811dc6968dac42cc6b3446de579a43c20220c3071b58d2123f2a6f6a59f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 1534a1de9c76a889c82ac05a49338082
SHA1 caa89932198f12bbbd23992bf605222ae21e91ee
SHA256 db4a81a8d31d6ca7290df681dd67b274d00849e343aba0586eb3db7a8659ee28
SHA512 cec8f928fba5891abf4c5f037dd8bf08a0a87282dca0e87a55221b2604ad7775e32a975c929400b22835579792469a1b590bd17f62149f99c06d59b686f99ea9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 b25778e74a215420a7b389d9986e8c37
SHA1 7ff5f7652bc0f62bbef2e393172e0387be28726c
SHA256 e84e8d45ca0ee729611141543b0e91eec2c8d84724a82c45eb4c4c77fbe470fb
SHA512 de0bb01be6a8c6fa13a1a94f093f6b45147594d1ec281704a00ea0b78a7942e7991393188209d1553a770fb7e88534ee8b44395ff36202241af96e7acc4de5d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 4b351aee1859c2a72605be81a9d61ed9
SHA1 73da0ce4c488301b9943c061c062ffca670c947f
SHA256 e693fbc3cf9643d03685f738211ea6e660724f8ae56b24441758e5b6b521fbfe
SHA512 1fb451fe28f1ecb377e6f054a1e9f84eae3bce8768a4962cfa5f58733a96a7ccdaf96bc36433e442d19af0491b6d1e0d2ef9d9ad4aa593197f8345550fc9848b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 86eb7bcf701a9d3cd13feb6e1f5f046e
SHA1 dd40b2916f4c97a8eb14dbb211891dc34e2e27cd
SHA256 c9c3115e6da6cf4de526fa63b892932cdd20414920ad11c4aaefe846fe4b5538
SHA512 537eb631bc1494f705fd3b91c1c346d83263b3ea33ae5249a15668db070fa79d5fc397e32d52a49b9038dd49525a3889c883f34a029632edccd421ce00ee4226

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 e6613c616f7cec2d7784131bdcd568aa
SHA1 e7105bd903c33e8d75275b9af84ff84756cebbc0
SHA256 21e60f0983a5de9fb74b72436faed72a564bcdd65383f8a581fe7dafad9f620f
SHA512 9131998bb9c376e1d2649517a3e93b249b5b89c39203a733573a46bf5cf693fae4fd4f47072c5a38f746ff7941f968e1d8c1678cccc7fbe7b52d5a765c60dc07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 604205ae63b87b699e699ebfccf75a85
SHA1 425779def65673291c663888387a70c61b89bfed
SHA256 033cc57a68bca42662af172209489b5acdad37acfb204b33f02d7483e2f87493
SHA512 b3f06416ef49a0569db4bfa68ce2100cae86ff61d4e9980d6ac59f845de82da0e2c10bf448905321a53e9d06a0b12d934f3054c1ba63e0b16b0317503f580b70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

MD5 04e47f803657bc9f0a73338516da123a
SHA1 03fa10c2b7f7f8c9c272d87d31c1a854a37223e4
SHA256 7240a62fbb76676891e341994417a84ea3681de28175f7243de4cf78dd409aae
SHA512 7c972c9c515a777a271638b46947d4e8d25cf8a274a8616290cadac38e30cb9db0272b1cc1a3beb6f15a7bc4a00b3bfedd4296e448ea28229756d5b20b453769

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 cbfd94d542f4accdd174610ae7957739
SHA1 2402d5b34b3250ffb09efd23435862c86b452e02
SHA256 396f6f49bb69c1b94b8a560cdbf0e241a636f86a2c73922b9f06513f4fe32f06
SHA512 e32f22c932f070f7a0a9c1df6fcc7ebe84553cb3e5e0d359df50d72470523d93b4206e43cf8724175b88e00e6a711a863831f8fd130d41f85163d2b445a74f43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 815b12cac4bfd620b0d4507d72dda660
SHA1 dbc348283640607e6cf08ef961985182a83078ca
SHA256 51a532d991fbe5c860950f4ef2ab36ad86114528f43c4599223c35133763a812
SHA512 e93c8a33aaad64d2fcebbcd80f01abbeb2a1b571eb3bb381687bf4e8c7fb4b0afda82c840f3ca33a09ada3a77f0c9b47368e1a22295f853899b6c61b2e566871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e399f349-7c33-4ce4-8567-d991c7bcebb7.tmp

MD5 d4715bf8a06157a7439f9b83797d8a27
SHA1 051d2307c88b18ca98ddd58a0c4e09be7b081d50
SHA256 14a1ce37045e3a9bbf24092374e8e29f68dd9a428bc3ff0024c0f30b772ef2d6
SHA512 c398e60b90f1322e6f2a1f3b82885ba4ff7e94c51c916dbfb25525e23acf79cc19fbe03cb2f9b85304bcdb304dd583b30c417bcf1470017fd623ead29fc13885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cff55d8aa24eb90144e1057986eca0f1
SHA1 ab59293841de31ba9f0eb14b5242c30a506b5daf
SHA256 9e72ab5d16582710dee491fcbbd47bf474ab65e59331a6530a58aad909419bd5
SHA512 5a1ced4dce449940d0afc371a298ba78b9434a9500dc8739f66a1761dcb0768d791012b28cf4528f80f9207e5deb59bf10512b3ef493058f2ed5dadeb2b92e91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 7c6647e9bdcb28f2daa5d08a05d44936
SHA1 9d530d207fb74bfba94a8e1e7149f6fadc627318
SHA256 d45c26cd6d4f23ca68617db473aa5766aab095806f3e6cb1840ffc9d658c86f0
SHA512 ed0d8026a4143d04bab12a876a49e840c148894fed68dafdccc7f82692aac430f51220fc432b704562fe05fe73d3d54ad3e7c086f12ccba628172f8afa4120c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 521d7ceaf90318368a7f91f3a3800323
SHA1 c2297462a67df8d95985dde17d04be2ac45cc1ee
SHA256 aa9edac4b091c323598069fdc60b290355d3ede4b4c0d406a777eb4862fad826
SHA512 eb5ce0d2ce3f2c4e96d9abf73ce40df0fd36d6cd6ebebbf31edcfc4cdd307634f55ab13a6b74c0412123b7cc50562aac2bfbc13bc38f3b0ace5c93e6f76cb5b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d88095e77dc15cedab498487a6cc7dd
SHA1 7b1d74650bfaca518c77425461a57249454678a6
SHA256 1e4d7d4fdd9d60541996dca2fd36db4fab16d63b739ca9fdc178385536e51111
SHA512 307aee654e2bd2896de2ccbecdd622989251199c3dde8f75306849aa36ac2d64031eba635e3da950daa35d6abda4915e565fe75ce7c80bdda04da1d128b80c45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92cebb4466b5f18ad72f4dee85f8f71c
SHA1 3fc1ec119b378ce9ec6d7a1ed780d0dfabacbb7e
SHA256 c746ec93a9f378063d0ad1b7da78d39127973abd0abfddd0eb74ffcd3cee69be
SHA512 32a6affe987dd23135b970d802ea5e3f3eea01a43caace0d5cfb008dfcc5d658b54f62a9d636993e38bda36caada71c18b501b9a15f66940ca2655aa8ec74c8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 af7be8a4c536b785a2ac35abc1fecae7
SHA1 d485526a8c1dc8dd752227d6c0b89b31b5b9793f
SHA256 6195074c271ca49cae10e83f0f0781543ca9a1b9bc1bcc5a0c63f12568d0635e
SHA512 63b56761ea25dfa05f645ca563d670830c1ee105dd9699a13e9c526e21272557979b2ab56cec277159ff3a0204b09c2dbe7f2c947dfd66d7b8846b5365c8ddb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60b2ac8be8b28d849822a2f4da255f4e
SHA1 49c7180082c010ea0a662bdb351ffb6e80d407f4
SHA256 7b9bf88f1d655a75bac3474be2c86186093acd2b90c8d792da9a02933fd13420
SHA512 2c914b0b1b57fb360a6e6cfd6af2dc46ddaf6adb8b3c8fa2e748771c0f602ded7f762218f69393965e7064f5fb48cd55cfe4039aa19e4f645095d917e91b1b38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ecc584e871f65d0c7062b0ac09afbd8
SHA1 24f85408214db87cff340f667ae4eea41b4b6b29
SHA256 e56756faa6ac29bcaa50b4ae6b8ab46f3b57aa2cf826c0cf6345d22f4bbc02f0
SHA512 0849ad84e4c205308cbf3bc83048ef621162aa1eee11fd4d2249180b8982026576cd04a799676cddbeef422609f90dbc9468ac11007ded8cf42e66143e25440e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 a7a2f6dbe4e14a9267f786d0d5e06097
SHA1 5513aebb0bda58551acacbfc338d903316851a7b
SHA256 dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc
SHA512 aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5d3f00.TMP

MD5 19f015f23ebecfd026f2ab163f68f780
SHA1 f394cb4187c9fb288fd104a75a73e3bb1c7047c4
SHA256 15f8e68e47d47a8f93e6330dbde47c0aecc668eb4f4743b4abdc23e91d3bc5b9
SHA512 1d4ba8b11d21f59bd79beee23d54a99ea89bfbe8f2da857d255ac772174ab61c969d98362e98bf92a2fb450f828a5225fe9757d4b0fcc33d0cbff2215d5696e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 96fd2f0ac6173ce9a704be2f30eeb354
SHA1 17e337f9eceb115749457d1d0ee6f61e68ae8847
SHA256 8ba004cd65edfe184cfcf03dbf0c6321825d8da074136889c68681dbee19ffc2
SHA512 550e77f5dfcfd1e41fc1893a5801980d5cc03314e5bbb7aa526205156a1fda368749178f8954e8372b2dbb298405206a9b2f8483aa9891a0941f523a3e040053

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f82d7de1b44ac63efa9b18adadf95e7
SHA1 8a41cdcf6fb24a17a7127bb0f8be6e2570d3549d
SHA256 12c189d37a0ed7d82ed503d8a70d7ec73308e18037155e53cce2db51f1cc9c06
SHA512 d552805288e9c36f24d8137b01d1631855930059b7580b0573392a34377d7335aeb5b086a3061b9fe595e58efddb7059be173e5655ccbb7d9fab7959d49b3c54

C:\Users\Admin\Downloads\Disable Windows Defender.bat

MD5 606064bf64d4431c11bb515e6af6cae7
SHA1 8e6821e4ba614a44792b0dc1bdb49520be5f8547
SHA256 b118432ae179089c91f451e54b8cb275c2a8e3afe36651fb558e29d6f797bf87
SHA512 ca891d2fb98a11590cd36ae43d897212c84c562cb741983338b5330dc58a4eb9167d5362acfb78beae9c1c40ea929dfe9b3724075c87b192ce6b2952dc3d1bdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 03a1b9ff7d630e3d493689b90388da0c
SHA1 bf36d6f222535b5a15ac02153eb69d7ee2838fdc
SHA256 22ac5b887bdeba6441a6acf700226738a431741d35fc7e7390ca0ce0f7b7794e
SHA512 678b8c4ac416dda0eaffc154facd8b1233d1fd4ed9fc0b8342fb2c0e92f682610ebcd154c1ef2b820fea97db3a56973890125899233a8c1f01047b567309be3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8bff6bd0b4d002a0fd4e77809e3549f
SHA1 8e8909ae194e192379e74e8890efa02e2fd2fe4e
SHA256 9e23cf11b16fbcc33d5b67c44bbd83895fb64cebb11020bbf125f579799e50e7
SHA512 578bea76816f8defa91e6415c1ae07cb425a52c699b928f36e31acf35dd074e1bf979ee5bd9922ac7fd99feba70625da4e643334732d74b18a73d4f3d5948b3d