Malware Analysis Report

2024-12-07 17:04

Sample ID 241113-dkjhgsymbq
Target sample
SHA256 ad4b6344fed5ed3c8c205f534450be18e9444ad9badd99846c516a215bf3acda
Tags
defense_evasion discovery persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ad4b6344fed5ed3c8c205f534450be18e9444ad9badd99846c516a215bf3acda

Threat Level: Likely malicious

The file sample was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 03:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 03:03

Reported

2024-11-13 03:10

Platform

win11-20241007-en

Max time kernel

355s

Max time network

339s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2408-x64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2408-x64.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759406874371774" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\✧⇌@†ε$†✧Sε†μρ✧P@$$ωrÐ C◎dε✧{9192}-l@!.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\✧⇌@†ε$†✧Sε†μρ✧P@$$ωrÐ C◎dε✧{9192}-l@! (1).zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4516 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 5008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4516 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7065cc40,0x7fff7065cc4c,0x7fff7065cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1736,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1980,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4612,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4936,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4980,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5124,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4812,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4848,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4456,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4900,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5880,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5864 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6128,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5664,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5076,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6140,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5832,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_✧⇌@†ε$†✧Sε†μρ✧P@$$ωrÐ C◎dε✧{9192}-l@! (1).zip\✧⇌@†ε$†✧Sε†μρ✧P@$$ωrÐ C◎dε✧{9192}-l@!\Sε†μρ✧P@$$ωrÐ C◎dε✧{9192}.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6244,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6100,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4908,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5056,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5808,i,13089267523194812777,13428497808442184894,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6260 /prefetch:8

C:\Users\Admin\Downloads\7z2408-x64.exe

"C:\Users\Admin\Downloads\7z2408-x64.exe"

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

C:\Users\Admin\Documents\Setup.exe

"C:\Users\Admin\Documents\Setup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 172.67.203.95:443 get-free.sbs tcp
US 172.67.203.95:443 get-free.sbs tcp
US 172.67.203.95:443 get-free.sbs tcp
US 172.67.203.95:443 get-free.sbs tcp
US 172.67.203.95:443 get-free.sbs tcp
US 172.67.203.95:443 get-free.sbs tcp
US 172.67.203.95:443 get-free.sbs udp
US 192.0.77.48:443 s.w.org tcp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com udp
GB 142.250.178.14:443 lens.google.com tcp
NL 37.48.90.246:443 mq1.g-site.site tcp
NL 37.48.90.246:443 mq1.g-site.site tcp
NL 37.48.90.246:443 mq1.g-site.site udp
NL 37.48.90.246:443 mq1.g-site.site tcp
NL 37.48.90.246:443 mq1.g-site.site tcp
NL 37.48.90.246:443 mq1.g-site.site tcp
NL 37.48.90.246:443 mq1.g-site.site tcp
NL 37.48.90.246:443 mq1.g-site.site tcp
LU 31.216.145.5:443 mega.nz tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 37.48.90.246:443 mq1.g-site.site udp
NL 37.48.90.246:443 mq1.g-site.site udp
NL 37.48.90.246:443 mq1.g-site.site udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 216.58.201.110:443 play.google.com tcp
NL 37.48.90.246:443 mq1.g-site.site udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.200.46:443 consent.google.com tcp
GB 216.58.201.110:443 play.google.com udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 objects.githubusercontent.com tcp
GB 95.101.143.201:443 tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 20.44.10.122:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 34.51.10.38:443 e2c80.gcp.gvt2.com tcp
US 8.8.8.8:53 38.10.51.34.in-addr.arpa udp

Files

\??\pipe\crashpad_4516_FDNHHVQWFEIIYELZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 193643ca9bee8ff848805866a2f7ded5
SHA1 001942ae4fdfff719459f3bf893ae02a342675dc
SHA256 f095b6245a61d53eb6bf164a01a37888408283f86f9a66d0cbcdc3ff78415297
SHA512 5fe8086862978d9d362174193e9e0e7d0d593373ab238f88e35d04028725ec4b480a1bb786a41906007d3ebb8ab6188cfd3ffe0f29e7d0b208a2e1badf2daf1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c9fd23761e0ac8b127724d5f2db27e1
SHA1 589f5382eff3969bad8063c2e1f07e9fe632cd01
SHA256 48370f852d32652e7638b72ce531241d1d5a385c673e5d35947dd76b4d0aa34c
SHA512 64ebb935a80bdcb5c58d9d0f7ee851631c0a89bc253cd6abbbe7c2a111af2391be3325c40661f00806f74179b9f97b9be8bd1c388276c9e2c5f1c2a1baaf183f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 398e964b3983e66e6ae13338b352c5af
SHA1 c3ab25d1c7346e7a35bc024d3e8dbb6f0544fafb
SHA256 6fa2fb5027348534cd209d4febd295294fc0a7144bb2389ebaefc6c70c4c4562
SHA512 a09865ecc87b239f590b31ecb9d8ac3d755b35417d04c347b6608acc981fe4b62e666b6c842a9dbeee7f2bc979410eccf310f989a12815bb080f65cd6aa3df7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbde3d355d26f5823fc3cb90205abca0
SHA1 0d60ec4d05154cd16547f0d80506f7f9a9dd0547
SHA256 5c9d993f02f13794b262f6ce12457a736967c0eb9f9a0a3d981d3b17da52f35c
SHA512 587e065eb24e0d27958bd732e2a0259e475549bdaa8beae22c6c07fa812b344e7030e666026ebe737fab760a57b7636b00b8b5072b310770203dfb6b6bdce364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c155dda5e51a56a3826f524fb3cc55e
SHA1 cb04128268765130d9d3bd0d6a0a98e21221b13d
SHA256 0560ce3e5856a18aa9fede3ea5a969fc966f5e79142e619563299e0957ad4862
SHA512 c288b1ca3562a8323f11a77b047fe2243b576cfe4b623ad03ec077132872d23ca59ee19bc78b667681c4cb3f76eda3049c66a36be4cb47a3fae7673feba97699

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 11f2756af1463bb562eaa5938bcc0d23
SHA1 57070cf6a6101ecd2a28dcd4c4f282d17cae3efc
SHA256 ea6fc196df6a4582435d40cc3116061f949f175faa3ca757ec76184738ecb693
SHA512 616472791b3bdc7d271ca606a752973a5fdd285c687f435f915542ebec2048fafe92d4838a2a4b484689b7820669f46a8db688c30fd2e6310b9aef19469aecc9

C:\Users\Admin\Downloads\✧⇌@†ε$†✧Sε†μρ✧P@$$ωrÐ C◎dε✧{9192}-l@!.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a77aec7526556d4e1f2e7632814c8cfc
SHA1 a907e9db387aff08b6b5e46162905f5537d15a0a
SHA256 9f2f4a4db30584c9b392056811b9407d4940da0be23d5ef38a4899427c429e0d
SHA512 1350a98030151d27e6e50b08e294d7f130ff9e1c01fa1d8c8af60852e08f5cd29f501141c44b70091331d98cfcbc88c3fe61febb7baf48ade3aa938f1d4ed3e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6194f13127db32facb0f105dd0e9c0c1
SHA1 4994b1f5f490fd36b23be43a1b009b969cf25619
SHA256 a36b2a3d5aac5440cc19b553bfcacf47ca804715dab1539a84d0686f3a486c58
SHA512 04e96c04f1ccd4068bd23263878cbbc0c3b6c2888d2831d2125ffc4b9e6b964d5b7fc112553b896536af3407a44247024bdbfc0e9f682847da9b2b098cdc0285

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ef887184aa20b4f1ac31ec8c369a77b
SHA1 dad56e1d1128f625a407ca19a68aee6176a0819c
SHA256 f1f67a9d1301790d6197dfa73800d46d6156afde869c002be8bd09dd1bd9876b
SHA512 b4e6b3646a2278b9fbf1b3ac0f0047c75c08c6a15f8856f12ef12bea2b7913af053667236dbc3888aff7a410f7475455086b9113bf5ccfaff71e387ca4f667f5

C:\Users\Admin\Downloads\b79ff1b3-5aab-4eb2-b46a-738a2fa5fa84.tmp

MD5 50cfa7c6674a7cfcfe432d0705d1acfa
SHA1 1582a542a0a4fd3d0b8b30fe1a31d1f290e43963
SHA256 b17d72ddd3d57eca96aedefca06827ffffadc9721a946819e6773b774deb89a3
SHA512 eff2f72378a27643e04518a2cd47ba10d28e661ad2428c4be64d9d9644ef6259e1e847ed762f00b960ebf04290a3ade75022ecef20c1979574e1c27a3fe8d352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb9150182e63aeee8b25ade4d9021e4a
SHA1 0d4e081d874bfcef506adfcec80d8df1610a24d7
SHA256 7960919b80e4fbc962739657b5950b215e21ed7e680682c4fba2241ab0518dd5
SHA512 543bcdaf4aad40969ceff4dbfe10b1db4068f852243cf2649687e76e8647d5a214d087cc64654ded4459ac412c6c8fc75906a70643c799479aaa4825aa644d9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 847b02f0534ec40a2dd5644cb9abcb31
SHA1 a0d025449c4ba753b649a1517de617099d77da48
SHA256 1d25becc2e20d0499eac3e8e76d90a5c0c7403c54b4a95e93313589d9ce71fca
SHA512 2d5d6be2434747a2acd767e291f4890df7e0912c138fee17bf27dee721226f16f324a900542e57413d54bcec5fd17987cb1f915dfaaaec4c998a9a3ffccbe29c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42e578b63f595bd2a2fe6eb2690f8714
SHA1 8645e2cad39366e6ee632113746879568b2aca09
SHA256 6cff0ff35c7fffd574f88d2db42b0e4e819f716431c1f2528c9275e77b2a4dca
SHA512 ca223d8ad678e15813bc528b88edcb1962fa5d101150cc7e9a26267215df04e834a5d9bdfcd70abda57c00a4be10174ea71b22f03b8c322f66404cbafde81367

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fbf7abcf722580a1a093226e60599f0
SHA1 9d08dd0f01812337ad908cc36382a6d5ca8787ea
SHA256 fcf86a5940346240483118dff44637ecb22479d0f2cd9ddf2cf57d96b88c3d89
SHA512 72b6999206a4a6d4ac77b122c21f95c0c1c2bfd45aca5a89c98c7292d1ccb4d140181280c7183f3a552e6c14026e9ea9ca382b10717e533926246ae215682ddc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 060b3dc8aaaa0acc7e1e8f95c4c94ceb
SHA1 c3be1f2fe5ce674f20f1a1c1fa626d2f7cdd500c
SHA256 a0f52e6e185b227ee91c9f3825bc39441a3a978d201881155d41b8def7f5f2da
SHA512 efb1f9f8e543cb9bf0b59d33693cd3cc89dc5335f2b40c16cb8de9b4d0215ec28e58112439b96c8e6d254c1ce6d5050b4e08481047fa28d3aab6fd5ff66fd014

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d8426abe398fcc57d21028a218c9eff
SHA1 8a8f3cb7e13b84d245d367de718a60b9925cf385
SHA256 bb912f0d73b210a243b951486effb89289d0b65ee6a4edb697be98b1c2f1a359
SHA512 d870c2be6902ab9060e1b7e9f56627aee8afd6f039aef9f9ae4535ef4e94ca9e077c4b18dbab1696838c4cfe111b5ee2b95ef26ddcd289a0800ba80ab043de81

C:\Users\Admin\Downloads\Unconfirmed 610846.crdownload

MD5 0330d0bd7341a9afe5b6d161b1ff4aa1
SHA1 86918e72f2e43c9c664c246e62b41452d662fbf3
SHA256 67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
SHA512 850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ffec59526623720f664c21bb1d06224
SHA1 9e3d042f035e89bc8f789be011cf5f928802f757
SHA256 e1db4f14c1513bee1e6f6e87441e5394840b9b140aa4a9af96b03d7ae23bdfce
SHA512 73dcd8240822f4737f1c51396cc4a7848e1140a543327ad7ec9fa6361c7e84d6227e62e4c442939cc19331ba577bc87a0346e20854ca4b052a315a6016d7e9c7

C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier

MD5 c890bea6e954f09438132954810d7427
SHA1 f615d11deb02acb360649614730f82a909232618
SHA256 44a8204cd11c7f1d91c8dda2fe2bbd935a55c8a62e073a220534ec8587f121d5
SHA512 4b42cfbda92affdea4b3fb64efc28dedbe598800e6abe17733d0645a8c60d9586b8a28c8bd1ccae3cd6e305f6ff8050bd221d4bd40ba41b79d69609aeaf3a53c

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 508054a50f9ad6e2dc6f3acde671b291
SHA1 8d6811a41842206832c484e74dbc2eaf2a86dc15
SHA256 b3657f62d0ee0a9efb105e015090b8215bb8cd12961c97218a898ae75f16e78a
SHA512 2131b420579ae9a89571f5d7a1afd725c9b32997d8ec1f5eaad69815b3cecd11941053fdfb5a5c39db9d766701a88c27919aef7dad40e9be6535c033cf704421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be1b55f56d78376ada2aa9c78460fb91
SHA1 14c02d160a7f64bc198d5606091e239514fd214e
SHA256 0421aeb478fdb415479c377ceaec96d1b150ecc6130f0f7f4d3de8890427ed28
SHA512 6dee6fe351a15d9c7c59e7655695738a60bbe9d271449d8fbe7aea82d91251e0519667f79d9f39136400ef1e6ce789ae1f1da19b5dd8340b6acb0b8346145b17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 334f82895cc3fed301e0b52fbabb48c2
SHA1 209cf69db35a0c7b4f941b8d7ffb8f6d1e8c27b2
SHA256 6ff58c9fb9e43ff7aefd2851ad497d59d4c760630abe11fcb837ca9b05c1b6dc
SHA512 c6ffb79048231338433afddbc51befcf7a4d0c08e4d926031e2841ebee8066b9f5caf1be04e607848c05423f96efcb34114b8f4de93d140421e2eab03d111b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 751f4e50043e54087fa5bad363ce8834
SHA1 ac2700b3e91ab26889dc9423921bc057aed09464
SHA256 3d8e176463ccf82ac8f01e7b98e538ab7475fba55c45c7d06a75fe57a5f8a7f9
SHA512 05cba5cc34697346c72b94ebcde348867d4c2cc88fe756651db5fe03e785ea961a1b0e2e6f9d9a73e40d02c680e0baa06ad6a5738d1f594f6fc29039ad9b8c93

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c7a65082-4f45-4cca-bc71-2e3e5f581931.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 121380ff8676c89254bd4e91de30bb12
SHA1 3fbcbb20b3ffd3492e33d75b401dcfb6b49d974d
SHA256 5ed9967375fad2ea01d802fa552f966224d93c4d9dbf44efbf6e8affdb06c4a0
SHA512 ce6b3a485b422ac26b3eeabc133dd369b5f048b69e258938715d56c9cb8e2ea40235ff260e02cdcd7b7989c77c5a2bb16117647aa0ca6f5a960c1a7a97adc524

C:\Program Files\7-Zip\7zFM.exe

MD5 004d7851f74f86704152ecaaa147f0ce
SHA1 45a9765c26eb0b1372cb711120d90b5f111123b3
SHA256 028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be
SHA512 16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38fd2814d53a93d34d409e8ebf713733
SHA1 e85deda57974bb61f2c80a5e665bfe06a1eb1dd1
SHA256 8efd50490fd3e58a5f121d56dfde3c77bcad57b1d5e40f279bbdf4ff1ae7fb40
SHA512 228968ec482731499503be9cbf3a29ff4911e2aa57b8cb629cba0c4bb25de553f1ac856d7daca514461b2b0e1a9dca6de7fdcf7e08c85703e1d87e82ac91df5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5796bb2e4e5f1581ccdd66a4f094819
SHA1 9767fb1c173269016d81b4dba5ff6a4a7c0b8e3c
SHA256 235f8af6dd95e0ab941365227f384a5da51dd4502f1439d581bffbd3b46e5b01
SHA512 bc8613cede5cab9206c5722023dcd508ed753a51e41de0f8cc57466fb49c8f2f41163d3c95409b808a37c0e1cc28030f199f95118edbf73fe1c9efeeabefb667

C:\Program Files\7-Zip\7z.dll

MD5 1143c4905bba16d8cc02c6ba8f37f365
SHA1 db38ac221275acd087cf87ebad393ef7f6e04656
SHA256 e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812
SHA512 b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f12798d5d91cad28488209bda40bb04d
SHA1 5510bd5c942933921730760b2d35be64b436909a
SHA256 0eac79d57af4a36f93fdbc5db95d52fabe5e4ac16a6693c45c95d905f4d95b2a
SHA512 31eeb176d29cc9ec6847f13c933aad8c1890c0ad2a0e43d88b8fad49fb29937e5e6df4c9a9d5a6051d7f2ff507e28aba6983c46996a14bce473c70f3bad56331

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6126f866173635b3a4edd841f33848f
SHA1 5cb72314750fb7accdce8a18e41640e7aeafb4b8
SHA256 ff6e99288f32936b74d77c4ec07984bfd106d929462e2e8d96a79e4a5ae51922
SHA512 a1fa3c7513879a7bd12a7d4abf8a9bb2571bb1eea247da6663c948129f59c27a0ae9b80ec0ff135a5f5469aacb2d353e0971e1a6f5e576f2f84056a99e7ca5a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 744d28cef847604c5a6eeb8cecdd6629
SHA1 a6a92331749d378631e5b618715a13c346799ab1
SHA256 02eaaf779aa11f1902964c90466aca7358720625df2b5b0a87e429057ef953c5
SHA512 eee3ce52dc216c1715678649eb7f34da9ea2e425cbaeb9dc5b61a20067abe061646d67d8a9191722934bd809ce4e989e3deb3c711ff4c8e0316c2fd366bf5f63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a68a809aa2ea39f658febceff171fe25
SHA1 92a1996cd651112d5278f8a2fbbef7b5f3fc771a
SHA256 3e4df69fdf01597f273594aa5c337f7b92369bda7bf7378c6094cc3b7c19815c
SHA512 22c460a1157c8c007c509c43179a1324816aa83e0bc43d6a06bbb3d0c3fe3de35a46c06f2da3a1f11d48f59f572eafab623b2f4cca5ab2bbecc9daa6852f9e33

C:\Users\Admin\Documents\Setup.exe

MD5 298c47801eb4120f498fa8a9ea75bb78
SHA1 1a28def164ab62bf114a0eee2fc2ee1a5da4e3c5
SHA256 4e9d620b4490352c42e46db2016b795e31c6d69b862506dc2a03e5515e9d8d01
SHA512 e318cf2a9b3a8db47761cef7ab7e139ddb4aee47baeb7eda5c870dea829d5102a0711e9740cd984ae541362279afbd75daaba3c224c4fbbd20ca97828c9b98a8

memory/2336-874-0x000001AB0B390000-0x000001AB0B522000-memory.dmp

memory/2336-876-0x000001AB0B960000-0x000001AB0B96E000-memory.dmp

C:\Users\Admin\Documents\Stardock.ApplicationServices.dll

MD5 99c69dcc2551e1389b1f5204e1e83036
SHA1 6a163c6b27e1537c52470897ee3922eb4ac870a7
SHA256 59801fcab62e7344753e2651f10c1cdb72a00243791675734aeb16b55d6eaf76
SHA512 0fdef43cada0a5f1933cd900031d1ff917c12d5046eed3f096a1338f12ad06b31d3baa7c96c80948ff3059bbcba6d0d9970c102acbd84f009b3ac9f5be45d7f3

C:\Users\Admin\Documents\SdAppServices_x64.dll

MD5 f95497e2b0f877ffaf4c2d4a61bd528f
SHA1 88ce330a487e213afa1cb6270783d530f03d38e7
SHA256 b0efd359f1a4287c2d61a3592f987a6b5346e15ae6a38835dcedb0dc3b2c21fd
SHA512 31f245e7b9ae204f691d4ff18f18b9fb8498f9226b43e1254d34e31ab6969fcd6dd8ab4e94eff5f049d3ad6118f59cf13b89a147d89ac4e7410181bd7b5a490a

C:\Users\Admin\Documents\kxixjjm

MD5 f9cbad39fc5eb97f0a5cedcedabae272
SHA1 1bbc37740cbcf9a39b85d200c2b8d0648e6ad18d
SHA256 7f4b1289fa7ed9cf5bf98860599b27240af3f9c157b7935b3b6747f8a666e352
SHA512 58c88753db52ebceffd96a11dbf8fc2433c3ccef68eb7d50d1a367cbde90d33b6a7b8e0fd0e58f0f3e0e804317d33a46a541614fa5f0608f157f472fce21da33

C:\Users\Admin\Documents\xdn

MD5 a4d362b3b5bafedbe27583053d54e5b0
SHA1 900ac6f4edea1342e2e658aae0d0adf2e8c9c0da
SHA256 ef43ce5848ae1b359f0d056371a8a32d1e8602e9eb0c8c6044203b56c8436e0e
SHA512 14d4fdf401694bfbee6b258340fc626bf0858eea89494b4c9b6b1214fd02d983c5772978a28554b8fddb86fbf7a0b4645b6a9f9b3d4834eba3b898a23d6b0476

memory/2336-881-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

C:\Program Files\7-Zip\7-zip.dll

MD5 d346530e648e15887ae88ea34c82efc9
SHA1 5644d95910852e50a4b42375bddfef05f6b3490f
SHA256 f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902
SHA512 62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

memory/5880-885-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc405fdeffe287b4eb1b75e51c84f19f
SHA1 24108437959fbe5732344588785648839f4df9e1
SHA256 7854b6d154195f0d5d9551f55e2af24ffef90071b0eed9bc1fc54eba5cfc7491
SHA512 d8371422daac67ff294d85bcdc3cf47dfb49b1c9f62818ffa0906171a5601b55522469bcaea9068b8a52eb73f74f12a78af7566e51171164f5545099cf639a47

memory/2344-897-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

memory/4976-900-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

memory/2980-903-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02c2e0b8e9aba8906b1d0c2dd59e2afe
SHA1 efa2fd4e319b15aef37c7b1ce4d462940d801275
SHA256 7faadc35e41c4dde017f6ebc782e3eead037ff50ad0eeff2d1685c14145d4759
SHA512 40c89507b0e651f02eaa737f819644fc93370fcc36addc3c038b2122a5f2fefe8f77501e23049d21d07049031dd837512f57a23095a488871bcf96c58a0533fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92bf8c06ddb3bbcf2302c163e9b2d675
SHA1 c5399dab74e7a1be1a71dbd62111191047ee68f9
SHA256 cb3428f0145625e0a434e8f558ab7124794302374ab7b76a0907f46720999aef
SHA512 ee2a57d4c3927d3b5d1cef483d7ae604990176c185b50038dc5ed4e99fd7395dd6ef6c8557a1e6b4e32c2641ff45188c737238aa8e49ca662749e234d435352e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e9ec7c477088468f842e6649fd34082
SHA1 1d6b6f0c2dbc6812f5b99530127e685e8e217aa3
SHA256 d96dc6af400f76ddacd15afd70f92bc90d631965c1db0c8d18d51133728fde0f
SHA512 4fe6e7a2245a2efc1d6f66645ac14c119a3e8aa6563d38601adce10fc1c5b1fe39f43b2abecbac51d1187fc9a02fea8aeda4615a35f0a7671ed022ca8e9fc235

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7921d403c537f4f371c2a4095ad593d
SHA1 9ad1a8ceddfd44072aeeb565d4b400c2be9b5247
SHA256 31bb5cb798e2ac5180fcc8a50e9d566376f5ab519a0e5041cd421921a89778d0
SHA512 255c4aaff33dbd67b6ef5f3297580b938bc0751ece74ed9fb1123e27eb9e9cc8e5bcb4842e99039d11de978e997744e90dab966d579c4725845558bbcd214d8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e4b08a7c2c276877a8ecb0b83362a1a
SHA1 3b0b19073aa3482458c238794240e5cb865561be
SHA256 aa9b215c2f4d13c8520d7ff6005eccd6dacf4cc24f22435950c8401269c33a46
SHA512 bc5fa8cafd680c718897c05a5bd4f44ffa3c7302079508192afa8d50a17e8353e347d832b3e1a8a121dad4cc48f6cb82eb4e7f1bd6d4964909262b8a1b2c8582

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 416c27e6b6d51eebadfbe3e1f4af36c0
SHA1 f1890dca5a5037fbc25813b84bb87171e3a0276b
SHA256 d33d30ed342981b1b128de28f314646672dd4822f1c6d3fd776824d0184ecd8a
SHA512 4dad4f12be1e46782e72215f8cd8457b2d67c5a86b5809db3415fa076054bea0d80f59400143058bc801667443f5df73e13b79716e3bfec4a17f1cdaef6d4a11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 636cd465d4fe29d56859aed4ff7fdad7
SHA1 b64b36dfb87c910ca2077b887ed097955c099c96
SHA256 9b19288988befb579b50a3287a264e0c0815b88d3c612a7e8af41c2a2680a028
SHA512 5a5a2b7e1cf0285afcc5f5596a16d784f1bcbdff2f552753795bbe440b73f17d38c2cc0fa8a71c3af443d207271ea08329cd57b4c753bb29e446764a5c957ac4

memory/5804-1069-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

memory/5188-1072-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp

memory/5648-1075-0x00007FFF6E270000-0x00007FFF6E5D0000-memory.dmp