Malware Analysis Report

2025-03-15 06:49

Sample ID 250112-qqmtbawphp
Target skibiditoilet.exe
SHA256 7013e54e6ea0cc2a6b3d3e4e043761692641e53cc630a907e859b50283350f7e
Tags
rat orcus discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7013e54e6ea0cc2a6b3d3e4e043761692641e53cc630a907e859b50283350f7e

Threat Level: Known bad

The file skibiditoilet.exe was found to be: Known bad.

Malicious Activity Summary

rat orcus discovery spyware stealer

Orcus family

Orcus

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-12 13:28

Signatures

Orcus family

orcus

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-12 13:28

Reported

2025-01-12 13:33

Platform

win7-20240903-en

Max time kernel

99s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe"

Signatures

Orcus

rat spyware stealer orcus

Orcus family

orcus

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1868 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe
PID 1868 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe
PID 1868 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe
PID 1868 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe
PID 2736 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe

"C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6009758,0x7fef6009768,0x7fef6009778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2812 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3488 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1048 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2248 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2976 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1356,i,4127228817637685131,14572945284264452524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6009758,0x7fef6009768,0x7fef6009778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2224 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3824 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2748 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1056 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3952 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3836 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4032 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\gay.rar

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\gay.rar

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\gay.rar"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4392 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4356 --field-trial-handle=1372,i,3253203436057187405,11211328226215304023,131072 /prefetch:1

Network

Country Destination Domain Proto
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
N/A 224.0.0.251:5353 udp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
GB 2.18.190.70:443 static.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.83.98:80 crt.rootg2.amazontrust.com tcp
NL 18.239.83.86:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
NL 13.227.219.127:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
N/A 172.30.208.1:1234 tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com udp
US 8.8.8.8:53 cdn.prod.website-files.com udp
US 8.8.8.8:53 cdn.localizeapi.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.22.21.64:443 cdn.localizeapi.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
NL 108.156.61.73:443 d3e54v103j8qbb.cloudfront.net tcp
US 104.18.161.117:443 cdn.prod.website-files.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com udp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.136.234:443 remote-auth-gateway.discord.gg tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 162.159.138.232:443 discord.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
BE 74.125.206.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.230.21:443 js.hcaptcha.com tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.229.21:443 api2.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
BE 74.125.206.94:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com udp
US 8.8.8.8:53 e2c79.gcp.gvt2.com udp
IN 34.0.0.42:443 e2c79.gcp.gvt2.com tcp
IN 34.0.0.42:443 e2c79.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
NL 142.250.179.163:443 beacons.gvt2.com tcp
NL 142.250.179.163:443 beacons.gvt2.com tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.130.234:443 gateway.discord.gg tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 status.discord.com udp
US 162.159.128.233:443 status.discord.com tcp
US 162.159.128.233:443 status.discord.com tcp
US 162.159.128.233:443 status.discord.com tcp
US 162.159.128.233:443 status.discord.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.24:443 api.spotify.com tcp
US 162.159.133.233:443 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 dealer.spotify.com udp
US 35.186.224.45:443 dealer.spotify.com tcp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.130.232:443 media.discordapp.net tcp
US 35.186.224.24:443 api.spotify.com tcp
US 35.186.224.24:443 api.spotify.com tcp
US 35.186.224.24:443 api.spotify.com tcp
N/A 172.30.208.1:1234 tcp
US 162.159.130.232:443 media.discordapp.net udp
US 35.186.224.24:443 api.spotify.com tcp
US 35.186.224.24:443 api.spotify.com tcp
BE 74.125.206.94:443 beacons.gcp.gvt2.com udp
BE 74.125.206.94:443 beacons.gcp.gvt2.com udp
N/A 172.30.208.1:1234 tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 images-ext-1.discordapp.net udp
US 162.159.134.232:443 images-ext-1.discordapp.net tcp
US 162.159.134.232:443 images-ext-1.discordapp.net tcp
BE 74.125.206.94:443 beacons.gcp.gvt2.com udp
GB 142.250.187.196:443 www.google.com udp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 162.159.133.233:443 cdn.discordapp.com udp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
BE 74.125.206.94:443 beacons.gcp.gvt2.com udp
N/A 172.30.208.1:1234 tcp
GB 142.250.187.196:443 www.google.com udp

Files

memory/1868-0-0x00000000747E1000-0x00000000747E2000-memory.dmp

memory/1868-1-0x00000000747E0000-0x0000000074D8B000-memory.dmp

memory/1868-2-0x00000000747E0000-0x0000000074D8B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe

MD5 b44e34f9dbfc72cc87b0904c94ab4160
SHA1 6511a3fbc77523fd489e09ec7dcd51eb421fd1eb
SHA256 7013e54e6ea0cc2a6b3d3e4e043761692641e53cc630a907e859b50283350f7e
SHA512 7d527fab4549cf4dcd25e301ab97fea66a6e5bc4e135e43d747ecdde7eb915fe7814c56211e49d8966e970fd4838386cbe771a2e89ca1d4acbcb4c65a95d20dd

memory/1868-11-0x00000000747E0000-0x0000000074D8B000-memory.dmp

memory/2792-14-0x00000000747E0000-0x0000000074D8B000-memory.dmp

memory/2792-13-0x00000000747E0000-0x0000000074D8B000-memory.dmp

memory/2792-12-0x00000000747E0000-0x0000000074D8B000-memory.dmp

memory/2792-15-0x00000000747E0000-0x0000000074D8B000-memory.dmp

memory/2792-16-0x00000000747E0000-0x0000000074D8B000-memory.dmp

\??\pipe\crashpad_2736_CMTPKFDSZNLSJBPA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a923f48acb130b656b6f0880c645a38
SHA1 8eb7303659dfa3fd236f55776446dd9b14a60828
SHA256 a3d5ff316bdebc92bbd270bfe19307448ed6cc66e021055fcce506c4d44cd737
SHA512 ba29a655902b2c3262785a30e35e4f6e330eb3a2c0b51669c3769481cbb452c223ad53878be3f9dfaba6d349b1700ee261123071a668cd18a9027fdc73b83b01

C:\Users\Admin\AppData\Local\Temp\Cab2177.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar218A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a261b55a910a6a9f3999382019c6596
SHA1 a916352f9dbd9835b27804b5d867b0bece97dac0
SHA256 a17dc217709f8d2555cfb8f77cd0d2c937d80a6886284c0c6f010ff25e27c033
SHA512 e33135a30643f5df4d17c6e3b42ccbc8d7852fbfde1098931cdfbb1c5042e2c20148228796928f225df81f8f73a9ed3d58976b3f1936e0ea82ffa2a38cd916ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d318715f50f547d3817e99bd108520
SHA1 4e31b88cd871e06d83ac686ece3332af8503c991
SHA256 5bf98e2ef484ead1af25b2e52582873afcee0155a69a16827bb0d1901f8e3f0e
SHA512 c60b681224e15ca98e011005f15e8a728181ef8ac24cdb35c9d16abc179e353f95aa0d99d0ee8470862becfd5a87e92e981db1442c9c5986edc9c6615dd864e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0436285efb73d39b0384ee6f1627ea7
SHA1 e827bfb30dc1bb35908a9467599d3e9c37bafc28
SHA256 3b4ae7c364487160c3fdd6cca54420d98622bb59145352ba34c249d483fce6aa
SHA512 4f489e12f5e12c1ae4a036b1fe9e4b63a8158550a7576993c42b961305a67034af0e6bb79d98a747a97aa0eb1e906dc22e33994f53da454e3b3590293f8f6f08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 ee55b36acc6e22bdca062e8c6957c974
SHA1 e5f03a9749e7a18073fff74487a658f98c7be659
SHA256 de6e4c46b03afa9efd7ee0b51a869772f2fd742cb38083a1859226c6662924db
SHA512 cc6073b3c8c04b14775e15374b46c8d5450ae2404ed601a63db53fbd90f5149ee675e9f54eebd702ae0ac7610cdbc379b0bc4f6edb95694b4a1994334c82d191

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab37e167c177dda077c1e9c245e496da
SHA1 a852e9a6433c7563c450c10b664d6d2765f05b1f
SHA256 2cae877167d11178378309d1066533367880cb8f47a1a498df0e0e0eb928738e
SHA512 19ef6f1ea550ee4fe4ce5526e746bc75d46624c63d4959c00372a271b4c823e0b27af37409109c5a2a3c981eebd8c6f1fb65126656bae2a6f139a0b896ef1167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da958e585e53da090a3b1fef5cdf3892
SHA1 493c9f6c910ef274b28caaafff1011b68a450a37
SHA256 6fe3b6416dc47b24c9144008850c3eee47a31c7dbe09a644d30c0e7e0d4607d1
SHA512 77b893ecaba1315d47ab930ee0fef3bb1e20af717a848365ff6318c6f7bcb2615357048cc37d6e4963dfe0fadd55031455d1a2eca67e2939cedeccc548a241e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00440d972a0620e67f108afe6c3db08b
SHA1 615fbfdc40b45085f38152a2b0b599ad2a56128e
SHA256 ab3a15d2b5470f80910aa5e77bd341f731477501b39d16b953f45acb69910421
SHA512 4e40d73009787fa34768fc23c7f72bb88b354fa3bdcccdd04a872c24de1d58ec1d941b672388a0d4e2db4c448df05b2ce1ce998b8f692d50fdf04d9f86f2f702

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c18afe67345a5a8c1c4671c976b04e5
SHA1 abe9d506f98c1fd856014058866d16bd6afb68c9
SHA256 24b8717e85c202e9dc30a27d6d073dc3af6efcbb85c71b8ceed1966a117ddf30
SHA512 5d9729688a5fd32f49961d47b85df89ecafb2306a1d1cfecb5aad60f2605fa7d97c79d62ac581d566a312b63d02919baa5619218f51c981b3b975bcba1237829

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5d00d687dfb22086446b626e43c8e8ef
SHA1 f6f0cca78ac5efa7196f5100984fa9f1e7f31b86
SHA256 3e8211bf9ad26b8a66bd4d91267ff6c46572c948c5d317d00daf47cfdf37dd3f
SHA512 66e81d5e5ee2094083c6ba5c9d727b6199fd6682edd8879e94b8325fc940b22360bb5568fd7285be28f2b79b4c393eb79954c76a6207aac909f2c44f00add29b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5f91309c-31a4-4f66-996f-2d2b4cdf42c9.tmp

MD5 23e5ee7a026e30cff9977cf4ba15bafd
SHA1 ba451fe6a32af93aa63dc139efb8ea84eb0a1104
SHA256 62ffa0bc9143f14d845d0f6f45546a32baa8adb095a267b6464823f17ccd26f7
SHA512 874da420902a3460e91a0aefdfab5363e391a165b67b62fbd415a63a27b72c06941f73e8ec82f49f53efddcb6473393afaea6fcd0add4be0d5ddd4e740989b69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3fd1071a0ad6cf9f9753b873a6cd1bf8
SHA1 8580b82745ba86abb6f5e1aaacea8303c2ab139d
SHA256 08fa21e5a8fec3e8661c8ad19e2ffac822b44edf92c885e14a4222dc3009b836
SHA512 df486d9fdedf951d19e84df038350d3db60d433dd637287a1389810c81cb55a14c3577b949f9a6bb2f68d516f8678c429d44d2aebd4795758ca4cd33fc04cb6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc6cacdbad5294b7a9540f546a527257
SHA1 52e1c8b6aa84e2a2cb632c15539a150f2676deb8
SHA256 a2412fa955d7809855b95192c4a915099219ab76b2242158de132f9d9306b380
SHA512 ae15b8853db07db79be80f856dd62245d1970496150e9ec2efb4c373666a44c5f4cd46071107701a6c3e8b4aa29ff7a7f857b2cdf732fdcc2ab0edfa52bd9fa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c71a70ef46590ef0016a755286ca78ea
SHA1 f333ef55abb71212507b4796cb0e39940dd9280f
SHA256 36315c353e2802a76481df39dfd6b80bdc993f3db521aef716a1f927990decf3
SHA512 333e0c4300fd0baf59072bbf7c363c62e11d7b2351ec9e84125dec4c1047dd29bedaf99fd1c3bcc3fa43353a51f2b006030829b8c5615a7b29ffb9ed3a903295

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 e1079a674939e1dbe7d0d5c24a6052eb
SHA1 c30ce987931a051ffeb6873056fe4b5c7adf6ecb
SHA256 f6831292e6d38e4263c874d5d1ff6a2900cb86703221aba7828405ad28d6f7ff
SHA512 1bb7736ebe7e4bc86a8279ab6bc9bc6ce8d714f009a75cb0443b1cfe23fde862ccb78ceb6b4be7bc1311e435698c79a1bbcfab4c96795a5ca8f32cab20525795

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 d102aa5f34ec729306fbab7a3abb1e93
SHA1 007a7781602a713ce393b8555f5508494cd27224
SHA256 cdcafbe1dc8a5b59ec1e85be4fb5b374fa4a6e5976f5d5dfa3bd64aaed968ef6
SHA512 012bb8728982106adb68500645ae83182e7195ed55076057fc05d214b960fb07952975690328a9bed9eac5e2a9ec86109ba0635730c5361c55d879024f459b5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 c5ffb48f0e28e37e3d5403eb3530494a
SHA1 fdae545164f35781b7402aaff6a62413b61470cb
SHA256 68a0c48aacbeaebe6956628cf027851a1499c8801e4702e2e0f58ae4bc7e21c5
SHA512 d15e9121bcc9989f5d7e4528efe713c9d1a3a3dc3446ec99abc28980a7e187edc3d09fadc34f12b53893e8a144c18f3171cbd0a07e3d140ab5c5c50b44ee4066

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 c24d62bb005a338802555d0e2e694934
SHA1 a8729f88759613085925dc7407e5f8c278cee12b
SHA256 0784e00fde0acf4230a18fca1f11affbf54445db8941ac6353dff0ea5bac9304
SHA512 0d9d3bf223ea22346aab00c9c7a91c64c3b72d010c7abd09e2fa14017ac2adcbce662f9e0300e14077d06934e1a7f13854442c5aaeda4f31949e2ec430489ac9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9313fe1ce46b2330bb80ab98c330d97f
SHA1 607a2942ec2a129ffa1bd8030af778ee1a959225
SHA256 fef0c49fda10c14b2d00064b142e3cdd3e69461e328962a1c109402826fdfb96
SHA512 28eb3bf2678aea181617c0dbb7d1b838a3367d72fbbfea61ae79b3a8601dfd447c0ee8f2006461d64ae8eaf869a4da8eb3c6753c16cc8f274bddf6ee934ba18b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13381162175472400

MD5 38b36f11fc8669624cb5f398f37b6bd2
SHA1 67f409ee0fc2ea5feae702bf42c041f9ade74bc7
SHA256 22c23bc730a319b5f9ea36f686c621c60f2de69fad4297ca1f907f9cc5db9ec6
SHA512 7a949422175f59134676023d26ba9178a6738b5026c74556bc253e5c17eb18e19f7937d4a113a449639238530265bb934a30d85af3919196696a7f66dff046a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

MD5 8d3d4c18ccec2da45bf73ce15e4f1d68
SHA1 de75e27953171df3d58d599024f36be676a891c6
SHA256 c95df684def85f840f3809cb4e677293f079972f94a9d1d26e78ae05437e3e85
SHA512 d4157afd81ee4cc1482f2d9551010b9527b795c37954133b61302490d20c5aee865d9d47981a46f939b352a22ffa6d3c870233c69e5d5663a03e1a529aaa9d33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

MD5 22b937965712bdbc90f3c4e5cd2a8950
SHA1 25a5df32156e12134996410c5f7d9e59b1d6c155
SHA256 cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb
SHA512 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 756cc2d5b2eeff3ca8fb33f14f8022a3
SHA1 52fdfe1be08c5498cc4f2f842d82011cf292769c
SHA256 af610e231432110bdb9fd0f762f52dfc275268218cda9d3827638b9de8c3e446
SHA512 9c2d5554f923f7b3efe99122cab759934ea23a2520abcce2583f17ae95afc655c74b5b3ad28e201615b823ba69b79945b737b06d95f60a24e2a45ec6f890e77d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

MD5 a5e768d65740d28c366c4c0609fd719e
SHA1 8d255d9ad8d9e00af8d4bd94efae5540aede4d7c
SHA256 f5a88cad1c1c6bda8ae4a939d982a3f69417d14b5917d144fd1c679de0abcdfa
SHA512 226c8fdd9c1f7d4637745f83aa4cce0cf835b4b7bff1fc057230817aa7447677c13b0c1bd78e179a3ab0114a4d2caea21e9efc72a4890f3fd85108c363158c45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

MD5 f3e5497105538916a4a27e319681c079
SHA1 1b92c17f1ba7e66ea9058eebfb21dba1acd840fc
SHA256 697b7d0935fef557c883d53fc8cecb0567c652b495e645d609180b06a43ae9da
SHA512 c9aa65f6f740f04bf8e60a04da403bd5e8fe7f3c219444d94ae0afa17c8fb7f3d742a9ea3fa69e538616d4610b151b3cd9cf0dbc568cedaa1c42736ef796c0ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 6a02ec5653f6034ef90cda45b209a44e
SHA1 e082f5fa420d466c5a85b5e4d2a44d8f405a3e15
SHA256 e7cba6b0060f3e48a5dee8affe66b0bef529ca99a3e1d342823da5316845bbe3
SHA512 235cb5bcda305e207969dc95b8de96031711ced99d75c035a1b60911239a6fa8013f84b80e99f55fe0d3e348053ac1999f1f1737dba0d49646750930e0f193ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 03469bd3567c9ca383645448d54ae547
SHA1 5febc701524ad3e4a846282fe1e023131f39e786
SHA256 d5bc85779f6055d581d1f1cf31d059872a5085ad049d6d74dd27bbe6292010cc
SHA512 c6ddf9ba078c1fcbe7a3efd7f3f2f2cff5b8ffbf0db9a147c70519a3e5b1c44bf5ae2a1d930c01a26ea6eaa6ab5edf36cd84490fea7e55611f619dc8cbd9d6b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

MD5 4fac5b95302f6486c6d021d60cb9eea6
SHA1 b185547faa2a7ae8ce2e75735ba82d30961ff52f
SHA256 0324c10b79287d263c1a4fd05ee4de0255d33747ed19dffb9e6936ba3d8b4388
SHA512 6a05ffcd441e3d6e51f4c5c11470a445c44e1a0e7e6dbd88815a91cfd72fa63862cc78378853e61e4834dbe966c9135d48cf0db7a94ed734880c37dfee312f2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 134c36a0f0bc1787d09e673716855c03
SHA1 7656c34e958f511575db6cf8dde75378fadb8d46
SHA256 18b4852cda4102037b2c33350727f5cc81f73218ce4d2b8894bf6d141454a534
SHA512 8c4e05a73d4cb6d16f1e07f4e9c67b9e49251c1971076bb85eb513ecbe9ab40e4a07e13c86bdde0b3867ca77948d0c5778a90d9226cb18c440d76f1dcd499dee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb784225fcc190b8402293a68b266d83
SHA1 f1ba163f298670732d194071d0a04e04ca3f2b1b
SHA256 8c6529c7aa4db1f8b7334b45e15f3ea535f186dec59b78628637d78f931b9765
SHA512 c8e5e8b1537cb8170d2c0167365ad1c28ac020193e62cff22879b83b75fc5fe3306e89be061bfd39eee32fe6e4f7b552d9b5815a29da16925d9cfed86309f909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.log

MD5 c2c3de451cf848a4bead720ee6e1c9d0
SHA1 ffa8a1c66149e860685f71e0e8c44825eb412b5e
SHA256 a6625bfef9d3a8c516b2301288eae66d5560cfd52009c00c738d53a7c3d88b02
SHA512 d9547d5dd1dc10c400e879a570e0c65b484ea58f6beecb5b631f282cbe54473bf94713dc981e9a693195a1cffeb7f37636b76e97ca9b0f7a2ec15b2e097c19e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

MD5 78c55e45e9d1dc2e44283cf45c66728a
SHA1 88e234d9f7a513c4806845ce5c07e0016cf13352
SHA256 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec
SHA512 f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 1e6a26ed2aec8786b23b636e554e6c12
SHA1 a6c795600fd7e7d59afb73b8e6d9c5314dee6de4
SHA256 88121c0dfe75eac3541deedf3aacf31cfe91ffee67e45f0ced8c2aeb344c0330
SHA512 5748ffd7ebbc59d256d1ac6b466422e75da41b35680e5f6cb58b4d76149679ba04527e8eae5208c1fff848dee2e4c446efeb13777765b2db9ac5dacf8829e4a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

MD5 1be22f40a06c4e7348f4e7eaf40634a9
SHA1 8205ec74cd32ef63b1cc274181a74b95eedf86df
SHA256 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691
SHA512 b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

MD5 aa02e96ee6d15c9e8104dacbc28fc5db
SHA1 888714c197c1703d8b7be58e3f1d28f4d881eced
SHA256 f6cb8ef55da3e2301adaf103897292b984a7f021b2dfc50e7519e7bb2cfb28d4
SHA512 cee97abb3f7e0643b8c874ea0f0984c76a0be97aba85cd52c60447a6bb3e0b50b84db55e723a34058a1ff4ad8d10409f1e943ac97be937574133a6b164ecd871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 1acb58bf9ecf4c27ad09512144a424cb
SHA1 017966d3ca10b3ec148a98cc3f722e3243949297
SHA256 5a598ec6060f4b9a329427d28ee4d6e822aa96cc6b35f9a3ffb34d8b72aefcb2
SHA512 dc96f517991b241ba8f65c965a097d5c418bf950a270e1744c884e0454d8ae4e07a1c0ef915bbdd8f2ac8837bd2c2c81616c973d985bb124ba46c008a470fb3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

MD5 b95c4ac768f4607adf59c8abb079fb3b
SHA1 9d21ffe884ffaa5afebfb65c91fad4d742ef19ed
SHA256 a83a8b7c888fda7dc35d0fe1447e8e00e501a93453a2d7d027d58916d577f3f9
SHA512 7250a54b447249e870fb3bdff7309ea12ce70b0476d117b03bae181dede3b3d4c0add35fa69571ce8d79b2a65424a58f4ca84d14db65b238f76d365525e9a4a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

MD5 cce6d9e0a2fca760e3a7904fca2fa80b
SHA1 b637051510893c6688ef301bd59532f3255b3a01
SHA256 7833d6eb2a94306bd3d04cf593243cda062e5deb67528a767a43f42d8a12e159
SHA512 17740ac23a35c466429bd338214cff75d51321a95eac7785e3ff2b5597a1d6cc01a52bdfbd4143b0510affd86b4a892a6f0d337d057ee464d788abd8a4b7b2f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 09541e30335ad387cf19b397e1693383
SHA1 b6cd290e8065be342e310e6caf21575df1c425ee
SHA256 da69e0d2a5a2bc7607af4f47477de8657b9c9aa7e3afbbe990393574c90b0aef
SHA512 d4e15a5d35a748db22ab75398eeb154a11a42c3629513303eaab6379f02da562e8c11ff28a312267275d500d01126ff8c738850bb5947bc4b5a867a7d771ba02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

MD5 fe62c64b5b3d092170445d5f5230524e
SHA1 0e27b930da78fce26933c18129430816827b66d3
SHA256 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4
SHA512 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

MD5 d5842b6fb90a67708c353f0f3a33be85
SHA1 48a9e06c9bcf2791ac6376622d6dea179689255e
SHA256 c63523f14d423eee3b43947283056d5219edd0c63318007b1b876e24ab101d03
SHA512 1a5f288211bfdceedc802fe9de9cda4596d3db06222a742600a67262671f5084feb4ac797d39a10c02854590f680d47df39cd81bd41312a0807db597beabbaec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 7b954af65f7e5b4bd02ac37ac907a2a9
SHA1 8ee568717ad68ff3612f1199ddfef0e7530e40c9
SHA256 f8fe8b4e20966baddcc661082fced58d11283dad2de9e11bd1d2a351c5eb8713
SHA512 286d1e8c1d9881e26c8c1ab3e1ba89bc5af810b3d0ece5f3acf325538851fb0bc1bb636e8fbda8c9e62511bfaf1ca3869547f7c7608d875d288ea4d151068ad1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

MD5 e2d535f2e95d5c62a9c816e056392ed6
SHA1 1f808c8793a486f16a48c4f9a71b12c3ae9ff9df
SHA256 13b10befd6a6e2fc9cb946cb0e18d75a4ff9cfc52e37103d45e362b98d674214
SHA512 709be84581915c7396022c536a00eadf5122e81cbd23e772e649ca0419adde26ebf67bb3355d237b3a66150d22de330476950ae94049c02bd72525fe3f2ac802

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

MD5 b6d5d86412551e2d21c97af6f00d20c3
SHA1 543302ae0c758954e222399987bb5e364be89029
SHA256 e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191
SHA512 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

MD5 3b51f2c68e2a3a6d7a2ba89e43ffc818
SHA1 785f9c6c6a50e8bb19d3eeda200b1f323ef177aa
SHA256 9ce0c475d560aa9b07d051263a4672de1079ef2742d5c977d5b869aaa7cd2e8b
SHA512 5746de0a33e353def0e3a9770705ae8cb38bf4c51d88f05c7eb94367e5250121123615ca4cff37b7a3391f9f66465beabbab1829826fb433b7fb080b4e18fc71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 7759f1423414e2b9871a58266ecc0b45
SHA1 b2a0fdca6564e0b7e950a684be85808944efd47c
SHA256 2f9129889d3f49f5f4a6b0bc34d07de5dbd19c31532cea9e65ddbe0d032b24dd
SHA512 b4db4227862f7a719cb1df9b903ce975ee38426ca50fe7bc6aeb1b227e0dffeeacdcaa12c3e65ddd31157d8c855b92c5cd26a463f252991e6ae2fd6f9e2ed5d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94384fd203e7f7ee37c2a88151e81611
SHA1 4a1995a00c2bb26c7073c80c01c2cfc361f99c4a
SHA256 59e7d729ae14ce6adfb658cc56c6addb26dfb91b7e2b56efc5cf430aa9b1b52e
SHA512 733f25d00d2da0a55d852db30afca57e09bf810fd55b438ae8391ac1d44d329dd0b6f1dcb410b305e17b1f5dc122df7506783eafa99e184a96f61dc3077c3bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cff7463e9b7144a2d767a5131353e06
SHA1 2975d4fd0f202a9307ab9b9cc2455f67348bea96
SHA256 28f70f728262ecef7eac8d7dfbdfb590e011798a6663b321790abf2d493fa017
SHA512 1acbb8104dcfdac8f9c099a596a98518cfec6bb98c33d9fd5f61dfdbac3ae2cb6b5050ee25dc76e8b5703620ec8f01dc7a1b1b25fde293140ffdd32f2f102752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 965e76be09d9c908af463336101a5243
SHA1 80878e3a44b55fb8c0a19ea201a71897c3538b47
SHA256 a8bf72d386d2c679de928e7881f437f95e42e3fc8e2e66224ae4b46b0016b2a4
SHA512 1a1b2f53e2f76de899b292573d64c10e939f5c1de49c3ada91b8b9124b0dbf06c2e6e02a73907a18ccb16f62de3689a00f84e5b0023cc72993f069502e0fd9ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abcf2dcbab4e3c6a3d5ddd3f676c1d3d
SHA1 9896036a0111ffddf91cbfe63ef17d9af24420dd
SHA256 3ea14a788d9e38c30329086b273ed279a128335baca933c821ad493201208820
SHA512 8280c593ea568eb56efca2b2bcaee8987add8551a23bc17001400bcc02e4cc076bf8ed0857e1c7f02e0212b2b3e315969e8e874e8eebc59d0a4d551a08613a70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee873d7f1ed71e24e432feaa4039c733
SHA1 53a231e459174e10bc847032239c9206fe1f2383
SHA256 8cb6dc476cfa909661c48e7aa88496c176fbcf0ee6c081f8113a3fd984c6b5a8
SHA512 19962ec868b88769623b8dbdb8f000a172fa346c7a3b1f94f3bc572fe8ec7eace54ef394f46ef96bd39ca35d1dd58eaaf26531c2c18447baea8661a503123dbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 299f6d89bf1192ba3b48599389e2848f
SHA1 3d96baa8ee217e471258fde1213262faef4cf00c
SHA256 0be15e7409423ab1ce2e71e8e5dd2ef73e779058d378fd52b338ff242be0cdf0
SHA512 676e50ecf808be703546c208bbe1e52b225dccb48cfb5b16f2675b32b8ba7cea8ccc7ed68d914032fd7277633ce0c18c106de2054a4229e0220ac18dc438d180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3ebed9f9fb2e5b43981c41229b62f964
SHA1 778726705f219b9041ddb8f3bb3cdf47aa27179b
SHA256 05e726c30afebe74bfe46179fa65dc3c6194cef532190932d1f256cd4fbf99eb
SHA512 ea36cd9059c25ac14201978a245c76069b8057ee883f4e58e56bd350ab382958325b67127c336302be95fabd3d34a84ac3f5e985350c57398b52cbd5fca96ca6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 799458cebe17fa0ad46596b833d54006
SHA1 4370e240d791d8dd7b89668ba3558a44c5f3fd8b
SHA256 d9746c055f0eeb0ce620750c6659041182c5b649321033dce1f50bf7b66a5d6c
SHA512 2f4549fb45492337a65051f2f853b5533585cab968cf9759de8411e24d769df9c2535ee567ccc707ec4a235148c7881d25100592d84db42e24f49d8928929203

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fa15fa57fc482ae32673945342170939
SHA1 8d8e59cd671f764accadfa7777f6fd73851f9832
SHA256 1f04a4c059471f58e232c68f58700b8e753d16e88823d7c5899d53842c59a817
SHA512 1385d99aad3836e30854940411844e8459cabf4a724437ade32f5e41f4a73d1f69de2ac12d5e8804023895a6a7063867028a7e92e38c2b9182f5a8f74c7e75e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bb5e295c3dbebdff44b7c911b00de796
SHA1 88ebe7910ca87935b6fe5c5a136186460a6dd240
SHA256 6d157c9fdfb129783b6a3a1a1a1e84872239836017ea178b5079eb68597ce017
SHA512 a0667b92bd28d2ab1b4f45d66477a5273af7bb656988f021a979d227e4e2c645d1f860a6be4253e9bd7eb5daf301750e2419275a4a84949501672a4b85cf151a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9942ba4f3efcea5c3b8c7fb9a7a61a45
SHA1 77e5ebb443602141320b03902c5c86452d239d0c
SHA256 383e2c479737d767d15d4a464c94e7fd0e872ff5ddaef155fc2d1d845ad3a0f7
SHA512 03c6ac1251af4f07c680ed8ceae053f9f7f7dccb83bb4e3348f09784182c8cb90b9fbe9a393c5bc20280e5a970a2fcdfc48020bd05223547ef5a822a8d5430bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cff3b67f5271ccd2d369d475efdea371
SHA1 c8721aacf8a68fe733c3753ee55dfbb36a1375d6
SHA256 ea561a5702fe8d5bb68ba8cabad22baa747cf6ab33e69b01856ebb41eb4f3ca6
SHA512 042986d886b9ec80db60cb41ff0a4caacf04438391c3d5ce6632cb3d675e3a9efedf2a963aba5987fc13561286aaf6e4b8fa8bbe874d2d7dca1ee318a722abe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32d7f4263eabc7f1499093bad7d2bdb4
SHA1 16577df2c4ccf6f52c47fd83ea403c2a6ea16dfa
SHA256 3b9f2110feeb53315b52f030e97d3dd269322cb67a55487ebedd7a98463d673b
SHA512 72673bd5a10ebb34b7319e287ae9227214d903fd7ca9b3d478638a2b961e17a8d456a7ae737c2f3715c313db653320670c838f910f22665a3d00581929cfaa96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b6113a72ad9483209761173c2d16a6d4
SHA1 58a2cc9a16bbfcbe91b3031cbf47a089cdda0e8d
SHA256 d05cf1f3c0af9b212c531982fee86643bec944db7a01fc7c6f49011df77f7b7d
SHA512 b7853cd9a6db658d90f9931449b122e4d2f5a2ac416fcea161faebf5530556a9ffbb7816b2bc88632b387a92d9a323e135292654e4fa93e469248c890f9c9cb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f75ab3f2b7b61cb73606f7f0eafb21c0
SHA1 7833313f759f6921b782e743a5c5c497b3364014
SHA256 451631d4e1ef4e1ceb7c16d0403c2c541ee9f8a9660abe6d7b326b6325c9cea5
SHA512 c79fa2cbe3b169dc6adba76ece610861f2dc37814b91a8f86cdceb7ff96cab48ee575ffead9a1194f4c30818280810aee402be51a7e9421b8e41c0bada231e34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09ce033856a50b80b40e3c0a888bbce4
SHA1 3be26a4ef212b79cb2fbc32187240b98510edf42
SHA256 938377b132fd3b890f1e638a851407c98ad6d6cd684b64c0a28dbcdcdf23969d
SHA512 a8f265a02426d9b5344aa751777a9ccba9b7c199074f2c15fbbda632e03f518c46d749e99754b946b085cafb99e782294764273e36890d74827ace5195f6007f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab41f0a67e03bd8016e55ce3337200f7
SHA1 c16b583498b8979e0e9ffa1699560030f1d53e8d
SHA256 8272c55287d16ab73d57f2ddc9e5099e5d4511cc635a743648fcf15c2eff5c4e
SHA512 14f1d4dac5af04741c5979bd4f6f65ca23303a94d71e53653f12b21d614d0a42073a79ff138f4edf78c2271c6e63b52aa2205cfe43906a710ebed833d5913ff4

C:\Users\Admin\Downloads\gay.rar.crdownload

MD5 519cc02b280c6716e4e90124a4d12cd4
SHA1 212dddcd5e7627c11976c382c6c31b1a589cf2f8
SHA256 6c86608c5827d82548e6faee74e58841b8328a06c3f14331f2fe8a777dc2d77c
SHA512 1196b024417890ab127edc1f51ec065d3ec8cdfb662c0c0fc45ba5a9e9424cb4051f4341e535216becceb32d318efaa07163e4cd7a40a63f9c7dc45e82e1ad68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bcebb9a821dc7eea0dd3b0b963bc3a8
SHA1 62780d866dc552399515e449153017a4fab0936f
SHA256 9d36f37e922076eac219d4085f1d3da8d308d3ec10333609f4091b1c9a6cc3ac
SHA512 b41681e868ae458a49f81129c5f6e82c5d317b375b6386baf3d8e30ecd94d6ee4ca94e75bf4cac765c2460eb00b0fa1ed984ec4618614d143e4581ca6c2655a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6f0b44ca4c9b3bb7bc9f975ac22f6e9b
SHA1 25e9362abe099f6267b03cac133ec9988604f7c2
SHA256 e92bebd089fa4285d92bba3c21efe51a6f3a95ec2a4cdb2bffcd3d86f62ac309
SHA512 1243364377003faa8ef0bd74c7378215273bb919bff6ad5be080edff12dfb18d25836ac5346c44f83fd6475c43ab7766378374c2553542b1754efc741724e3a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b548ac415b84e0d2d9729e94497c82d
SHA1 63d162b8808f29df39719e05269cc95f686522b2
SHA256 56fdb073a7ce7ffed86c3afe4e581ee2a09695ce15108f65ac6686029c0e8475
SHA512 8b1a9bb0db4ab2a24a977a4f00f1e9abfd63556d5cb44e54954cc1c4eac5bd05cc0cd720709314d68ddb0342de8cd7e2b525d16b2b14ca2ddd9ffb525d3b0de3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 24be80446a04ff13f0323c9927804bf3
SHA1 570d470008a3c8f98ddc703565ad7a9ddd5c8f59
SHA256 610c536d873c113025fbc4af41412010ea32414b5342d03364dbb62e5eed5b0c
SHA512 4ad2451fbe83225d2633711ebc0ec670e5afcb285b909d200ab753a4874ca838df7b9530b0570bac15dfd03dc0e4c842e483f9ce8392d929c9be6d5648c1e494

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cff751aa0589ceb238f813bc118df3ad
SHA1 170770a368ba6fe822c29e7ac6470ea05128b67c
SHA256 5aaaa5389f4c334054138a5a89ec4ff12d157395c7fd3d2c7cb5f7dc9c247024
SHA512 49f7a5051309ee8804ef0b6e34cef434eab667dd69a84433e7f7ebbfaf1e28b983775bbf384552c61d7225a1b365408a53cdc87ab1aa5995a5ae81fbff004921

memory/656-1431-0x000007FEFB0D0000-0x000007FEFB104000-memory.dmp

memory/656-1430-0x000000013F200000-0x000000013F2F8000-memory.dmp

memory/656-1439-0x000007FEF59D0000-0x000007FEF59E1000-memory.dmp

memory/656-1438-0x000007FEF59F0000-0x000007FEF5A0D000-memory.dmp

memory/656-1437-0x000007FEF5A10000-0x000007FEF5A21000-memory.dmp

memory/656-1436-0x000007FEFB050000-0x000007FEFB067000-memory.dmp

memory/656-1435-0x000007FEFB070000-0x000007FEFB081000-memory.dmp

memory/656-1434-0x000007FEFB090000-0x000007FEFB0A7000-memory.dmp

memory/656-1433-0x000007FEFB0B0000-0x000007FEFB0C8000-memory.dmp

memory/656-1432-0x000007FEF3C30000-0x000007FEF3EE6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4aa11b44-ed44-45af-be1f-75fae7ed6cad.tmp

MD5 08e792aa4df91f247e74b75c2f03d9c1
SHA1 690bee3a14949fa71ebe4abf1d84b0a35cf86032
SHA256 0be4ea2d6b9a520434aa4cadaadc84e90e5ebc9f81536330098372fb907796ed
SHA512 06897c4743909cab36ba79ca9a6ec8530f4a6282e77ad89b88ad96227ad1098f64ca2175621b96db5bb00b2a11424848c549c6d0ff9ed5f2b3f2972d767edd48

memory/656-1440-0x000007FEF23F0000-0x000007FEF34A0000-memory.dmp

memory/656-1448-0x000007FEF3A20000-0x000007FEF3C2B000-memory.dmp

memory/656-1450-0x000007FEF5950000-0x000007FEF5971000-memory.dmp

memory/656-1455-0x000007FEF3980000-0x000007FEF399B000-memory.dmp

memory/656-1449-0x000007FEF5980000-0x000007FEF59C1000-memory.dmp

memory/656-1458-0x000007FEF3910000-0x000007FEF3940000-memory.dmp

memory/656-1459-0x000007FEF38A0000-0x000007FEF3907000-memory.dmp

memory/656-1457-0x000007FEF3940000-0x000007FEF3958000-memory.dmp

memory/656-1456-0x000007FEF3960000-0x000007FEF3971000-memory.dmp

memory/656-1454-0x000007FEF39A0000-0x000007FEF39B1000-memory.dmp

memory/656-1453-0x000007FEF39C0000-0x000007FEF39D1000-memory.dmp

memory/656-1452-0x000007FEF39E0000-0x000007FEF39F1000-memory.dmp

memory/656-1451-0x000007FEF3A00000-0x000007FEF3A18000-memory.dmp

memory/656-1461-0x000007FEF3800000-0x000007FEF3811000-memory.dmp

memory/656-1465-0x000007FEF3720000-0x000007FEF3738000-memory.dmp

memory/656-1467-0x000007FEF36D0000-0x000007FEF36E1000-memory.dmp

memory/656-1469-0x000007FEFB040000-0x000007FEFB050000-memory.dmp

memory/656-1468-0x000007FEF36B0000-0x000007FEF36C2000-memory.dmp

memory/656-1471-0x000007FEECFF0000-0x000007FEED001000-memory.dmp

memory/656-1470-0x000007FEED010000-0x000007FEED03F000-memory.dmp

memory/656-1466-0x000007FEF36F0000-0x000007FEF3713000-memory.dmp

memory/656-1464-0x000007FEF3740000-0x000007FEF3764000-memory.dmp

memory/656-1463-0x000007FEF3770000-0x000007FEF3798000-memory.dmp

memory/656-1472-0x000007FEECFD0000-0x000007FEECFE6000-memory.dmp

memory/656-1462-0x000007FEF37A0000-0x000007FEF37F7000-memory.dmp

memory/656-1460-0x000007FEF3820000-0x000007FEF389C000-memory.dmp

memory/656-1474-0x000007FEECEB0000-0x000007FEECEF2000-memory.dmp

memory/656-1473-0x000007FEECF00000-0x000007FEECFC5000-memory.dmp

memory/656-1476-0x000007FEECDD0000-0x000007FEECE3D000-memory.dmp

memory/656-1475-0x000007FEECE40000-0x000007FEECEA2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

MD5 dd920c06a01e5bb8b09678581e29d56f
SHA1 aaa4a71151f55534d815bebc937ff64915ad9974
SHA256 31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b
SHA512 859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 adcc0969f148934d4a76cd48044b2d40
SHA1 3332d2cac7406dfa7cbaa9d3b3c6e0640d9e5d24
SHA256 486a3180877a9b113bf927d9c34445c1aa6a075ed453c07630024c655de51cdf
SHA512 4c76655db53089c96fb805a13e6aaed06880d6e4085b9caabe33535d6a3791d3d085126fff8fea6d2eb74ae4bf3b2c1fba8876010eb44442cf95c30eeb22bc61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b89eede1ba4d9d077d9674e56c408ba0
SHA1 88138fd39036e0c28b65ca184d03106bf4fb5ce1
SHA256 dab6c00f0a6e30654a65c079cd5f18e54e7c151b25b9095bc4792a5450dd610c
SHA512 dd4b814f3b6e96f1e38a3fe7f14ea04861236c084f24f5ff245248755e6b9bee9e66ae3c50c10e0d1e28226dfabfc2a512e944054f30448503cc42d2d60ebea7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 589edbae35a6b0c4a8585e232db7d471
SHA1 8260b7d92075a79a0adca4b273f04289d2cbc1b6
SHA256 4773625324025c634da9ccd620956f6a189b249abe056b4b5cec67806647edf2
SHA512 229db63add50aae53baa74a529e83d1d30c56c290c8a297e8c836efe2c44a8bbdeb002fe639238f3cfe2910bd87fb91baa477ece856cb5124307cbc5887b9e02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6b71120685cc498bd48e17e34667f64
SHA1 20bdb28c000382f55e17d33afaa71fbc1793646b
SHA256 40bdf30560bbe6062c9d334376a32e30e9d5b97d53e269a54e43fae06ed8fac9
SHA512 e296ee765c114936584f90c8d75df5f6c2b8c5551511bc880f3110fa34411f2ede21db4acbab601fc08a1e80b472c74ecd384fe2b6e90c55e6b166211033bab6

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-12 13:28

Reported

2025-01-12 13:33

Platform

win10v2004-20241007-en

Max time kernel

293s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe

"C:\Users\Admin\AppData\Local\Temp\skibiditoilet.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp
N/A 172.30.208.1:1234 tcp

Files

memory/1232-0-0x0000000074712000-0x0000000074713000-memory.dmp

memory/1232-1-0x0000000074710000-0x0000000074CC1000-memory.dmp

memory/1232-2-0x0000000074710000-0x0000000074CC1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe

MD5 b44e34f9dbfc72cc87b0904c94ab4160
SHA1 6511a3fbc77523fd489e09ec7dcd51eb421fd1eb
SHA256 7013e54e6ea0cc2a6b3d3e4e043761692641e53cc630a907e859b50283350f7e
SHA512 7d527fab4549cf4dcd25e301ab97fea66a6e5bc4e135e43d747ecdde7eb915fe7814c56211e49d8966e970fd4838386cbe771a2e89ca1d4acbcb4c65a95d20dd

memory/3440-19-0x0000000074710000-0x0000000074CC1000-memory.dmp

memory/1232-18-0x0000000074710000-0x0000000074CC1000-memory.dmp

memory/3440-21-0x0000000074710000-0x0000000074CC1000-memory.dmp

memory/3440-20-0x0000000074710000-0x0000000074CC1000-memory.dmp

memory/3440-22-0x0000000074710000-0x0000000074CC1000-memory.dmp

memory/3440-23-0x0000000074710000-0x0000000074CC1000-memory.dmp