Malware Analysis Report

2025-04-13 12:43

Sample ID 250327-skkswawly7
Target Slendytubbies 3 Multiplayer.exe
SHA256 a6d1246d2054da7e30d2d65a8f975b64fb162a501d5967fca963272927a3b41c
Tags
azorult privateloader bootkit defense_evasion discovery execution infostealer loader persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a6d1246d2054da7e30d2d65a8f975b64fb162a501d5967fca963272927a3b41c

Threat Level: Known bad

The file Slendytubbies 3 Multiplayer.exe was found to be: Known bad.

Malicious Activity Summary

azorult privateloader bootkit defense_evasion discovery execution infostealer loader persistence privilege_escalation trojan

Privateloader family

PrivateLoader

Azorult family

Azorult

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Executes dropped EXE

Identifies Wine through registry keys

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Modifies registry class

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-27 15:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-27 15:11

Reported

2025-03-27 15:19

Platform

win10v2004-20250314-en

Max time kernel

501s

Max time network

511s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe"

Signatures

Azorult

trojan infostealer azorult

Azorult family

azorult

PrivateLoader

loader privateloader

Privateloader family

privateloader

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Wine C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\Malware-1-master\Petya.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_hr.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sr.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Offline\{C7449629-A7B2-4E62-BE59-1B7C95F3A10F}\OfflineManifest.gup C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psuser_arm64.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sl.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_quz.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_is.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_as.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdate.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_nb.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\NOTICE.TXT C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sk.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_bn-IN.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psmachine_arm64.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ne.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_de.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeComRegisterShellARM64.exe C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psmachine_64.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_te.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_bs.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lo.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_tt.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_pa.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_el.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_af.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_eu.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_mk.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\EdgeUpdate.dat C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_gl.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ga.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lb.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\SETUP.EX_ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_id.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_it.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Offline\{C7449629-A7B2-4E62-BE59-1B7C95F3A10F}\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\MicrosoftEdge_X64_132.0.2957.115.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Program Files\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_gd.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sr-Cyrl-RS.dll C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Malware-1-master\jey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Malware-1-master\Petya.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\wermgr.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875618836339736" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41E1FADF-C62D-4DF4-A0A2-A3BEB272D8AF}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\MicrosoftEdgeUpdateBroker.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\stak.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\jey.exe N/A
N/A N/A C:\Users\Admin\Desktop\Malware-1-master\Petya.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5492 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 3428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5492 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe

"C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa60acdcf8,0x7ffa60acdd04,0x7ffa60acdd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1996 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2244,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2544 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4312,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4328 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4688,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5540 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5428,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5580,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5548,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5880,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5804,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3404,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3308,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5540 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3192,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4872,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5596 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Malware-master\" -spe -an -ai#7zMap22592:86:7zEvent1246

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3508,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5936,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5908,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3504,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5968,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6416,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5864,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6512,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6660,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5924,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4592,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4848,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6872,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6588,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7052,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7468,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7032,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7440,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7260,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6176,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7400,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7444 /prefetch:1

C:\Users\Admin\Desktop\ZoraraB.exe

"C:\Users\Admin\Desktop\ZoraraB.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe

C:\Users\Admin\Desktop\ZoraraB.exe

C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe

C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNTQzMUJCQi1DMEI5LTQ4NTQtQjQzNC0xRUFGNEZEMjE5MTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMTYiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDY1MTU2NjM3IiBpbnN0YWxsX3RpbWVfbXM9IjUxNiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{2AD45AE2-424C-4609-A999-E7BB9B116AFD}" /silent /offlinedir "{C7449629-A7B2-4E62-BE59-1B7C95F3A10F}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7N0FCOTNGMkUtQ0QyNy00RUUyLTkyNzctQjE2NzBGMEE4ODk5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjE2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMzMuMC42OTQzLjYwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzQxOTM0NTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODY0MDcxNTc4MTgwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ3MDAxMDgyNSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Windows\SysWOW64\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1724" "1172" "1064" "1176" "0" "0" "0" "0" "0" "0" "0" "0"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7QUJDMTIxRTYtOEMxQy00QjIyLUE2MTUtNkI4NUFBRjQ2RUE5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjE2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzMuMC4zMDY1LjY5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTMiIGluc3RhbGxkYXRldGltZT0iMTc0MTkzMzg5MiI-PGV2ZW50IGV2ZW50dHlwZT0iMzIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjQiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0Nzg2MzUzNjEiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.84 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.115 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7104fa818,0x7ff7104fa824,0x7ff7104fa830

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6584,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6440,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6580 /prefetch:8

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1100" "696" "460" "692" "0" "0" "0" "0" "0" "0" "0" "0"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7RjkyMjJFMjctRDlCQi00MDhFLThDNUItQ0I5NzNFOUU2MDk1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjE2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjExNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjEzIiBpbnN0YWxsZGF0ZT0iNjY0MyI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDgwNTA3ODE3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ4MDUwNzgxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTA5OTMzNTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTA1NzIwNTE5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjYiIGVycm9yY29kZT0iNCIgZXh0cmFjb2RlMT0iMTA3Mzc0MTgyNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAxMDQ2MTg1NiIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE1IiBkb3dubG9hZGVkPSIxNzcwOTgzMzYiIHRvdGFsPSIxNzcwOTgzMzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIxIiBpbnN0YWxsX3RpbWVfbXM9IjUwNDc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Clean-memz.bat" "

C:\Windows\system32\cscript.exe

cscript x.js

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Clean-memz.bat" "

C:\Windows\system32\cscript.exe

cscript x.js

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=5624,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6504,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6408,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Users\Admin\Desktop\Malware-1-master\jey.exe

"C:\Users\Admin\Desktop\Malware-1-master\jey.exe"

C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe

"C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe"

C:\Users\Admin\Desktop\Malware-1-master\stak.exe

"C:\Users\Admin\Desktop\Malware-1-master\stak.exe"

C:\Users\Admin\Desktop\Malware-1-master\Petya.exe

"C:\Users\Admin\Desktop\Malware-1-master\Petya.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.clients6.google.com tcp
GB 216.58.212.238:443 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.78:443 play.google.com udp
GB 216.58.204.78:443 play.google.com tcp
GB 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.187.193:443 clients2.googleusercontent.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.10:443 ogads-pa.clients6.google.com tcp
GB 172.217.169.10:443 ogads-pa.clients6.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 play.google.com tcp
GB 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 142.250.178.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.178.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 e2c69.gcp.gvt2.com udp
US 8.8.8.8:53 api.github.com udp
CA 34.0.38.213:443 e2c69.gcp.gvt2.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
JP 172.217.26.227:443 beacons.gvt2.com tcp
JP 172.217.26.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 tria.ge udp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 104.18.40.144:443 tria.ge tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 athena.archive.org udp
US 207.241.225.195:443 athena.archive.org tcp
US 207.241.225.195:443 athena.archive.org tcp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 207.241.225.195:443 athena.archive.org tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 dn720003.ca.archive.org udp
US 184.105.214.247:443 dn720003.ca.archive.org tcp
GB 172.217.169.36:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 20.26.156.215:443 github.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 142.250.178.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 id.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 wearedevs.net udp
US 8.8.8.8:53 cdn.wearedevs.net udp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 172.67.71.2:443 cdn.wearedevs.net tcp
US 172.67.71.2:443 cdn.wearedevs.net tcp
US 172.67.71.2:443 cdn.wearedevs.net udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 104.18.27.193:443 dsum-sec.casalemedia.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
GB 142.250.200.6:443 s0.2mdn.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
US 104.18.27.193:443 dsum-sec.casalemedia.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 104.18.27.193:443 dsum-sec.casalemedia.com udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
GB 142.250.200.6:443 s0.2mdn.net udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 216.58.212.194:443 www.googletagservices.com tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google udp
GB 142.250.178.2:443 ep1.adtrafficquality.google udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.teads.tv udp
US 35.244.159.8:443 us-u.openx.net tcp
GB 23.192.21.198:443 sync.teads.tv tcp
US 35.244.159.8:443 us-u.openx.net tcp
GB 23.192.21.198:443 sync.teads.tv tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 tr.blismedia.com udp
US 8.8.8.8:53 d.agkn.com udp
US 8.8.8.8:53 dsp-cookie.adfarm1.adition.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 ag.innovid.com udp
US 8.8.8.8:53 creativecdn.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
US 34.96.105.8:443 tr.blismedia.com tcp
IE 52.211.32.6:443 d.agkn.com tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
IE 52.31.85.52:443 match.prod.bidr.io tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 13.42.194.170:443 ag.innovid.com tcp
US 35.244.159.8:443 us-u.openx.net udp
US 8.8.8.8:53 cdnwrd2.com udp
US 172.67.166.253:443 cdnwrd2.com tcp
US 172.67.166.253:443 cdnwrd2.com tcp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
GB 142.250.200.6:443 s0.2mdn.net udp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 ads.travelaudience.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 34.96.105.8:443 tr.blismedia.com udp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 gcm.ctnsnet.com udp
IE 52.31.85.52:443 match.prod.bidr.io tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 video.seenthis.se udp
US 8.8.8.8:53 t.seenthis.se udp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 63.215.202.137:443 dclk-match.dotomi.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 35.190.0.66:443 ads.travelaudience.com tcp
US 35.190.0.66:443 ads.travelaudience.com tcp
US 151.101.65.91:443 t.seenthis.se tcp
US 151.101.65.91:443 t.seenthis.se tcp
US 151.101.193.91:443 t.seenthis.se tcp
US 151.101.193.91:443 t.seenthis.se tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 35.186.193.173:443 gcm.ctnsnet.com tcp
US 151.101.193.91:443 t.seenthis.se udp
US 151.101.65.91:443 t.seenthis.se udp
US 151.101.65.91:443 t.seenthis.se udp
GB 142.250.178.2:443 ep1.adtrafficquality.google udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.178.2:443 ade.googlesyndication.com tcp
GB 142.250.178.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ad.atdmt.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 x.bidswitch.net udp
DE 91.228.74.159:443 cms.quantserve.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 8.8.8.8:53 dsp.360yield.com udp
IE 52.31.109.203:443 dsp.360yield.com tcp
IE 52.31.109.203:443 dsp.360yield.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 ads.creative-serving.com udp
NL 34.1.230.247:443 ads.creative-serving.com tcp
NL 34.1.230.247:443 ads.creative-serving.com udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 2.18.190.182:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
GB 142.250.178.3:443 beacons.gcp.gvt2.com udp
GB 142.250.178.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.178.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.178.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.178.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 172.217.169.3:443 beacons5.gvt3.com tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.187.193:443 lh5.googleusercontent.com tcp
GB 142.250.187.193:443 lh5.googleusercontent.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 plnkr.co udp
US 104.21.64.1:443 plnkr.co tcp
US 104.21.64.1:443 plnkr.co tcp
US 8.8.8.8:53 cdn.plnkr.co udp
US 104.21.48.1:443 cdn.plnkr.co tcp
US 104.21.48.1:443 cdn.plnkr.co tcp
US 104.21.48.1:443 cdn.plnkr.co tcp
US 104.21.48.1:443 cdn.plnkr.co tcp
US 104.21.48.1:443 cdn.plnkr.co udp
US 8.8.8.8:53 api.plnkr.co udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.21.48.1:443 api.plnkr.co tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.21.48.1:443 api.plnkr.co tcp
GB 142.250.187.193:443 lh5.googleusercontent.com tcp
US 104.21.48.1:443 api.plnkr.co udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 server.ethicalads.io udp
US 104.26.5.62:443 server.ethicalads.io tcp
US 8.8.8.8:53 run.plnkr.co udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.angularjs.org udp
US 151.101.1.195:443 code.angularjs.org tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.3:443 beacons.gcp.gvt2.com udp
GB 142.250.178.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c59.gcp.gvt2.com udp
IT 34.154.74.59:443 e2c59.gcp.gvt2.com tcp
IT 34.154.74.59:443 e2c59.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.169.36:443 www.google.com udp
JP 172.217.26.227:443 beacons.gvt2.com udp
JP 172.217.26.227:443 beacons.gvt2.com tcp
JP 172.217.26.227:443 beacons.gvt2.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
GB 142.250.187.234:443 ajax.googleapis.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.180.10:443 ogads-pa.clients6.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
JP 172.217.161.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 collector.github.com udp
JP 172.217.161.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api.github.com udp
US 216.170.114.4:80 tcp
JP 210.134.66.83:55555 tcp
US 8.8.8.8:53 trombleoff.com udp
US 8.8.8.8:53 pool.monero.hashvault.pro udp
US 216.170.114.4:80 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cc436fead8af6883cc401b48bea016f7
SHA1 de643057f2bab85c26f0ea1e1912d0d9e0c28b0a
SHA256 8a307c3cd14cd0f23e8086f521bebff2ecf1852c247c2bd1f112f101f55005e1
SHA512 0542fcb94b6088eb49da2e14e74050a921b28754dca29e5a9b0903e607d2fe8a561686848be28b391f737b607b67c17b4e254c212bc664b922252aef9de4bc84

\??\pipe\crashpad_5492_PCBCPEKFHCYMWUYH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir5492_755417324\776126f3-a359-48b3-959e-fb7a0b681f01.tmp

MD5 dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1 d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256 fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA512 65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 3d883ccb4bdb4f80cc8429e741fef65a
SHA1 8a84ced085b082ef21d18a0f5c0ef7809b04ed50
SHA256 d367b2e164327549af1aceab68328d40ae5b22403ccb237a36f93aaf6890b42c
SHA512 35e5cdfe21f33067596eff54b99466b1c1282f81112ebc9f7bcc943bf6cb7a3bf7592b5092552b837e026f941a8a2e59f88fd4294b7356bc67c0038c0b5debf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 23d673afbe0cc2b783b935fa5d848a24
SHA1 7b3861a25df33fc3cc0237f618669597e668076b
SHA256 3773e07e2a185c0350775d514e4e07f3508df6c0433ba880ae9b44f2ca9d66af
SHA512 7c1677c36d960137c60a5733eae47c29939b70235448a21802be38b8bce0058db7011cbbf1831aea8a1c754fc9e37d72bc96bde0a42d6ed184cd29953d5daaa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\83b50142-f3bb-4929-bc1b-bf1cd257d920.tmp

MD5 9e4a9714de43ce543d5733b0393a0cef
SHA1 0777e3c77c5607d4a02e836f8934ed2ab990f953
SHA256 d1b047548f4b1bf68c4f4c622dfd8b299af5c093ade4865544a78f7ab96f982b
SHA512 35cdb9630091065ead70e97e257d23fe977ed44c4eddfe14ab50213fe58341545e50ed6acbc62c3107968876f737e480b9320c97f3cffdddff751ff4bab522a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b6099a59df7fc332669cc85c7daab737
SHA1 22235411d4ddbf6616b00e453a68ba6dda087627
SHA256 01245153ad2abfd640d1e2605219f05e973e3787172fe377020a89ddbbb9c12c
SHA512 f552a6ce86c074dbe1682e8218dc2dfd5d930d5415c5a2fde48fc5f56143d196d40a52af0e50f77cb349f83a37a7d643b4faa8cd19305176bc4431126862b2ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\159564b9-6d4e-4f37-bc41-c3184294b1cc.tmp

MD5 2848be06c9f7c1d5acfe3c95f7aa718b
SHA1 02ba4757d3239619354a82c3a49df583a1e302b6
SHA256 231af8191becb7d17a79db9d99b457e2fb66d76e9e37f6fb37d8d22f2eb2e66b
SHA512 436cf79ecc9a260f172a2b1f0ac5bfc36aed908d32a05c0438db6b8975debc13e3a28c7f11d180c46453b1974208df71f5958944cf3cf29fee994cb4c0e79fbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6ae77b9124e23d32bc15ca59bcf10f5e
SHA1 b04b05b0a81ca4c99c7f71082c6c6a265e530dc3
SHA256 1510321f4c04f3503b9c8c8c6326a7231d8229d2c4f4c778297f8a5a549dd548
SHA512 27b5ea37a6c2e12bb444f0b337e504e2ae74dab3ff06696faae754852e757fc455f7b2d912da90e9c12f430d9fe616064f257ff5f40cabcbb9188124b8bf3a18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f368.TMP

MD5 fcbed151841d6160cf37bde2fe3004ec
SHA1 4d038ea196f331bd3c3ac648f695115609f96a56
SHA256 19f7c0cb58f5763af38d14c8c818ebeebf8f9dc1e357250d228ebcd3b7ccf32d
SHA512 0141c9ae0ddb7666aa6163a72e457d88cc43c55fff911ae2fc1b01e4bb091048a9a319a37a654850d55a71fe57e14c37cc1c3792dfb7d65f28d9fd5a648aefa3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68f8a969a4169543ae4e04acf05cd2c0
SHA1 cbbd5b41f9cfd34e91a3cdc490774c929654f1d7
SHA256 d3565f3bcd12378153ce53598f04fcf01eed2eecb21e4eaf99db9fc9caa8824e
SHA512 fee0cfc5c4c4fa151ea8cd70e22bcff30e354dde513651bae9b4c8c785851a0ce5161c4b0fa350693ca9ebd9847c84c05a734aba37b75e8737c788f3ba59b8c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7407d64582b5caf4e9f48ffa61d665df
SHA1 c035c0c31bcc7019128f8117021d832ced3e3eb2
SHA256 1d4f9851343e618915723a52b6ba1bc2aad2644e3b1bb8d51cf6ee3e32d27f20
SHA512 bb9f181f4f93213e5f6bb912bc7e4d53e19b8d88a687e6140df66267b5673e4f0af8694ad077a80586ec15d003e576351ae609cc07097e9033421cc6cdc8b6ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73d4a060da15ff49a0fe314040bbbf55
SHA1 aa09ca919770b70b78ae3bb3263b42c4d23e9dea
SHA256 8b8d0690e6d305f97e321dc827b87e12feca9c3c639b09ead67472c5f7c7da7f
SHA512 ff8818303f5fca1be142abd1c2f40d9c0e8c2919841df2b4ea138cb1b4b5e4940f89fbe32be191ffdf26a63f38f2946814f84fab0cf568a8953619b9e772ee21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9066f973be234c4cc4686610b50362c7
SHA1 11718df4c867fb604430888e1f167ab32d7e610f
SHA256 7f1343293269cd84e6304c55558bda024c2b795034c5f8e523cfb28c97e361bf
SHA512 2a637276e2ec02b2566d78ac5ec5325702845596dc41543ab10e7932f92789acaadf3584adc8da9d7046134cbd8339086eb64bc9114166ada997e9b58093f0d8

C:\Users\Admin\Desktop\Malware-master.zip

MD5 b14e2237a2be94e83a158d39b5f843f7
SHA1 3a0b586566149334a9e84aeaf641c83200030e99
SHA256 f42c15d7457a08192bbcaf1301f96d429e5319fadd496ee4848e3913208ef4c3
SHA512 2776fde4230de84aff67549bd75b3e5af35bd1a775b2151e6a5950c5d0f11cd3ef4ed6de9a4be27f2ee2d2cd8b44f71f8872bd4edfaf0ee172792bcefcdfd6a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 edce9ad299ce436b1d137b225740a207
SHA1 efbbd5ba34bfd8a813a053f631c832cecd48d91f
SHA256 d085ada2de8f3b1048e6cca2ef33deb113612893f2a747e61a0b3b6c79eb92e8
SHA512 1e18033dd91c0ba53e991193b3e8fe332ef766eef61c867b97c3e2a76b151748c626c7eaf8fc623d27f78596126ea49469d76667f4d1fb738ac162c8c7423692

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2755f77b8f1af439656cd6b4981840a0
SHA1 78abd85564dcaeee2388e9839b3e21a7f72a0035
SHA256 e03ed740cbcf76a5d769b658e0bf025e9ee66014679dc447972a98b0aa3a0570
SHA512 14d7440887a4f83d5b940b53f0b0f651bfbd979c271a716e8083c125e07d744f4a8bfd4ae112f25e046cf0dad38157e52d8165ecf0c14dda275661b0c099eb6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54a9004264d56050910b4e1e807edca3
SHA1 13de052dbb15eb38b0041eed6265c2273970e4d8
SHA256 fd80ffc89801a7d23751a9f031bcd470271322eccf86f296d4cf8b44e771653e
SHA512 ea6536245e6b532453e62c566ef43b34268b1a3e5f50e376a30028f371dd740134a49681b8a7bc007b8814d1a85bc7774ff10c73b6237c47a450d925013918fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46f07c039ab43c27e70bac2c74d587c4
SHA1 e62f85075c03e90158d561a0d7b559bba0a6d465
SHA256 8def1bed9e8b4549b4d2bbd06545a29c403c9f71744f028de7d2dfb5036b9f2f
SHA512 5912833875d3d6bfb47432b8f005c7bf11342f04e4e751dd800bc2082d9f61307474f0eea9c6168f05cd9efb8f8a1f13ad3ad1fa62d9f16cefba03587f3afa55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e842a03ef73dd5917d32099f6f60243
SHA1 fa3ad3be4b109927f0d4cb22631570e8b50ffd9a
SHA256 719b2d4bddfae6a6685c431bb2ae6db5a6847135218b278ff53311c79806f1c9
SHA512 20a54edc9b5907d345ffeb8e2aaa5e190c5783b46577ab7ea40456d5db780176ea23ea59c39941b8691bcf349efa3a7eac8a3787e2181acb8aa2062cb986ff2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a17f98f01c1bc65bebe31c6d296b757
SHA1 d22e3d17b59a6ec1fb836eb857c7533a073905bd
SHA256 d1e09d0c30d7f19f64cfb1108540f9495e17e492efb47d79396d9c3ebccd5548
SHA512 8fa45897361ac6f82936e91efff564c1791af463e114da0f9cd25dd70cab71221142f815a6857d30078f422fd9b4bed7030341145b701af26720de180d4e9a51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f7e600422f199308f78425f0a01b4b16
SHA1 c22102e3cda9057005867b4abe73a30130d66d96
SHA256 6059370ee223f19c3b4a73eb81a5ebe695c8fc8025cd62fe3b739d977079a0d9
SHA512 4556f3f2c6a5bec3703c212de78815e6248605cc215a4a47adcc45c76aab569c114ad2178e502ea433bc84a8c0faae17dc92f733c3f2a04f89798c01a5d3c0e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a048e82ed0c26ec1d725511894f3947
SHA1 8d6707a6de7133b13d0113e713ec75357cab6d73
SHA256 cc6ce230449b3eb8f54a5c7fe96a5b3cd5409ca0dbe17fc2ce76a2e381b6943c
SHA512 be4141d5cb9b6b90adb7e73a359b3cd203c2351579096429abe357d68cda52cf9d3731607fe8868894ece980450a76b03d4814faf7e8f91f83a8af1340487122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac3b2125a9a610501b366704a1787a71
SHA1 d0ea804aa77621caf5dc72556de987a2c1fafc7d
SHA256 2337727dfcfb97790b580640a09fb4a6c9289262ad418635705be1918cb14184
SHA512 96999d965d67b8cbb30a7ab540ae3ff2725b6fb23812a84563484c22a2ea9d5c1c8ddd2831afd2a9bf4191d6079414a730cf7f0d65bcd21b8030af2fee5b9dbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 72555c2adfd253c473b83dd42144c98e
SHA1 a33a792b9b56a2bdafb333683d5ec2b8ee7a6b8b
SHA256 816531ff8bfbcb60e7547e84869db6a128948f7f072befde4b9a2c13b23324c9
SHA512 09ea73cfd0006e47de7e242ab3eb24d80d4a8c87c2c7f732ca8a846d38fe8610a9fa27f2c36b3419c8d4912a738eb03722fac457fb6f60decfb6eb3e113b2fb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 69ced8affdc046b41613c1ec4c8d574c
SHA1 44af9fb4bae48f7f629dd4127d425be82130afa2
SHA256 1985f8406934f3a9a9ece6fb44a3342cf89d4bcbd054cfaff6b806d4c8168e07
SHA512 a280ca704c3bd0047d109fc833a2c5c94ea45544a22f792b0e4d52d99ec14949b1903e299f7aca737c45f637c3363a5d357047a0557564bf27aef610b3cd6d45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fccfc2eaa326c4c8e74f8b4f5000269
SHA1 9690c4b9e7fd78d844f8c7a9ac96a989c5cde514
SHA256 48dbde09071857781921131652c7411951031c356e6f3658197989891331bd39
SHA512 030f03ae5f7829addc04647bfcb4553b3bbc59182922591c503d1a131b2388b69a9dd4f8975f640b64492dc902e5b217a48421a12dfb736e83e937604049ec56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 8b10a8298f40b87ae236d92acdcf8708
SHA1 7a97724c1c24a915cc5da1dd33d8157bdee39bb0
SHA256 f3d521d5805c02e3489d05fffcf2559160b37c80c9274c66a5488ce213f3fdd9
SHA512 6ce5e72f22ae31f5b384004874af931e52d45ffcf08ce9bb6b03794ae5b700bb9bbf8663a9418f811c353254644228fb3280564022fed60a2864236a8fbff46a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 83266658f29f5cb762001d5d9f6985a7
SHA1 9ff52157193e1e798944e6a3172d938183f5e550
SHA256 60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d
SHA512 60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

MD5 f69cefb34e81abe998b7b4c0cc0cdbf0
SHA1 b4d4d39233a096793eddabac7b913373160ea7a1
SHA256 a8787de8a8d93bb7a6d9aa55572db8d806693978d0365240507ba62905657174
SHA512 6c8ceebb276bfe4ab080eb03bc8f497c72b7ce7fdd70d3d1689c60eb3dc091ff4af97fb21ae4dc9b6589c21638ef27c7194ee52780da6690c04baaa4c12fc4b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d31a1ebe1b6bef798480e8977dcccab1
SHA1 8ec1140f1e4d04cd3191db2f47e4c860b806ea31
SHA256 32f4dc51b13d735940905553b1ab6ed43ac8bfd830024a41971b714cd4cdb1d8
SHA512 8a4c85bd1a2874beb504769842e67256e0363a0e9c8e0d15c33c674a804c32b6209552f5cbb571c0602d768d052adf142011160d8b48a59a1865059daaa7cbb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1a8ddf3553ef75e75926653d3b5753e6
SHA1 470800196ddda3f99bacfb3f624b8f4e3cbc93c9
SHA256 822d65740bd74c3f50c9d3413c7c2b4631776198a5fe37fb2849793d4d4f9243
SHA512 5a3fa94c7d012f5df1fa10a8ae430126f6d69effb7a3bedb901369d732119744b778b47a866424ede2a855dec7c0b5059f3c5ae912c6972f3f3051b3c428ffc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 967feab489b0520b8c3f6572cf80029a
SHA1 89e4056d68d4127dc50c197ea1b559be450f066d
SHA256 f64375c81a59de6e9638fcf41147e5bee7eb1234101d4c9e6cea81b39dd4fff9
SHA512 9574f72a133a5f56e6ff231bd7b4fa8c20edb744240ca82edac573894ee1c52064f8fb2c0ce655516ee58973f07c0a0899eb1efcfefe39a4c8f3f9a8d3e47880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 35da20c7e2169428ea5f72f21eb4f443
SHA1 239fef5497fb8a565aef24bf65abd654d493f4de
SHA256 1d0dcda49c508f31f192012524a1ed7aeaf08c793bce2f95706d12a5b175dc68
SHA512 2471bdb481d94215af7b682d556c5b4468f241c17e3001f2a1064f7332a7b770ff76d0bc4112a4bb77e59befcb13f1428dda73b197adacb47393322f397c2f42

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe

MD5 a5dd2c9b93007d30e8f0df8e81d2d5c8
SHA1 3910e827e31ca413b4842d7643e0cca2a973dbcb
SHA256 b6c23eb719766ee1df6b2438b90751a24c105dc67fa3168f4b97c131c528b7f6
SHA512 9f62ccb3c308f401e9d5fd4c767694a1240902d31e8bd048298133ee28bf034ed76e79b4872a109b448b201f593041afd702881e3a6d67e94ebca31360a16c0f

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\python39.dll

MD5 11c051f93c922d6b6b4829772f27a5be
SHA1 42fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA256 0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA512 1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\vcruntime140.dll

MD5 8697c106593e93c11adc34faa483c4a0
SHA1 cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256 ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512 724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll

MD5 bc778f33480148efa5d62b2ec85aaa7d
SHA1 b1ec87cbd8bc4398c6ebb26549961c8aab53d855
SHA256 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843
SHA512 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\libcrypto-1_1.dll

MD5 cc4cbf715966cdcad95a1e6c95592b3d
SHA1 d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA512 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

MD5 2dcee3aed139b2fe36beaac7ef702fd7
SHA1 3900be074b35868c20b02a1a73bb3ca23bc8a993
SHA256 c14dbedc05695c70c75e98368fb01ed898131d104e1e4c006d5a57e1294177e6
SHA512 8b8e063901a0335149e93e8af484c47be101cf1f914e5d24766243c20740d6eda6853160f5c304faab2c207652ee9627e0a9615350e02ac6b86448f5239280f9

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_hashlib.pyd

MD5 f377a418addeeb02f223f45f6f168fe6
SHA1 5d8d42dec5d08111e020614600bbf45091c06c0b
SHA256 9551431425e9680660c6baf7b67a262040fd2efceb241e4c9430560c3c1fafac
SHA512 6f60bfac34ed55ff5d6ae10c6ec5511906c983e0650e5d47dac7b8a97a2e0739266cae009449cced8dff59037e2dbfc92065fbbdfde2636d13679e1629650280

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd

MD5 6c7565c1efffe44cb0616f5b34faa628
SHA1 88dd24807da6b6918945201c74467ca75e155b99
SHA256 fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a
SHA512 822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_queue.pyd

MD5 4ab2ceb88276eba7e41628387eacb41e
SHA1 58f7963ba11e1d3942414ef6dab3300a33c8a2bd
SHA256 d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839
SHA512 b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_ssl.pyd

MD5 ef4755195cc9b2ff134ea61acde20637
SHA1 d5ba42c97488da1910cf3f83a52f7971385642c2
SHA256 8a86957b3496c8b679fcf22c287006108bfe0bb0aaffea17121c761a0744b470
SHA512 63ad2601fb629e74cf60d980cec292b6e8349615996651b7c7f68991cdae5f89b28c11adb77720d7dbbd7700e55fdd5330a84b4a146386cf0c0418a8d61a8a71

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\select.pyd

MD5 7a442bbcc4b7aa02c762321f39487ba9
SHA1 0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83
SHA256 1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad
SHA512 3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_socket.pyd

MD5 f5dd9c5922a362321978c197d3713046
SHA1 4fbc2d3e15f8bb21ecc1bf492f451475204426cd
SHA256 4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626
SHA512 ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8eda3a8ffd58a125ad82a93809d5f553
SHA1 1c99d8c375af35d45ff15ee2078a31e5744b775b
SHA256 8dd4e1b54064f9c7965c1add659ec73d1d906008968bdc6d32462d797f4a0433
SHA512 dd29baf9e15a781756d5d4d10bc767c4dbd1f3d1ffc7d9baf995a3410f6daa8b6a9e2ae9253454f3b5341633abeea28c7b96dc13d7749444b01859ad9429917e

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 70cc35c7fb88d650902e7a5611219931
SHA1 85a28c8f49e36583a2fa9969e616ec85da1345b8
SHA256 7eca199201273f0bcff1e26778cb535e69c74a69064e7759ff8dad86954d42b1
SHA512 3906ddb96b4b1b68b8c2acc940a62c856e8c3415a1b459f17cf2afc09e05751e0086f8e4e5e0ddd8e45cfb61f811bbe4dd96198db68072b45b6379c88d9ea055

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 f5eadf17eb4eccf51085e6a5c645d619
SHA1 750f69ce8f62ac6b152610be6fd1046f5659762f
SHA256 107adb96165d303358bb1e3a8b346f5d38bfd8ad7bd67e2aea3b0500947fed93
SHA512 8c7b49e62449c932b38c1d29da98c8029bdcea0ede21a72b9f7ee5332dbf99ac23f68c52303531812842023a5de425db05cf903311376d54707c6421c7b54b30

memory/5408-1772-0x0000000000AD0000-0x0000000000B05000-memory.dmp

memory/5408-1773-0x00000000747E0000-0x0000000074A06000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97b9bc9eb83d15e587dbcea8a6249af8
SHA1 931bfc75ecd682b22f356577bdb2c0c312dfe03e
SHA256 a4da45739d1fa1ba93cfae888a992816f3a64f8319ab02b11e03852b9fec94c7
SHA512 5f8707ce54094e3054faaf2f38f2a57cc14aa32d317bb88e38defd54aa5992d5bbcc5afecc712932a0cbf6c1452e78dd12f4748fd1ef7f1914b4ec4de4a6b4ba

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe

MD5 c2f035293e07aaa688bc9457e695f0f9
SHA1 c5531aa40349601a23b01f8f24f4162958b7ab72
SHA256 704df2272e51fce395c576e4090270e0db7c7562f5b59779d36ca0563505cc91
SHA512 70228567ef097bee2b3e04a5300437adb3615d4217d3a2d08fbef364afbb54e43ffb5dd0e5f3931737d648f56f912ebe35121cc8421354d8c2292fe48f5efc51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_plnkr.co_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a53925c0c103242c613c9603b1689b6
SHA1 f62bd33942cda02307b843af3eebc7c78878c80d
SHA256 a01f2c9d8fef982bd25c2e434183692d5f79732544bd5212c0278db804059357
SHA512 6a117d6b5dd40ec8d13c2a932e17ca78f7f69ab399d89a0649e80ddb65c5fb7b1ccedf1f89b193ee0373f4eb06923ac1a26eadc3872551b893cfee40ccb1a656

memory/5408-2248-0x00000000747E0000-0x0000000074A06000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb13bc1e82e0ba8508b820344038def0
SHA1 13f8a86307e82fa6e8fec82e4afbbd2ed646e515
SHA256 454e9aca927b70289df5a5b9118daaab167610f68f7a732edf3eb62090443039
SHA512 2c8f245260d58d7e87be223fe04ff285f4d26910efb080f585e53606dd753febc06a24feece6c118c4dee7663d3294c1caf60c60246a916282bb106499c13638

memory/5408-2285-0x0000000000AD0000-0x0000000000B05000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 50e18b3391872171bfa8ea586c3edba9
SHA1 843eccaf4bfacb1d01ec78cec0ac7f8c20cf5e75
SHA256 e6e43d0efc5e6bf140bbc567768d40d6ba4810cd6bb35426414e6977b723c3dc
SHA512 bbdaeecf14c2bb96c6757107e510393086b2ac9e9f108bc7bcd4068c8cc521dd7e523f68f4a4334e1d9d1d54e75324496901995e31a50d7ee0a23f5e22ad6d13

C:\Users\Admin\Downloads\x

MD5 20e335859ff991575cf1ddf538e5817c
SHA1 1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee
SHA256 88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf
SHA512 012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

C:\Users\Admin\Downloads\z.zip

MD5 d2ea024b943caa1361833885b832d20b
SHA1 1e17c27a3260862645bdaff5cf82c44172d4df9a
SHA256 39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76
SHA512 7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 db2656b672846f689c00438d029d58b6
SHA1 43b8d5085f31085a3a1e0c9d703861831dd507ce
SHA256 aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763
SHA512 4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 5569de99ab1fabb4a341f6491b8ae9cf
SHA1 01bd34e042fe11149a50d8a5772c7f55bb20d59c
SHA256 cdfa951fea7ca30043fb919904f7ba8af0757d017b03ae48ccddae4d1d9e6417
SHA512 d16c027aee5e5e0a2009c8e1227bf2a708083217e575cb5ad9b53bb3e1414d95f6ee266294d6bce9ff7b97b84469bfc9b10d7309399fe17d74d56094045efc21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 df4ef1fa06bc34706b3b8245d4831d54
SHA1 ba8f9d4b813ee160a56e162c36d29c1bc2a3bef1
SHA256 4a34fd6dd56215d4c81be8f211ba69410018d336605334cb190886e4b6adebcc
SHA512 b6b436366a3305228cd3ef912731ee4a6481db7cd43595f5217c2ab91b1a7c19168bf45e8ce8f4943ab3b393240b9c507073d4b7492016689ef0c1735700ea9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 2dfda5e914fd68531522fb7f4a9332a6
SHA1 48a850d0e9a3822a980155595e5aa548246d0776
SHA256 6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c
SHA512 d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 7969b7f69e3cac8ce60468ea1b75595f
SHA1 f1126bba2a7a8a591e9a2e44e39c3b2854765127
SHA256 d3cb0f15531ad90c7c02cf445cd1c6678cf90d917078bd2c183c557869fc7a0f
SHA512 9fc69243ef4074bc00453b4448ad39c960cbc964ec43924d767c48abb558c1033aa75e770f07e470e550d7cf1d694d60d3b10c7d197e763eb6a3d404ae62fd41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 b8103746b4757c6332fe545f11de8f70
SHA1 588965d6333eb015af39c7f44ce71dfac67fb0f7
SHA256 4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd
SHA512 c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 bfda78672fa2098a6c4266a33e799f69
SHA1 7a51f4a9980e6f9d5a484d12fa3e35baddc753e9
SHA256 bdfc29cd8b54192ada7194936da17428629bb5925e31a2846682571bebe402b6
SHA512 7d01483a7da3941afcd7b1566c868018ac80927209269e98a6dab0078c1a14c0a380402efdd5b257e0a37ca6b45f68817dc774cbb32b5e7ba5f3cdefc2bc72d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 92e42e747b8ca4fc0482f2d337598e72
SHA1 671d883f0ea3ead2f8951dc915dacea6ec7b7feb
SHA256 18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733
SHA512 d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 057d50611dc6da29ea09acf98b39fd50
SHA1 8a4e4078a370de6863dd5d306bee57b3991987d6
SHA256 67ccab355ce3aa4cbd201df34c15356b4d8f003b60d1f5fec6562dcb61da5c4d
SHA512 a2c9b21122040d7de0bd2716f739faf24f81214bbb5bd01a1a2bc150039936d1193382cef256176f62eb9345b61df712491d75b1fd01f4c54ad60b1f39f645f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 ec0963f084571ccba8609e51d71bf6ec
SHA1 b4a93e1b2e235488747b17c212ae14e5551c2db9
SHA256 39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3
SHA512 88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 83bb1750070e745b75b98fc47e4ef2aa
SHA1 82b8842f5ec513da92868cd4c83350a9be084760
SHA256 56e6bbebad2d669437b7c2e18009ef193adfe7d83f33253ac91abebb37efa6a5
SHA512 add8d6f985038245f513e938a381a399a8a67b30cbf7e24042a0be5d99d47fcd7454daa476a549fee0df048c0d738ca70768f65539bb2381d4608724b34ef866

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 89ee4d8818e8a732f16be7086b4bf894
SHA1 2cc00669ddc0f4e33c95a926089cea5c1f7b9371
SHA256 f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82
SHA512 89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 fa2d7364a6cdbe8144bfc6add239bfe7
SHA1 2b37b884e7235429a2b4d675cf1d4975f9081d4c
SHA256 3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5
SHA512 5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 b65b06c397db836876d34dcdfcf40f28
SHA1 9bbfb4938e4ec5006dad600a02870dc1863b842f
SHA256 9ff83aacf31b10f685dc666cc48a92e1772db19542d1b570e760fcc18d492896
SHA512 5ac1cafeb60a6eb07734266a31492e890b6fb9a2d789d87e8dc48f8004ce8b334ed1e5da0763891fa338d80c114bebf7a00c952541e33cd9965b189d1a067936

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 dde035d148d344c412bd7ba8016cf9c6
SHA1 fb923138d1cde1f7876d03ca9d30d1accbcf6f34
SHA256 bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9
SHA512 87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 dc491f2e34e1eb5974c0781d49b8cbaf
SHA1 b73ca9b5f9c627d49da4ecbc3455192e4b305a3f
SHA256 f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8
SHA512 5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 21ace0d31858ac97b17b2e0959f3d7a3
SHA1 87702e17160c0fc6221e117e6e46a43acb254efc
SHA256 c294235f4ac229e5bcbdfe700726499131bbaf8d41a54290e9c49ecb5700c018
SHA512 e8374e9a80448653acfec041deb4b0102703afee22b811d7e111f3ba931701132fbdc5e36e3de4348be4f27600f9ee8bdab183d95b5279ce55f5392cc57f678c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 858b5e31c540cde89b437f44523280a5
SHA1 85793237f53aee30933ca8cf19e54e0685bdf1b3
SHA256 3365104b4e43acb45844de752fec8ee5a37b3b06ca6791db2ec6a48f76dd2768
SHA512 d7d9c2bbb01b661b24015076275788b68e45dafe97cbcd3dbe9056167ab10bdf3d3aa86a31b360cc26234324e7d2fa3f3708b98e771b395418c31e42825fb7d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 72d7860ca927561121f78b69a4f759d0
SHA1 219383f40305d27d7ae2bd669cc2d0c95ba8b7c0
SHA256 40c7fad6dff0c54d5e45e46110cd451030bae958f4ce7b00e931696dcc2a4fc7
SHA512 87a1f30e6afdf7aaad07ca15bec5ec8f45f5a8f44a743decf7530c3bdb7466ea7d2539db066452d77d8272ce5f31aea4d14484bdd3a7725bdabd3379fd8c3500

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087

MD5 3999309f711dae63b304b5410dbd1cd8
SHA1 6b466f8c4c149bbf6c46e8d56ab755ece4881811
SHA256 6cf3e8c8f3f65995bd939541a3ee03d19ce304124d258ec06fb11286d341b4b6
SHA512 85e653c6ec0debcda59a7ee358d7e4b617b5ec1e5a8f2d7d652e13111f6b85d0d5c402dbe311e95025afff1e5a0dbc076abdcff5e48fd7cc223c30beaec8d186

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cee0ecc22a1bd9276165a087b993f862
SHA1 27a1e2f353deb3d3e9cadc235f6b53e96be13728
SHA256 2a150f32b1ac502106a140b26641c58be6750e5195db86f06bdc6fec515d0876
SHA512 979e8e9309fe6a75da9f8e8ab4c9d931a0481fcf0c7fe0828a57b082f1e5d05989b923302fab802a1258bfdb9509472b376245ecb7472248ab029328657649b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a07bf6e143328b39_0

MD5 d240990a3d7720f79f8ca1d124f4fd6d
SHA1 6afeb327a3f5ada8970a024dd011865f686b843c
SHA256 1c1d68e63a93f8a8bcde5966c9ba2bd3fb75cbf4388ea9fceaa7bae7e47e86df
SHA512 2b9f607bed0f74b3e675731f65ac9cad4ed5ff41a88ea93f1b82071b830243a68adda2de6dd8419122d0e1f6a5eeefd98a4ec84e776875be428827f722ec5d8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d68d595963143fb7_0

MD5 387dcf384890addbd6dcf77bf1dfe11f
SHA1 c695bb3793fe39ebacc3cf7bb8021dbd290b0c99
SHA256 44444d32e1235a57430bd33ab6623eba9e349e9bf3cfd5c619943c9126761322
SHA512 7f967b3df61f4801b2bfe2fa3bdc7339721b46eb76cf29b18a2bffcf27804cffa402f194dc9bb8a9e62d9b429c4bc9dc44c0e5fb3824a3acbfbdcdd9ef48991c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e959e4c29b5d027823f657f4a7b562d2
SHA1 d928192b046a1274fcb8ad62bc70bcdfb995010a
SHA256 8174d6f1e313f2f9bf5771f1d4a7911463016170b0267c95bb669672ae9d163d
SHA512 654fcae7c271491ade3919cec6b46ef6e905ffb21502dabc0e2aca121e61b67d2e12924dcdc7a59e113c11ecdcc265f0e15d2b9dba98157dc8e4f6508689de74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b6c1c0240dedf8dbfbe42ddc9adf7dbb
SHA1 67e09b338e1cd3d87cf500fff0cd358437e6053b
SHA256 9d990a7f913690cc9387ca304bc19e18cc2937c21c7c59e0de0933d847c83ebf
SHA512 397e957b133c4086ddcf2fe98b079e964cd46bc569c35ef7e81b841fd326a5d019b4ffa6fe854a7eb41f71668fb59e0e42336e4888c99a017fbdd516e8d17cac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e6ce5fa17c59696351ad89432773ace
SHA1 19fbfe5ede56c88fe36601451f70559813f19e88
SHA256 cb9720560e2c4c996b4838ac34f1cb3abf22486342125c6ee7d2fc50247475cf
SHA512 014161d4f560b895320cd9da1f965b49d99f67a5355d1d728419e3e24065433d8c074dbc3dac4f78dd1d8f0153f4cabf020390465677781162780bf3dc2da5c6

C:\Users\Admin\Downloads\Malware-1-master.zip

MD5 ef37386fefe6fbbf646805a591add083
SHA1 1abfc73d9a379c796036de72e5f7961b4295bf5e
SHA256 2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c
SHA512 112cccdada7554db108f3fd469e72fc0568aadbcad33b75a2046018827c5542d5fdcb6b454eb7bb0f58a6ea00e65bcd503a807222e1f21cc9a0f087c89453d3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d17571ab4c3c58a1d9085cdda6f48726
SHA1 9e9d722625f5ce205a2910378254ea79ec9a34c2
SHA256 5dc42f986b3fdf4b4a0f656b771037309160a81a73c343654447535020e402f9
SHA512 58ddfb230f6aa22fcb780c08682675e196156b7dd1a6909de719e82bb246f63ebbfdfe7a771b009e38818490472286fd3a5551bb998b08e30fb7c4e3a8442212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 96eeb3f14075eac65c4b7351bab15758
SHA1 3f1b83f97eba00c2e193d2ab27277190f891a809
SHA256 0032204ae1fbe29377be7701ff5a8a300de64ba3ab65b75593f79676ab0603b1
SHA512 096a78882c08b70c015ca651beb3f12a0b6c62618553798af06b9c8a0556aa9171bcc9ac5fb0681281a77b971a11408d68477d837c411dd5f3cbb1c9e1e7c9f9

memory/5564-3017-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5320-3018-0x0000000000340000-0x00000000007CA000-memory.dmp

C:\Users\Admin\Desktop\Malware-1-master\Config.ini

MD5 2db7a58f4892054c7077dab88fd68b86
SHA1 acf198a9160a872bc8633fc9185ad317e69bf2a4
SHA256 01701b302ab45f11729fac64ba33cd7b53abbc94963578d9813a1f5848e75618
SHA512 01926e211445f72f6637f7be04af33339f4acd78b3d2e8f4b6b4e0c28ea6c2662ea0aec976cc8a4f875ab1d12ca20eec7ebf59fe3704f76dc4adac3a0766511c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fbaa9b8408b468b6e6da067a5646d49f
SHA1 d4ce685834ca17336e7188c2a19dff26d9518fd0
SHA256 c6be954fb9499ee22818144dcf1d0ea4f10ba05695cc7f56301a01a299bc99f4
SHA512 d1c1a7c7038c7241438c77eb83d15cc322c636ca7f7b60d342525bf3dc74c3ebbeb6f9325ba01150c2671b3e018743eff037fdf50b98a46b9443977a60b3aa36

memory/1612-3040-0x00007FFA7F4B0000-0x00007FFA7F4B2000-memory.dmp

memory/1612-3041-0x00007FF6E90A0000-0x00007FF6E9718000-memory.dmp

memory/5320-3054-0x0000000000340000-0x00000000007CA000-memory.dmp

memory/5320-3055-0x0000000000340000-0x00000000007CA000-memory.dmp