Malware Analysis Report

2024-11-30 11:10

Sample ID 241119-senmksyaqk
Target http://www.google.com
Tags
darkgate drk2 discovery execution persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://www.google.com was found to be: Known bad.

Malicious Activity Summary

darkgate drk2 discovery execution persistence stealer

Darkgate family

Detect DarkGate stealer

DarkGate

Suspicious use of NtCreateUserProcessOtherParentProcess

Blocklisted process makes network request

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: AutoIT

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Opens file in notepad (likely ransom note)

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-19 15:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-19 15:02

Reported

2024-11-19 15:17

Platform

win10v2004-20241007-en

Max time kernel

836s

Max time network

842s

Command Line

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

Signatures

DarkGate

stealer darkgate

Darkgate family

darkgate

Detect DarkGate stealer

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\babggfg = "\"C:\\ProgramData\\heghfcb\\Autoit3.exe\" C:\\ProgramData\\heghfcb\\bfhhcgf.a3x" C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\babggfg = "\"C:\\ProgramData\\heghfcb\\Autoit3.exe\" C:\\ProgramData\\heghfcb\\bfhhcgf.a3x" C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A

Command and Scripting Interpreter: AutoIT

execution
Description Indicator Process Target
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\file\Autoit3.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ioyy\oodv\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ioyy\oodv\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ioyy\oodv\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ioyy\oodv\file\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ioyy\oodv\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ioyy\oodv\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ioyy\oodv\file\Autoit3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ioyy\oodv\file\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ioyy\oodv\Autoit3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ioyy\oodv\Autoit3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ioyy\oodv\Autoit3.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765023424575528" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\ioyy\oodv\Autoit3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\ioyy\oodv\Autoit3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0 C:\ioyy\oodv\Autoit3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\ioyy\oodv\Autoit3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1 C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\ioyy\oodv\Autoit3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\ioyy\oodv\Autoit3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\ioyy\oodv\Autoit3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1 C:\ioyy\oodv\Autoit3.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\file\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\file\Autoit3.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\ioyy\oodv\Autoit3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3360 wrote to memory of 384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 1736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 1736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff997246f8,0x7fff99724708,0x7fff99724718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12630150259896038326,11267749167577971905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff96f6cc40,0x7fff96f6cc4c,0x7fff96f6cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3388,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5056,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5520,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3308,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\vxhxrqnb

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5260,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8

C:\ioyy\oodv\Autoit3.exe

"C:\ioyy\oodv\Autoit3.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\ioyy\oodv\script.a3x

C:\ioyy\oodv\Autoit3.exe

"C:\ioyy\oodv\Autoit3.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\ioyy\oodv\Autoit3.exe

Autoit3.exe script.a3x

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

\??\c:\windows\SysWOW64\cmd.exe

"c:\windows\system32\cmd.exe" /c wmic ComputerSystem get domain > C:\ProgramData\heghfcb\bdakbgf

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic ComputerSystem get domain

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"

C:\ioyy\oodv\Autoit3.exe

Autoit3.exe script.a3x

C:\ioyy\oodv\file\Autoit3.exe

Autoit3.exe script.a3x

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5752,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5452,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5944,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5708,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4864,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=2744,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5720,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5504,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5340,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5984,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4048,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5040,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4104,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5476,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6044,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6076,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=3176,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6732,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6804,i,3126800420633944072,6788309682785379455,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4068 /prefetch:1

C:\Windows\System32\OpenSSH\ssh.exe

ssh 179.60.149.194

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 142.250.187.228:80 www.google.com tcp
GB 142.250.187.228:80 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 179.60.149.194:8080 179.60.149.194 tcp
US 8.8.8.8:53 194.149.60.179.in-addr.arpa udp
US 179.60.149.194:8080 179.60.149.194 tcp
US 179.60.149.194:8080 179.60.149.194 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 179.60.149.194:8080 179.60.149.194 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 179.60.149.194:8080 179.60.149.194 tcp
US 179.60.149.194:8080 179.60.149.194 tcp
US 179.60.149.194:8080 179.60.149.194 tcp
US 179.60.149.194:8080 179.60.149.194 tcp
US 179.60.149.194:8080 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.16.217.172.in-addr.arpa udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
US 179.60.149.194:80 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.135.32:443 r.bing.com udp
GB 88.221.135.35:443 r.bing.com tcp
GB 88.221.135.35:443 r.bing.com udp
US 8.8.8.8:53 32.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
GB 95.101.143.240:443 assets.msn.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.136:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.msn.com udp
GB 95.101.143.240:443 assets.msn.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 240.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 c.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
GB 95.101.143.240:443 assets.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.12:443 browser.events.data.msn.com tcp
US 20.189.173.12:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 95.101.143.184:443 th.bing.com tcp
GB 95.101.143.184:443 th.bing.com tcp
GB 95.101.143.184:443 th.bing.com tcp
GB 95.101.143.184:443 th.bing.com tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 95.101.143.184:443 th.bing.com udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 184.143.101.95.in-addr.arpa udp
GB 95.101.143.184:443 th.bing.com udp
US 8.8.8.8:53 3pcookiecheck.azureedge.net udp
US 13.107.246.64:443 3pcookiecheck.azureedge.net tcp
US 8.8.8.8:53 www.autoitscript.com udp
DE 212.227.91.231:443 www.autoitscript.com tcp
DE 212.227.91.231:443 www.autoitscript.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 231.91.227.212.in-addr.arpa udp
US 8.8.8.8:53 200.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
DE 212.227.91.231:443 www.autoitscript.com tcp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.179.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
GB 142.250.187.228:443 www.google.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com udp
GB 216.58.213.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 142.250.179.226:443 ep1.adtrafficquality.google udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 fileinfo.com udp
US 104.26.1.149:443 fileinfo.com tcp
US 104.26.1.149:443 fileinfo.com tcp
US 8.8.8.8:53 149.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
GB 172.217.169.34:443 www.googletagservices.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 172.217.169.35:443 www.google.co.uk tcp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 155.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
GB 142.250.179.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 b0db728db6981217261d935e33f677d5.safeframe.googlesyndication.com udp
GB 172.217.169.33:443 b0db728db6981217261d935e33f677d5.safeframe.googlesyndication.com tcp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
GB 216.58.213.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.179.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 2.20.12.102:443 deff.nelreports.net tcp
US 8.8.8.8:53 102.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 179.60.149.194:22 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_3360_SDDAGMETENSFCULL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fdb23b78bf87b3519ab70aa1d8313c94
SHA1 27e5d5c4cef83dea94573cafbd7232edcd41f0cd
SHA256 e6aaa67b8e6405101ba785308bc224fa7b8fc6040433ccfc8f35467500e2bcb2
SHA512 2b31a5bd590e14d821cf5d831defc8343733fa122efcc3458c71d41e904cc64303dce3f300ed74d771d8d0d56e9dec5f5f8f21b667fda7e3d2bef41ac530137d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 413230f8e046e11c25571ff08f2579ea
SHA1 4e1303fc8da7858bce6c1d2ab292b42331017c13
SHA256 6da3acfcec98dbc5b41117f5408356a4e96b2225ad329019e931c4a8d9379e56
SHA512 02751543970fb2b745acd0d4df43fd9bb8200957dec8d23188216732808efcd3d2162c4c0c313aa51a4152b97a5fb08a225bbcae84d56c9b7416eb7003283c30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73449032a803ea5359624b232b62c653
SHA1 4d5318f8b3c4132949a3c9e01bb2e5dd336fb994
SHA256 1e85ac1bfe54ae8702048a6bd0aa9aa683cd922a1c06d6c077c083fd47f22c34
SHA512 7ca3f2f325316ac1dc32e2d979c175214e50c563cd0403788542a1d7bb61c270399ce7f9c27e0a22c5085c0b09129643e95b9bf7446b8a7933ac6f09b4ff720d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e44b86a2b124bd5f374ab845f78e432f
SHA1 5d4a59d02a160712944e44cc45dc1d85c557aca0
SHA256 a4df9e9a7f594d612d6c40ce6fffbbf63b3fd9be563a50b596030ebb9ba138f9
SHA512 16810c0f258f97805372400dd15925687ca032ec18b7eb46ea637e1adfc1dabf46018564676a40d24ac0b6ad6eb06176f3212a550d93b021cfbbeb1484d3c4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e773eac-c959-4d5c-83c9-1bbde95565fb.tmp

MD5 18ec5a0fb84c0f8b807959c4a70aa154
SHA1 dbff6698b5ca216d1d8afc3f3325fcd7e2bf07fb
SHA256 3fac756bdaa12080003d6250488a18d22c3500066ad58c92a7840d82f1755367
SHA512 79f9195239bb5d4db70092c9c8e7b4a39bd75f4adc2b79621c2539f97fcf61c1c60e4ee27169d3fa83819e649e93df480ef81b4ecc94d8f26ebdc60861de5065

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2sh2th4y.00r.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4716-156-0x000002075E870000-0x000002075E892000-memory.dmp

memory/4716-157-0x000002075ED60000-0x000002075EDA4000-memory.dmp

memory/4716-158-0x000002075EE30000-0x000002075EEA6000-memory.dmp

memory/4716-163-0x000002075F080000-0x000002075F242000-memory.dmp

memory/4716-167-0x000002075EDD0000-0x000002075EDE2000-memory.dmp

memory/4716-168-0x000002075E860000-0x000002075E86A000-memory.dmp

memory/4716-175-0x000002075FA00000-0x00000207601A6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\de461d70-1cdb-4ac6-919c-58db1ce638b8.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\cf315f2f-0ee4-4687-84a5-12cea9e266cb.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir3968_865590057\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 fdef021b68170bbaf2fe9fe98158e3cf
SHA1 4572bb865804c373d5683b2458e0062f75270260
SHA256 d88d2999cb09eeda21f8638dafcd0d1ae0c57d46a61b31dfd643185c233966d9
SHA512 8b4915395dc2d8d4846ab798fc224adb342de2ebfd67986cf5a3b7e02111baa2895cff414e26e6df64409fa5fe2d057ad17807b38a9820a06e9d77ba6f5accc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 60342d1e6e87890ab7a2f72b6ef25f3c
SHA1 c69ae4caf1503dca949d5b2cec387f33a4b3eefc
SHA256 6bc18d7ee546f8100230af53e01eaad1e99d0aa15318c7608235b6b46097e3c4
SHA512 556d8db16ce8a3643c2bb3608ce58e1400b8c44c90b8950a09c9f7c0794146d6a4d4817af84474b55acf7b8b8e98444bed7e83ec6bccbce498e6828eca7a4de5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f613d39a3a677faf260ecf2f347e3347
SHA1 de6cbde6b432c07a5c2f54bd73e040bfa5d0e9e2
SHA256 5dd90270a9d2dc2a1819f44f4443288a31c8271ae0058116e96c307fc816ff09
SHA512 d03200f9f769094e207651d5bbc5a4b859413901a2df5d2925fa50b9f3248dc8e5c86ee586ecb28a779338473f614fe794bda15d9a084e8d319d6dc5eb351549

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a33a7f2327a9335223811c869e6157d9
SHA1 111b008b077836990be5a5a4a505f88fb67fea0f
SHA256 15fd198c0126de6dee4d17842725756cf787b19a2e7ea8d9c92154053ef1a501
SHA512 cbdab0087cf4af538688adaf844f1647ccef19e4e54c077abf9b1627c74ed7f1703384bcd59774c6416640e384530637ab5eeee2e06f44c48cc05c1e93d84350

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 fcd93f3caf23fa0951aa81480b35ff2c
SHA1 5118998b853b9fba32d24efe4bc3c6330b06c448
SHA256 d8736f884f22a3ce988e1f14defa6c7c166e87136cc4e8674e62848faa8e4429
SHA512 757bc9778591a1593dddabf6661de188baeccd81f239c8b2598abc83925ba8f54310d6332c1925620b04b6db3d676f83765b054d2d9a5f1c652bea149528cf51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 99c44c5d7bb6f0f9d966134d97576bfa
SHA1 2dd9305030e3cddf355d735108be472ea69ed817
SHA256 9420346a1588c0345aed2ffc459fe1e2d3b78f2034ae999af76da1c07ffc78b7
SHA512 2f6b5da201682668201032d62fcb8b980c7f70f21dcd02ffb6bf4416c36929d65690fd5796eede10fb49a5eaa5b11240ec5837e9b07d4527bcb4c6f555823992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5ea43011139cd41ff59b479df0e9c18
SHA1 c30e8a2a2d87ecb85eed188c1f937cef62c30555
SHA256 a8803839d199aa6b6cd4d61b24b8e81b2fad251442f51efe306846b11c0abd7d
SHA512 325e0a2bfd5249c37e6b1dd3b10d6d05a9522619a96c0661ee23283d9ad711e1bef457197e55f3035c5c5a4d84c477d67b215deca5c35fcbdc43b825454f0041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 153221e5c907ef347e6a2a612de4e95b
SHA1 5126fc703af9c6bf4bdb9ee2e8a31ca0661a4967
SHA256 ae70bfe26ded00bee0301255134e1b73173d0820a349cd3b32d42b7e909e473e
SHA512 9f150711426c75197b992e1b25326b3178e15caeb857aa76d264314c14dffdb6a7a95afa05583d66174be8b6b45169ced12a81d915ff2e96b28e1c8a04a4eb7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eb417f97252bb6a161faed52a9688616
SHA1 79a27bb78d2cbfb16a4906e418907e602e3d0b57
SHA256 08198531c3e0276885bc9b05c86b12e811a638f81b3862abb940147d03df6382
SHA512 7f33e7127ca2e6ac4e4975b22843026a8478db41352e9d52eba425cb846a57056699e211789ef6940060fec0a421388ccfa878d196f86178ac0a9633a1b07b0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 496d944df8c1cef3c7fd2ce2e738b1da
SHA1 f99bea506fcd44b1ad3e55639488309907a2e945
SHA256 a5e743956aa4b192a52e07b573a2a63c45e9a85a36825a0c68d63c9f938464cd
SHA512 673fd76caab43477b65ded006fa0bacdbe3ebd9d3822ddc61e415fd23ef99e1717c70b3eb261836caa1414cfe968955e16d159dd9ffbc2e69bfd874d71e93b81

C:\Users\Admin\Downloads\vxhxrqnb

MD5 236692f2a03624622250eb8cd0fefbd7
SHA1 cd3678cab4e8a3886818929c990c10c6330f1838
SHA256 9d1b3d2c2c3ca7991b830c8775fd72b43b6e4f45a09112dde3edc20ef8e431dc
SHA512 88fd9b1d5e5131f46c0550281a2ec02947b278943ef5562f9ef397ce9c8acda24f0482744b82f853048553bb90b44d672379125919b4fc7f62b8d8543eb19793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31d254168032601dd26ba9c7d98bb5b6
SHA1 3cc2165ce7513a18162ceebd8e9c4fa7dbfe106f
SHA256 6536b725c277fadacd4f40b980d9cfcf7f1ac972dd53fa774ac1d44be958c120
SHA512 6983965e768bdcbac09971d6c639f95c38414dc26ae1224c6f8e2a96ccef15e7e085918573a78aa9ddfe91228cd3eb8074df0651522ba37bb873f9fe3a92bcca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 53bf1ec6098e775547a4a3e6c3a107dc
SHA1 e2b691bff3868ba74b1d014ca39923ebf126bf9f
SHA256 66d6552855304a76c88c20571cbe0384e935d1ad6cf02203f398072d61b0bebf
SHA512 ea3d796d8d1e7e925f1bb7d5658cab46b7257b138a976208fe4547a61ec9951c4436161212f9c304e16b8ea61ff54916d2a222eae6253fe84d36bcccbadc71a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 8ec9207690498059e355b86a70ea48d0
SHA1 683022cb3091ac4ebb209c77488dbfaf7d22d737
SHA256 3c0642717ef4c517bc25b252cb8813f49d7b638db55603b4d3f7f20311e382f0
SHA512 6cc6e882f24525d2d346996628d12af17ed929b72c51667d61cef01468070a4de87d0987665330cacf7126b6b4c16f280ba2e26f87f0c57cb0056161507d1f0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b869daeda172267c77863d3a94a0438
SHA1 e9fd63dadef05cf6fa1e4f867b3693a44be19f5b
SHA256 d1c3ecb07d2073a5af020e900ce25e2ed5c362edc17338866ce4c7bce62406a1
SHA512 edf850ee26a4016b88c0010bc7784b5e89d9a97333ee06e532f14051165296e494846d9cc38db1342183758d43a8860c3646c34afd2a77c37222eb9604cb5f65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c545354e5485727887e8fa89d79ac907
SHA1 2b3e1646794ece55a966d9f9bda98a10305635b6
SHA256 1d79a4181d03268a023b8e604c8fa06e5bd096a7885db456092a5f7ece74bf06
SHA512 7052ea5bf93452fbad8efb8002dde9ca2121823bce11e473d3fe7c969e8385e0b1f253e06c94cc27d8a27448a24edbf3c3bdb839e63a6cfe94aa544038e1c040

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb419f9f6683d06c56fcb5145b4394c4
SHA1 76ba24615b0bee5edc448ab713a27ca51765c5b2
SHA256 e4189f1860661fbfbb7a17e7f78f9185a94b280ebc3faa08ec6f1ca758db430c
SHA512 ae54639593e6fd6c20030bb52f8ae8529e2ae788495903e56d1191c575dcc81b5b6c30b5dd0944c6c928ca624ca44ba2eabdf3ca18dad658de168adbd4f4bcc7

C:\ioyy\oodv\Autoit3.exe

MD5 c56b5f0201a3b3de53e561fe76912bfd
SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
SHA512 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9dc82049ee0c17a7feea39e2ca8f6fe2
SHA1 ba8fe766b839b12be02a437144e96ac6aa268c08
SHA256 a02e593bfe9fbd02d783004e83bc5a88c9bc69f4289b478490928f18e313b9fd
SHA512 2034d7a77a77a7e616673e1c01d535a12fe0eda5e96859954a7fecdac0fe0c4e4aa719fbc298f37e2729d4b77e202c27d19dbf4d30fda829f1ba3ddb7f8d7eb9

C:\ioyy\oodv\script.a3x

MD5 16b74f49877639fe342ee37e8a91bd2f
SHA1 bdba48bf47f952abb8acea6fb843650ea9ea5594
SHA256 4760eb1d03464ce037df0180776e80bffea5904fe3a832b258acfa4a565a1f32
SHA512 6076208cd1c916f6c90b85f1e720ede77c34b83509a48b9190023c620acd65b3006396565744a932d48790c7d8e98c87b7511c0701d7f5b7af2edc749313794b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16cd8a5e42a9880535609bb452073a03
SHA1 7ab50673baf697f6f91b5e8d6c237bff67bd8fdb
SHA256 de3d9f1223e9925ca20b7e6d820e1aee6cdf53b1cb0827f9ae260f639d0b9700
SHA512 381b06992eec1040d5ceb2a3a0d83998d8555f37d8f068410b4b084569fd9ef25b58cea6d8a597ad76a36c1e4166c8e71fee4c845f58fbfa737bc627d0e7ef13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b59c4a93c79bba014ca3656a3d29a58e
SHA1 b4f77705d59e483b9fe716f038f5227ba2176bb9
SHA256 89b168ae049aeb0638b46bd79d622831f19b3d5590ddd76bc01482ef0ede99ea
SHA512 555c69a3672c3e8d369c644c1ca0ffd644933d2496bf89aefca7bfb8b23eed76cf56542ffd3bddb4eb9bccdbea65a0558f921c1989e1ed5372b652db5e26f53b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52397166724ec7f24357bd4b2c065932
SHA1 dcfcea536307790ed536db73888a5fe3d1dbdc9e
SHA256 3c2e530044ab585f0827215ae5de6d5d434b682b4dae893029626ddb2d654bff
SHA512 0d71b0baa48cb09fc914d8c7776a1924e949a5105d33776e7ea188b5edb03ebd66b4f51caf6ef5bc0f79415ed3ba7d7d4287a7334ac7d5b929c5e0b7e7bf8eba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 345f13c249e43055ef710d00a088291a
SHA1 02bfdf79bb4a33d86236eb2f32f6a473d0be5f1f
SHA256 951a17d240499b8210a6295c2c399102927a1c45daf6ccae8c4af987b70e0148
SHA512 8f2173b0a459a95822b8a50f63b39fbb244aebb63e97b8536a2cd476aaeefac9de962962e1af225bd880edb162f3ed4f642f3a07b437d915d717cafa26921c3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07ea57f7a255134586f76c4e270c1b7e
SHA1 5c5b4b26b99ff11664bb69e56693a3cfa995befe
SHA256 5a0f1fd495bf38c4240f9d62500a8a54f90dd825add6775bd4f9b6c2d0f8df9b
SHA512 195bd152dc12fa2c8e65f0d9db6a34026000fd6a528fb7639ff1084b59232db11fe32f968518649fee45554a3db4b17aefe4231f1bec2a08cd5aae8a3da6db90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c16ee0ac12326050a70359aa90f5f21
SHA1 cd7498aed14243fd5e0f419e6f745c3715f7a476
SHA256 217055bc2fbb3e26c6c1104d56e6bbfd18f382e1bb9b57d50471329e5b925532
SHA512 dae734f9cf05f455425aae3d506770b1a6d6cba3084363e8f5d2c7d4788b421f9c2f1e2c38307b3e920ccd4ebc2fe6fc52c4eaab35ba4eaf616545e399a19553

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c114704cad7624a881e6ada6cc787864
SHA1 97e338078b2b81edca8d50f62b627f5f1a8eea3d
SHA256 7dcfbca73bb15e61246e21b0033aeb52291702cde07bde64352b43a0da869b9d
SHA512 67513ea9f1639b049325c8d446e141ac2dc89be3baaf499927c9cb06a9d87e412ebc4e0bbf926f2ace2bbad15b607e15fd095a57dd98d70380a7fe5ede76ffb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab1c7d07d02c842b2470a4938b423cbe
SHA1 008157a7816bb75e8cc646a782c1577e36c45a7f
SHA256 5dc02c820ae991123b20eb41dcc10bd95c75162045cd1e1e301a72fe2420ee31
SHA512 0c296d5f5a5a65c67d18e93b46bfa0e95ae0fa6d2bb8dc971c4c35ee516e1e98cfd144b6fff218c9641d1ae60a8ed2c79934b16e497248362c9dbda8970cbf01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84a797f9de18df5377ffe0e832250dea
SHA1 a6e15002df49201b70a7aa01e94086ee4d050267
SHA256 944ec5340394136dfb40909c68eb3ea0e49021edde0792733a83de7caa5be527
SHA512 fa7b40d2d6ac24791413f772a07c7d7b711bad56c0769ccce249827d741e8c4c2445e7d72b09bf040b46b0c411ad2f5ec8e82d5e87d7b91042ab724998db7bc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9a9e62f6d673c74db051a8957ec0dd5
SHA1 eba74dde8c4d77ebe2a7959ba75cc1a494cf2c29
SHA256 4a8c082361aa8cb5ffa01195bec9c143a68ccf785063ca317a41efd65e675c95
SHA512 ff211c13be040f60e187d6bd5c501428f5b517d24175d508a41aa36072a653e6867f76733c1ed8b80dcc69073481ebf26b39612b44088daf0e8963da88aafe86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec9003f308d609d3c13ab396fa556ce2
SHA1 0cf9496816b10d75944ba7e14795d5db4427af89
SHA256 1b60edc770a678415ff9c707c22985ab6b06724db323b0a630290dd7f7e6a497
SHA512 4d4c9a2b3dca3c664ebb219720da50e44dd789d7cbb4b42477429b37061b544660c764666ff159a1984854287df89da38401e1f8848a884c204c44b574db78c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 644f0d048f0679f0eee2bbb8cbfa38e1
SHA1 3133ce3448b72457c4817b1d95e0ac0d41a921d8
SHA256 9c85a1215192258901396de104abad492f7d370083b2cba4fc1d954687d01e2e
SHA512 2b80ff2ad6f549facef2203adc88ed366d410350ae3185af474b36accf69971e0181e43b2348279a930fcd54257aadf011e4530b548042deb0b14fd98fbb5551

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd367a92a3368e6b27d4c52c70ee99ec
SHA1 23b61f66d7115640db056f653619e10102af8381
SHA256 9dbf5fd24f85514d2712e9cf7846754e836fe67aa8bb56a41ffe068a22ac1b69
SHA512 946df0d2f3fd46d53c82eff727de4f580e21751d5ceb41d8c341e439f1da240fe3573a470167c701093430a34be1892ae46f8d4d1f9865e20b6e3433510b86ae

memory/4952-860-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-859-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-858-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-864-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-870-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-869-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-868-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-867-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-866-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

memory/4952-865-0x000002C3E39C0000-0x000002C3E39C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8f9917570121ee4e26a29bd806348cb
SHA1 55200796d0444661ffb4fc318ca459d5c27708d0
SHA256 b00b5d6dbce8ca8c55b81476a6e27ce114382ceaadd0f44f3877775489539bab
SHA512 ed98b86f23566e5316e178a3d5f841890185ce494bd6469b895d4ab1b643a5cdad53222d927b4254ec2eda8f4703be1568f1a02b452fd75c28945a50284eec3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8bcbe4cc-645c-45d3-87e2-c307efa4cfc9.tmp

MD5 67365bff92f13295422dfc5b0597436a
SHA1 79e64945372312a32bf2c04f208c9af31c69c67a
SHA256 58073cc8cf82e08c4b6ac75603e30ef471c590be3f92b0d5eb6feb767d65a2b4
SHA512 21b1c671c404f735ce793f1fce7f056b02ab3be377f9ce266de421434500b80d4754191966f3141ba31ccbcb5207ce3d0ed967bf27bba60675df2001a82722b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75ad7b40d6139378c091a839941b8dd8
SHA1 97d210f829d3a902156623dba3b79899024c245f
SHA256 feb8cecea2c28c6d6bdba2685e1e5e7aa93ac8612da894437c8a72ea23c24562
SHA512 939b38713b087b8af75c16d3d28f0a2a9ac6cfc5a07b0f22bd484a94c1f93e7ba7321f363073b4b8a0570165775c0620c8ec18730e49db25ec5942caade22c48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 371ee37f6a8445b21389f6e6ec4a4ace
SHA1 847c33c49376867400463a1605f8beab50c6d3c1
SHA256 d329415be3a9e63ac535bb645c59815336f1a1c6d59071dce34c3779e7cfb115
SHA512 af3485b5ef61b9391fe82db5225e1cf509f1f6696f959d1b43b89831dd25e15aa4c91279f3bfecb4bc78dc18bf5da2fcd06808ff3f6b9a74f06abcc1fe788c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e1b1cc1b646ff7deb42806ebbe2461c
SHA1 05233c1a2c00ba0a1175de05a9f1c8fe20bef989
SHA256 80b8b5fa77a83f98f311f0ef6bd336cb027016ecba46c586e425b800230366a6
SHA512 bda3117c2667545722cb8f9bbd7bc4631d9497c1bc86926eafa8f668aaa2063f3b8d056994b400d3db251e6203d0bc1fc920638af6dfbf17e9cd20e0ce22a8dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8df858ae1aa3198b4b5ad280ff6a0eb
SHA1 abdcb9b944a0ff832c896fdbf0d202928294fe9f
SHA256 3eab794939e4c9cfd6a1501f1c77e4b2d10ea9c6944066934180113cc772890f
SHA512 76b0a1a69687a8e6234c92bf8567baec0f4fc15cddc977c48bf1a279a66ccd3c5a274a4c8a733514ac8ab3d5643232505b801b11f822d4068da98290914e6330

C:\ProgramData\heghfcb\bdakbgf

MD5 c8bbad190eaaa9755c8dfb1573984d81
SHA1 17ad91294403223fde66f687450545a2bad72af5
SHA256 7f136265128b7175fb67024a6ddd7524586b025725a878c07d76a9d8ad3dc2ac
SHA512 05f02cf90969b7b9a2de39eecdf810a1835325e7c83ffe81388c9866c6f79be6cdc8617f606a8fedc6affe6127bede4b143106a90289bbb9bf61d94c648059df

C:\Users\Admin\AppData\Roaming\KDbBadK

MD5 b9cab9f18a474719ebfd267b43c276d9
SHA1 69b4a9e0b4e3dc1ad203b1c96d791bd925c5ddad
SHA256 2435f83dc355343ddcf46f92861cabb48fa7d6a7022c239f50be0bde9fb8c1c7
SHA512 4e3db1809ead363c23fda3a28e15c037eed4f25a430027587ea93fecd6431c714c45d11a396901ab1a69f4798062a90d5c579a7b78fecf12f8d5dda50ca8dd5e

C:\temp\ffkfbha

MD5 96df7a2b8e88758f2cc99749be74e9bb
SHA1 4d63d8a387084dffe94544872c50783f8912b6a8
SHA256 5faf8941198e331f8b61225a6300d49299abfb1b2cff64276576ce7a54da967e
SHA512 25124211a5bfaf66be6ecbcb2972c28d3304ea1b1ec5a9a6fda4a71a72c44d950fe1418cd0537c2d2dc03efb81c29f1656f5a4dc3caf5c3b92616b9ab2ef587b

C:\temp\hhbbkbc

MD5 975e2780fda37280f5bc01f7765a3eb3
SHA1 8f432a594ec096f6fa406a2d2bd7c4f675588730
SHA256 921c56cc546984e61c6f5f5ab2f11864bb245233511e46f675d64595f3fafabe
SHA512 3c3727dbb0f89a0e95e731eed9d205c19fe6fc3ff4fe84140ebe9df7e86b81be0ebfc31911627d55ffd46849d551f6cfb9fa93daa9adef73435e4350bc5cc7e9

memory/736-939-0x0000000002F60000-0x0000000003702000-memory.dmp

C:\temp\ffkfbha

MD5 1fb4d8460e1308616f5668b55ab67245
SHA1 bc241f932d1bef1d1e2342746acdbf38bcf33fd0
SHA256 5e5ac3d5dcf22e11511859db2c4b2c7aaf9d934e1bb3f3f4c1f7befed510b456
SHA512 67c6c7838bc80d2a710a17df3a38cb0ac3715b3da570622a9fef24c70b8072810fe34844729d82ec58152e69147c4f77fc514ff88b79a2a127dda6ac767d3a64

C:\ProgramData\heghfcb\ehhfafc

MD5 a32dd393f8943930caecbc53f5ebe400
SHA1 45a798cc682dfd33757734d0727a4f6fa46a984f
SHA256 82b0ae79c41dd9eacad07571332cd951508dd8bf42a7ed0ed76691430b1db206
SHA512 2c451836f04ddd625b1599c8ce7971acfea307dee965c13206d74aa5d36a8bce7723ef1fc964e1bce1871b1da620c5a30b24c1f8d184a90bc9bfacf558af44b2

memory/736-946-0x0000000002F60000-0x0000000003702000-memory.dmp

memory/736-948-0x0000000002F60000-0x0000000003702000-memory.dmp

memory/736-945-0x0000000002F60000-0x0000000003702000-memory.dmp

memory/736-947-0x0000000002F60000-0x0000000003702000-memory.dmp

memory/736-949-0x0000000002F60000-0x0000000003702000-memory.dmp

memory/3588-950-0x0000000002820000-0x0000000002FC2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9cd11a22513d58d4adedcdc9621e6283
SHA1 8eccbf5be2591897c767cb2b735549773b7b67b4
SHA256 c4127412b64e059e09f22b5f7650124601ef53ffb52a6d0b94863e16b3494996
SHA512 291beee3274bcee36ac03f59c91fce0f4f5e9ac7894a38110f569d547b4d79ccc47ad5065a78c4a39774a872b3a1a0461c5ab3a584330e2beb80df8663071f51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bc5580066537b13c24a6505d6e566a5
SHA1 448929865acfa4d3b3640ebfa9024756ba5b43a3
SHA256 12c5fa75e7a69672ce6e79a4292d84247c83790f2598a78538be2208819d9d66
SHA512 4c9d2a42b923c9d60241ce0ebeffcf6f82712c23279a756ae593cd7c60a8cd9492810a8fa2a5f9ee12bdc620bfbe2815dfaca86d5a8a931cb8b9edd9b307f05c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\08f293cb-1009-442f-b449-1932808fe9d4.tmp

MD5 51cec0f0d078e2ea50c1be306ae5b4cd
SHA1 5bc6d59d5293763a90f8b8625112969e80d055e2
SHA256 18e737084511c433fbf88249e4580acda37a3638a75f893c37832758ec173764
SHA512 66e74017582416063ff877ed2e4f0cbd5f567b6c6e870653a7b54fd2768f0a03877b71738ddd24d22abda46a00082fc558f8ef1035dbe5e07434686b7dda63b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0e2314f14a7bb9efe5ac27161734b59
SHA1 2aa9b602008d24f038ea9ac19ff484be8ab308b3
SHA256 514f8e749d409376266208be431c6b7236063b0bc615d16e44d66e593359d2d8
SHA512 0cca7fda526e21032ddada882e3f83a29cb714f0b3af3dbc710e1f24d0e77e70782c3cbe0955e217ef55d8a415767c0e10d74c4a054875b1d5ab02335705a138

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8888b70dd4a585ee5ad1fc9f67ece1eb
SHA1 23f7e00afe6686ef2f74931021d3585e4c011eee
SHA256 2a6495659f4b8aafc9b57db49eb93c27a0baddf24e6f3466e21dff03705cc034
SHA512 60245c6f0db6a0df0d48c81ff5b4f552adbc08ef6896a84b19795b79c565daaa5aefa1590810227eb157a4b5b6e5ed96fee046793e487c7c009c7f66cbb7cf2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e5da10496d3aabd441e40323685d8414
SHA1 a42797a02402f6224e3ca58785b83f97ff03652c
SHA256 ff40ea0f18049f0b26cb5f2e26e5d9a3669381bf78aab570108afafd6b3f4f29
SHA512 ec43c99e6209cb676bae3999089059b0fb84301386afb1747f6787c9a928f1a8751732dbce3c8eee63b0eb11bd2bb77c1efc779dd1223582110c7754b93e32b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56ba43a30ac96d7d4ecb389eefcd5d0e
SHA1 de1f4c31dd3c63327965dbc4aa0479560b6f39c4
SHA256 0d1fbfad366f41492db693ea8f4ee53d1534462e756b634109d78073e5375788
SHA512 67671e99b1d885397d572b9735131d80418255fe0b9f3d90f9966629486b764e2225701d412dd65f687734fb3a910cf5e924cdd08511559fdb52fc44446e2989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 11ee8b39ec035ca464624444ab69fea3
SHA1 a8b6682852b5442c7e9345df4d924561394486a7
SHA256 933ea9240fe919a0ccb6e1887ea5d13d23711fd1f5cff8b12ab454a369b9e24b
SHA512 1f0bfb94724117d1ab25d39799b5730165fce1a583faf0f1d46afa0f554ed59681763ca6db9902e1808bac51a6e247716dcef31bbdcf10e38c7be19bb0550192

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cdc39919637dfe81d8fb27b2fac6acf4
SHA1 69071882dbc1121df7e82dc228f3300435be8803
SHA256 7d2c3e92f015c38780fa95699a828530435f45eb3edc45f7b1b9710bb09f6b3d
SHA512 6cfa5860ce72d40d4df18236ffa76431bbe657247c2f72ec8831c8e1517c804b24cba5d5054cccfd78df240d398a8d762efcb89d6b0357ec2047ce1f209eaeee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f27cc5c4794a1d29792bf5ecbf65242e
SHA1 1df64d8fcd6d352a9502a7930d5358f762ac350d
SHA256 af608396437444262f77ce107b528d993a165b5856e2fb0035d131483436e20b
SHA512 7bfb0f3f96c17ebda982d3e460290905348bfc22aead2c5d904cf7b49fb37b352dcc569d44ca27f93202915f094105b2a8b6b5909d306486f9fe1fe43958fbd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2990b25d5eb3330b27163f592ae2d194
SHA1 e9e7885f4b375321f0ffb162fcd181ff025914d6
SHA256 7a895cf03af9f38092308693b42d25d763c87886c0acfe86cd8b889424706ddc
SHA512 86ddf44791cd7a93aee1c3d7966eda2c780dd8d42f0007077feb2f359205d9c1687c8ff193decbb79066a73d6d6745c68bf30a1bf24c024d1b6266cf9b0643ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cbe9985b92f8a4faef60c9b266fb9629
SHA1 51529863a3a695c77a2fac90ca66308b1f00729a
SHA256 fa61e6c6661a8ebae8a74fc7ac68065dc3a6e307a4e1498d3e11bfc536c66790
SHA512 6fddb695503b6fea69e60c2e7e4cc19724545e45a8f27f5b8f26a6a6aaf7310e5691f12655ac117cde7a3dff5800e69ce1afb26364ce4a6c8e32615ddc0d60d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d21fd611488e3abd9ad15b2973b89e81
SHA1 2e42d87fcca3e6a51827716d571d32781fd68f36
SHA256 f28eff197e431c5790462f17f195cf7909cbff4b8dba161bae18618888dfdda2
SHA512 5f837a2b18c25aa32c7c1ac466f7c64aef45180b10f4dd0d52376d3f797e827da38e4b8799d2f5316df3161cff766efab5820839ba9df3dc82d3de30b4025357

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a061ca5a29f39309690312a643606f4
SHA1 fa78bcc36b87a9ed2ea75dc0240341b3ecbc1d84
SHA256 5349340e7c7db4a37e1c78db9331bba3a8f3fc194b3ce79218202e5749c5d481
SHA512 b8e01eff7231430390462b2b1acb4953b0c9a63a00dac4ea7b2cc96c80a8517d3a25300d3bd8f9b973f710b6195398d245b0ab63da4f063fb61227dae24418ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b8ef436675c330f5c9ade2e8c8504d9
SHA1 46f991f5644acf99ff1e194c8d1806995d06890f
SHA256 d2f46bcced1ad6312c8482a1b1bb9c3f121fdb400f7cca0a714b0b55a53211f5
SHA512 3215f3cdcd1dafafea57b7cca9c44255ac2438eb311bdb74877fe1af41124adce447ac41f453c695beded477b40793d8f3695692a71a875ac109c7ac11900094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39e2078f5f109fcc87775feac193ebb4
SHA1 5e13c53f454307587b99046306c68637a5a1759f
SHA256 9a218d557a31dff0a6ac35999c22177bbc765148c35635b475ffd8553597f906
SHA512 3a5b86c5b7bc604f3d7332ae6b503ce83e5cd563aca7c327d2c306a5dc631382b93059c59968340f7149c46521dc0eff46e9bd979cdc1af35e625e63166ae0cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 39bee85a4036d10abc1a9c3a89f2eeb3
SHA1 a9a8ad438b5fd2c39d9de57a8d8ed572e410af2a
SHA256 8c017eea92a6bd5c4ca74fc6d8b4de5cf602ce04cacb699c775acbf1522e93b9
SHA512 cb54a5c0851eb2f6491b21926f46799af40b8a898bba624ca8e29cc1b93db6339b0a5a4a1e37af498dcf4996d2572c2423da4a9520fafe775108c0f0762d272a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7dd11389593d8c0773c7361f7fb3911
SHA1 56239d8f870cb0cbf2c436a75e22fabfacbec65e
SHA256 e51040575a46b7c4536d39aa413091d69bbe12a7bcc946c882e1106646386089
SHA512 dcbb7e142301a9ce5f10c9ea480c20a08a102083d18e2597c2467d252f4ea501fb77eba0a7da6d7548b0aaaca662ccaa14850e8a7ee48ed59dcfeb5216c865d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\53213835f198b99c_0

MD5 459793fc67dd7a3ef16e06276f9034d6
SHA1 ab701aea1590505a58d59bb353b0981b888799cd
SHA256 e13917fc4a2ec49c8811d2a4eb9be38dbc9b16b83e9c1198430589c3472a7f8f
SHA512 ad910a23341b5e95c25b6d61b5b9dd17fddee45bf64139578c8112dafde9169e9b48487e16b6ceb86764b9d4c3099d06f25bb64eedcbaffa505b31e5a546d402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e90f3de079e4d23f_0

MD5 abab3c0e67593a3fcfe6eba8f2f781f9
SHA1 61b96d975eecd93fe429f96d9f12b6cf53162c53
SHA256 6bf4b241704561f839d27351a4311247d7f62d71f805b4e94035489e5b3950e4
SHA512 d237dbb5bb778c198a57ff8da7c91f557592c1fa2bbc397cc0ea11621a2ff9511f69d9159490ca156477f0811dbdcdd32314b6bb994d7a87568219010217fd37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2299b5f5b587bac5_0

MD5 a4f9c8a39f151e23c85a10d56543e6d4
SHA1 c3acf7842f372c69f52b78138c04ba108e27a030
SHA256 7b0ec281427883ec67c90dd0021324183145092a03b1fd296e5e1888da6965d0
SHA512 5d5fbfe1a88a57b7bb4ea147857870216ffb1dceeade56b45913e663f40ac8c53bdcab3d8e9d09b801101519e7e6cbbd6e081652bf3df166209226f51dd74bfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

MD5 c2163b09261b1586449b29e07d1a2bcd
SHA1 fe13b23e18fe86b59f76b72c0941746a561446c6
SHA256 884f846e2d0ce59be089b7db15bae3620a101edc970676cb3594294d4e28dc8d
SHA512 b827cb158cfe23e6d7be57ad71ff8cfdab5027343eb83732cb6c49781277b1a9b7f457fc8efcad0d984dba74eebbb2cb5802c1fd8beb2c415a85e47931f3b7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65de09fc92761b617f654f255dc87b8e
SHA1 aa2a29314331d62e0c0ca43076ee085d5ce4ee7e
SHA256 d0b53d1d1d2476bea917749ce9c4441e15d3d95cb7547d0462554cf9478a85f8
SHA512 e6b3ed2776a7992ffc10a372e2dfa23eb90235fb40f2e32e937640f02d5599edde189e0603af8638fc1035871aee55fd6f5a4b8774bc88bbe52c18844b391309

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64bc79fb7197b7dd83009565fa547372
SHA1 30cd8c09587fe920cc82ff9c24f3012e18480cf8
SHA256 38cbf3a4544a691d8c233c4dc9b26ced9b954bc09dd7c2f1ec50e615f3cd9b76
SHA512 7e54a62dd31c230c17e480fcb4f7ef1fa642731b467ebca23d2a38d508a00173a28413d21df90b74b13283fac3508f99f69a4b2d9c321853fcec71bed808a52c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fda9c2ef82a509f9fb7fa62d1b7e74d
SHA1 010c2cbc371e46f5338ae2c4ac860e839dadc71b
SHA256 1d9ef2c5ed2417d03f76c85df4b097cc66e02c47670df58bcfb3e0602053ccc0
SHA512 b35733e58eb8e3938f95141840b8f7b033f8e869a1433753ba0c81a5e4ea247524ef191731cdc8a5dc414eb514473d56345fbaa95c6b1d9777c15b13bc4a1a88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1130c12ed7759d56df15be165b8c1ff9
SHA1 2f18430c202f00904e3da6d84052a3d14168a93b
SHA256 b8d6272b261266a766a02ccc0046723909971e13ea942f77a18912b305b36a67
SHA512 7582d2df44fd651ba52e83f6fb24b975f4da59d7ee5cd69c33053ba8db798311cb28d8f33ea81568760da86db0d2b08c1cdb5664c8f9e3b4fcf2f90835f402f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e316fb3398385e9c9d21d1369e8a38d
SHA1 29490d761901aa55ad82217d98babec73eed3861
SHA256 522725e40b79fe8f355ab9cc225530b7667e3199ed0d8bfb22db197c43e9b2d3
SHA512 77e9ce4ef3a57a7f4a1541a6f842bf42c73577685c0c60f367e2782693c79fb33f70c50ec0c77b523480c5a5ff5d7309202d0fe97a7807f4c6ccd24c5e2fbb11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b95b794861a3e25a1072021395700e3e
SHA1 df94191de25d94d3966920950798fb9dac22eaad
SHA256 c40abf32e034750cb321039ac0b69e4b6bce609977b2a7eec8f45114b67b1c7d
SHA512 f6aa67f609e89a51855e8c2440f2797c387db1a5e24d1cff7b838c668b1f15c8f579825e391b8859d4cbbe392dc3d609f6a4586ddd37330e37c3b4ddeef9570d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2249c6f7469a340f7e1f1db20ae35f28
SHA1 37bb51742b33a2ec11ab31dbf9431d980f235cf0
SHA256 cb318473ccc3020202b20a73659f3b99cd64225e4a7256824a60e16843a7e5a1
SHA512 f1ebfa4af09ab4b83446e09ba9bcdb071597e4f7d6a1a53531983ea7354653b2240504312a86994cf4173ac01654636b2a1e4155b55d6f9919de45f183992283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84f19ae1393ba3c8814e32706e0f5791
SHA1 f3a11b76bf4a29054a950b6965da858481895a10
SHA256 a7db9c36d6dc9dc61d1f2fea2565803643bf61a5f3edde3441539b0643c7f15f
SHA512 ef86dff1b9f123fb1296749bd7241210f1243b689cf544044a5657f34b7243dfe6230754db18460bb374d7049a1b657bf6aaed8b490804349b154070786651e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

MD5 672459215c78c87c86cfe4af0efe598f
SHA1 cad4b454aa573f8c199cd63f3eb8b8f9c25f03c3
SHA256 d17075e32e425f00b58b4d38c3b733019d49990bca81e3a9fbe059460f30e6b8
SHA512 eb01a2d53bfb29e8925d9d96c02c245bda9a388c1a6f4415717711f9d0acc3942f9b6dd670b2f66ec5e23ba4a168a5ce1df47df204d690091817e61e86fa05ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 27842bf89611fa6a483fc249d26f7d7a
SHA1 9334f8cd6eda44f1a2ab7611d6f46d90722400f5
SHA256 79bff5b514c05f7099648e478ea61d609ea89132ec3b24ccad865b8b013625c5
SHA512 95b6087f4e7694e4399a32ec7048e17652161a9ad1260ff12b1a998b4008c427a3aed726d9f50ca73b1ffe3691daca26f6ea07463cebe6e663e3bf0738a1cb11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1a7738b802ac3b9b1c6855ed695b942b3e55613\faa6838c-3eae-44e4-ae95-509fef2c3917\index-dir\the-real-index~RFe639418.TMP

MD5 55555a0eff6d0452cd9f23c6fe9db83a
SHA1 08a670436484a630d732e02f4e00b9f9eaea0155
SHA256 35a1ebeaf22cf5ea6e798736fd1ee7fe0b6067fab2d356aa21fbfe9710a076a4
SHA512 dc38218f902e1d9f3c71778ec30ef66af664a279731eab02b3eeee4a79b7f3dec784cc6cec54ddccb2a0d66106c782848cdb7f9144fec6a249aaea75f101c3cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1a7738b802ac3b9b1c6855ed695b942b3e55613\faa6838c-3eae-44e4-ae95-509fef2c3917\index-dir\the-real-index

MD5 de1dd56cb7d281f852c75f9bcbeaa1f7
SHA1 57051281581dc54c05809a6dbb796c74818214ab
SHA256 3f7c3a66ad529f00ec5423420aed31ca814030b0c1867662be8fc9f913f84965
SHA512 df87e07a9c71745376735b787f04eed94c66cce5ccc6ecdf8fad2efebfe0d9fab9f317aea678dc7d3f26ca6ab0e25c71a1a6d1d8c1a43d3e531e27cfe9fc5bd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1a7738b802ac3b9b1c6855ed695b942b3e55613\index.txt

MD5 f322e839f332b0a1c312bdf204f1933c
SHA1 bdaccf09e07b6c240a0ea1f5d5ebd8a133fb53de
SHA256 ec46d554f9277431a600194cd8aa40512577c82776ec32141781b548c080e7f3
SHA512 0efba2a0493bf5860e89269eba1f7131283d93f769eaff7b403624685231e349c40f75d2a79ecf0d0a72d3ebfe718a53d8a060f87d74bd590a8818a80dfd0194

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1a7738b802ac3b9b1c6855ed695b942b3e55613\index.txt~RFe639437.TMP

MD5 e33974a64f0e4487d8556c7a13eccdbe
SHA1 c9c6a57fc3222f6e01f4d0b20dd77d687cfa6ea3
SHA256 d3136a2470d2f06b785f3c9baacd6c69bbb55367228e1562c4d6e57f2590803e
SHA512 2976111314f8528ce59bf463178b7ba66bdc4a2de6d98a941b8aaa3bb6c458afa75aa74854c4f735b3916954dceae90300b4386bdd4989371a13b85877049526

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b13ada489ddb65febcd75c565cf0983f
SHA1 6ca63dee43328788d2737e83dd85772cfeef40db
SHA256 32864ee34b4704baee4aebdd7fc9f425ea291d4ae0ff66b45f07908ec74ea385
SHA512 a4b0983096230811aa6585306a09dfecf14dde0f968f42b3e93572a326fbd91a9ae0522438d5d570117bef37783ae38df969d27fc440d7215e03d92b45067251

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 652a517c1ebcb2a558b544883cfbfbcb
SHA1 5dbb8bfa8f6b12a169e3cca154823a76e7e68451
SHA256 92c2a03a546babf0f72d895680007075e90bfcd8fc33195ca5798c5a352224c6
SHA512 cd289a09c36702039565aaf2adba8ebf7ee5f3dc2f559a5678d383e688a1722e52055c9bee791d24c4f252a729b861dc4d5fd953fc5923f49951384506f69305

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b98045da32b8973a532b2870cb0a2389
SHA1 080c43e19ddaeddca832c16e26f6dd3829dc9675
SHA256 e036237128883def521b0298976fcdebcbb087a6dff1d157e91e51b3d72fc666
SHA512 fb6edd6cebc356359060d2df5c9b78f5ccf37e489e9f2bc839461bc68b8249bdc625d10f9274c3a5f3c716154f19ebe4398ae712a0fb5d43c704850976a1363b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f3955a4ddc7194130b1ea6dc5ce7e19e
SHA1 effacc7cbaf0d156505a1e5f619a219b8fc7ab76
SHA256 ffe4f608a7e4c6d1dea9a3a84e733adb33f74c6f54cebf0894a9f9deece7fabf
SHA512 28dcb05a8677968e347e03f336a644d90eb4c732b37ab830d946c56ba5ddc4a159f85260869c2033e8503e8560c45174949ec43e899f7f46f18d68c3d7c88262

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 c049d736caae2540a7196498fcbf552a
SHA1 00455a5cea34650dfe563ea73db4e0da5b6a6d09
SHA256 2e9ee3fd58210f542389b8f811aca240f807872ff298d8e3ec3642c7e33c7f45
SHA512 e8235f69691989fff3fbbf13e052b16f8f211189db18ed9b7e6b5d1f4bc24e76a5f761d25cc6a098c1da9bb6ff3afdf576a6ada360a670811c7edac4fe0ab9cd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 227ecd28344ca5c67c73eb6eb4530f3e
SHA1 6e086ae3c737c14edab0b1d3e65d72567fd8e9fd
SHA256 5426595e19e836c52bc0c3896e853b4561f3312e8e7321368ca4ba950a484953
SHA512 e9f4c70359583b765ae1ce905b86fa6579b0dcfbcdb06612ac4fe719a763348fe05c8a01ee9ffd3f645f69024d84b08a2d540061641fb366e1269389c38f21e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08be86b2454a106e930a04f5081a99ad
SHA1 a0fc4b8de5f39c5196d76f2c0f3ac75f07b42ac3
SHA256 7f36a5392cb0fc0f4b09cede5c8183be4bf4152b6492da180a252292377fae53
SHA512 41b43c2651284ee330b801c44b8e463116849b7ad23c6b09d3cb108814341acf270b0ae38479d11f837152b66ad68bf1e29e18605a10d1dbc96d2dd40ae44c9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 57a0d56c7ccdb1667649e64f2301da4e
SHA1 2a061a28c6d63aedfae890ea2edf0ff304f8c64d
SHA256 b1b5ac08e9adcaf50c881d85678edda53da3f83f63531b7cbee466122410bf45
SHA512 48ad3fffd232cf22f0b08e3b4a56a2affcb6455d4ba6f49365b32011e3637fb8231f847155c6a4c32c2da6d3daab4ebc53d89cceb8956e89d8b96c672ec7a56c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93d0161f1dc225244391af501f912805
SHA1 de735df8fa008913b60240cae9ec7b45f4810be0
SHA256 d7e7fa0e9f1773e5557405965bfa5ff1a5a1e56a32f1807274a4a1b79a527be5
SHA512 b1cc777633f781287f78ecfb92c8b80cca3f7e22ce95aacfd432798943cc15fc512a89c37136da97dd3cdc176da5280ec8ab21ca7eeb3f0dccbcd38e41db4018

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 a10f1e38521c4bcc715a7a1601316181
SHA1 9974d0df126cb0ac3ce0f8ad929d826693a9d68f
SHA256 72c55614594e5f5fdea3c803dedad43b05f8953eab57cf0a69f5bc1af10a9c1e
SHA512 49a0b93e9ea785d76a4436c5c592f84cb436f04ef2e7cbff95b4795980b0c79dabb9ac061d251a51b5281dedb33aaa088c0a54644ef83a4ed42da77a1b9d4184

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24edfbc30cc1225337378a98590fa08c
SHA1 9ca3d0f8e471e24c1ee3710cd138045328971d19
SHA256 e251d76fba63d172e57fc0d7b67f62cbcc8feb06f0de3a68ed068a696bcde6ff
SHA512 f314b9f92f2ba1c2547bf101568984c14fdc2c9e1ef05c093b4b6e56bb1bb62d93163474dce799fad56fbf14890028324e0d7ff61199b10cbb2a251a2d2a4c79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c63b12bd810a05367fbbd7dbd9031de
SHA1 7b43e53d6574d20f3fa5f1a226f3571fe93080e9
SHA256 0c983969fc27c8ef1cde818f90cbf118894552736bf53d05ac6dd9a954c33bac
SHA512 faa86cb225042da9102303962f6c47c4cfad2a047928c12706414309999a13c4ed9aaa0a9c35aca978cd22bfa0540e78fa0b19f188e6da179085dc40d3b0ff27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5292990d2cb22ae9182e099a83d15776
SHA1 c21c02e942112e0d9b8cce12241bfbe8c0286f05
SHA256 e40dd1c6e33f847441f789378e7fe4140c25e9cbf1eafa77e1bb4acaa7681532
SHA512 517fdf03eddee8c0177eac2efe6cc3ef9ccdd1cfec613d6e591f45d6bc116b5ff0d5f78f6937236d811339d1a04a2a953f95a623785ead46349d7a3e6a6fce07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20e22370be95ec5181b9979faa4e7e88
SHA1 814f5fdfcbb4b9d951f7bc0f42c2e86b2f25cd53
SHA256 9772744c62d6e74e087a02959fb7281a4aae16bb95e379107fc106d557c1230a
SHA512 fb92da3cd6354599ba86fc2a40cb728a179c081033fe0ac62b23a331e493d6468f12a80944ad6cf0ab2f5ec1a7e6ff08a08efe2f0c16c3b31d4b2c372b53067c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d167bf4f77a28ba509cf09fd9d7a1067
SHA1 c547a2c75d724f910837eeb7640d0a658400863e
SHA256 4b3ef59fd87ed44f1228fe2ba15545a6d05de5881b2f387003e809a397586bed
SHA512 edd6353890f762a95c2b376d6e3defec751f4f1fa8966dda26e593168a5c82a2bb1e1009ba146d20506f713704feb61ccfcd6ef6469905c433736f59ec22959f