Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/1184579485820006440/1184593764526850198/Space_Therapy.rar was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Looks up external IP address via web service
Enumerates physical storage devices
Modifies Internet Explorer settings
Uses Volume Shadow Copy WMI provider
Collects information from the system
Detects videocard installed
Enumerates system info in registry
Modifies Internet Explorer Phishing Filter
Enumerates processes with tasklist
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Runs net.exe
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-14 20:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-14 20:00
Reported
2023-12-14 20:06
Platform
win7-20231020-en
Max time kernel
94s
Max time network
367s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 802e5a33c82eda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003d000000900300001d020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E8D83D1-9ABB-11EE-BCAF-CE3FA04DA9C5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1184579485820006440/1184593764526850198/Space_Therapy.rar
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYJJYCDH\Space_Therapy.rar
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6889758,0x7fef6889768,0x7fef6889778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1384 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1404 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1124 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=728 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1404 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4032 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3920 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4048 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-624.exe
"C:\Users\Admin\Downloads\winrar-x64-624.exe"
C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2280 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2472 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3932 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2588 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:8
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Space_Therapy.rar"
C:\Users\Admin\AppData\Local\Temp\Rar$EXa1928.28939\SPACE THERAPY.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXa1928.28939\SPACE THERAPY.exe"
C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe
"C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe
"C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1112,18239928921288873851,520568054089888289,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe
"C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1652 --field-trial-handle=1112,18239928921288873851,520568054089888289,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe
"C:\Users\Admin\AppData\Local\Temp\2ZV8qTccaxe5FRqKDrx6hfAf1JZ\SPACE THERAPY.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1188 --field-trial-handle=1112,18239928921288873851,520568054089888289,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4008 --field-trial-handle=1228,i,3563084629281723391,887865787067501908,131072 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| FR | 216.58.201.110:443 | consent.google.com | tcp |
| FR | 216.58.201.110:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 216.58.212.193:443 | lh5.googleusercontent.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | notifier.win-rar.com | udp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IN | 142.250.183.131:443 | id.google.com | tcp |
| IN | 142.250.183.131:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab473E.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar488E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f1d4438c3a09fd8c622e519421acd8 |
| SHA1 | 8a70d20ba67b89327a6420d327d982480ce94e62 |
| SHA256 | 4a302a5599bb6f398132a5446e57ef3641b77415adc817bee43527e0f1fff0fc |
| SHA512 | 6eabe6535f48edfb8ae13bcd79d315cb52d147a3c8b976d574b87ed8033634143bcbcdf4c8ac63730939e1cd8fcfff104fb20a2bc1e12aebeda680a22a204e54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3ae267bb92cf4b70111a75e1392be3c |
| SHA1 | f4770e8c2100f51475ab5fce643f1f7ad01b0a70 |
| SHA256 | df9ef354c0aae4171faeca7c1a0fac1d12cac3ba0867e47180d4396f4be42691 |
| SHA512 | be579d1226f8bc7b145a4b1ae0b550f2475603cb0765a4021d44dbae10cce1b2a04d5a934c03db8748b0cdcd0d1257b534eee559151dc23fc750f293210a4002 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYJJYCDH\Space_Therapy.rar.6c4hl17.partial
| MD5 | fdca73fc34ace1520969c68369c82aba |
| SHA1 | 0b2fad2c5822eaf82c9156d7fa5292a8c679ffbb |
| SHA256 | 444bebf4cba55ecffc76a5445c4af4368ac6156be4e5ad2a4e27c7d07cba67a0 |
| SHA512 | 9ab6ea425541a99330896aae8d60a4fb150b4dac5b8f908265eee46c3aeaff1bb5e5bc6842fcf187385634c8e89391ba5fff6e67ae246747764a2df89a0b4cee |
\??\pipe\crashpad_1656_ILMFDJALQSZVPHOE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1e38aea903c6cfb4bd2785ae23f49e9 |
| SHA1 | 7cb938baa8853bf65207472aaba96a3c66718a3e |
| SHA256 | cf477378e7c8d86591f53bdd22552b5ba832c21903d73f18c3aea35d3e874073 |
| SHA512 | 6af428466553910e92c0a273b86e6404a08f19237b1dbc106ac4b210a2a89fd2e141b301a59c0fa62a7fe51371c11c44b46d8c72968f4d264a9ef5235419d7a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bca9e975bbe2fc913c79f4e4d45b10fd |
| SHA1 | f7a58cbc13c55114a701120e6c108cd3bbbdc168 |
| SHA256 | 665d7f076b8a0946ef119bbb7819b34140fc583d5a7a2c22baefec4b455972a2 |
| SHA512 | d1a117bfe9a8f314e8ea975cf4c8e45c36929ace00c1c6121db1b00beb025c535b31ba26cc34aa74f6178030ab004b760da7a199f1ad88330d0db148c54e213d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9ce4daf1bb05da5047a81a0552004f7d |
| SHA1 | b79bd60395d2b1a3511bc0d6dd978f80a413b3ac |
| SHA256 | 885f9d22110571b8c1846038c0700194b94c28226ba47b21530089c316082fb6 |
| SHA512 | 2d66fbaaf9b113358b370739a51dedc5565ce2e4a183150d10dba0eeeee78b6f6c8b63c3db9537dd64b8f9711ae74321451e941bc5ab02bcf150650bdece3b7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 544567174657eb469ab367595a98d645 |
| SHA1 | 0fdb94b0cdfd654f053949a46b719ebf9bd61c51 |
| SHA256 | 73bda86505e009d4b8fef413716a0d24f34a06e4e6294fdcd4dd842d404ca1af |
| SHA512 | 7ad428c39840cab69015fb5459b3305efadf3b540bb74027b5d29fbc1850c4cc6b248fc74e053cb6fbdfd471eb56f69c22dfb03a7f9d54a59075932f84c1c209 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d8bf655b6bd6286ac10c45eab8a4448 |
| SHA1 | 6de0363bcf6497a265ea63b6e745e8353aedfab7 |
| SHA256 | d997f3db52fe6e7407afda4c2d4466eac556e1276dfe968619642491963a38e0 |
| SHA512 | 19e225aef1f417af6d44292f27f2fe8152eb6b6b4a0ec017b7ffc605b03a891b511246e23ce7a026966e3441487383a0ae3a843a9fef03938d941a0f50230b6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13be469968c7863c78acd7be8af7523a |
| SHA1 | 81483c41abcc26b2509e2fc8c11ae67e60f0d9e0 |
| SHA256 | a41dfac0560f2df50aedd710e3eac3ee4edc23c2be4bad7e3ea11cabdb4ddbfb |
| SHA512 | a3bd5d22bb46cb4a5205e5e617f157d5b5123f1ad24556ead94dd073348dc2f02dc9146202811d85f3956118c54232339cf1fb2e9a947bdee81a0b3ab8c2c63e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a20d35160511fd7eba61a2ae511d99b |
| SHA1 | 8125b58074f16d659abfc405227ffa78f0af251f |
| SHA256 | 8f61f354fac9d38711a51373be5f6fc8767f77fdbc06e56d5559c6345324818f |
| SHA512 | d92bd9aa0dca25293e2bedbb90d7332bccdf459ca2d8dd153de5f097d9968effc3796957f064a6dc2db7e00c70258563b7345300a32a93d31c70b2cbd167bd22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 783a2c3b9b2e4103eaeb9e492fdd443e |
| SHA1 | e1b2176b829b80e815442cb4c173b0f39eddbf7d |
| SHA256 | 1f0bdceb58838374734d9f1e3e38214c8e3292be586e2e8d776b758003095d73 |
| SHA512 | 66b7f778d2cc2322097c7969444dc5dc1caa5978827de42d6f0a3aecf02bafd4c623e9da850f9a4fa59b86c3470e1cba9896f2d35980ef0f5549ef9e9d232101 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00d37d76cab1a137255c840cf8c234cb |
| SHA1 | fa541b2b8ef69deffbfa9d8ba96e63c88f360e91 |
| SHA256 | 7061dbc13c8dd941bf18d51273cc2f50b37629201c618a7639b76d95d02fe4fc |
| SHA512 | 9fd0d23acf9c10d293ceb4b0dff8c80f677e4556ce0b840d92012040ac88f07a3af8aea1030a50e8197645e1c087fc9ace78c859e67913e864668f208101dc9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0bb19a39-6b7b-489c-8cb0-95526f131b5c.tmp
| MD5 | 3b4c3426fc4b4ee81fe9fb83c988f455 |
| SHA1 | 3513d8d2d3442bf2803a4252507767ef74c0063f |
| SHA256 | b28473d80bb9367d209c28b48fd09ee76018baa9689408295715031c9b0044c7 |
| SHA512 | 3a09d6d596089dd057510707207926d693d30c956bd4e95c314bf41ab58eae0bfad1ca94480dfb4e42679ea8f42727972f202e64c96be0521c7f4468fd375ec5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 96694fb8dd8542d705ba9367c5b6a409 |
| SHA1 | 6d159e48f03c33cfa135cc51b9d43cb24ad8b15b |
| SHA256 | a734fc907afc0aeaebee6c19bec058ea6936a1d3a427225afb268972908e317f |
| SHA512 | d6e58bc14254401cb37231f4ff19e142d0b6f33a388c4bf8f45652c6a051fe6758595473a2d2c8c5887d4206852f78b5102bffc5d0ea6ff1dc2af21d85f232d5 |
C:\Users\Admin\Downloads\Unconfirmed 406084.crdownload
| MD5 | 15596b41dba42cdcce4f677fbbc86b6e |
| SHA1 | 1ed1e69e72028150f8562bff5ca1dd745874329a |
| SHA256 | 377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79 |
| SHA512 | d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2 |
C:\Users\Admin\Downloads\winrar-x64-624.exe
| MD5 | 080f3817a65d88724fa24e86e1612a33 |
| SHA1 | 9725b17121c5927c80b3b1a72123d9b61b341fde |
| SHA256 | 827d213e49cd432bc0ec656bcf01ed0fc92fc56d136f4ba04205839fad18176b |
| SHA512 | 0f3141956668ecb67b2def9d35725c92c29e12af3473198c9769f54383adc853f429e6f40a329e62bae1f65402c63fb5dc100e008784f45fc61e4822f7b72ab2 |
\Users\Admin\Downloads\winrar-x64-624.exe
| MD5 | 219121947fac98816789938b4a3c9f7c |
| SHA1 | 1b8d3251efd4e2683b3cb05c6691be34340da7b4 |
| SHA256 | 0b493515a7c360d9cd1d1ba5af4f5c94425271495818b90248acf072079a7304 |
| SHA512 | 7fe67a9a8c584937e00ef9c457a2789822e808d9727d7831d8bb01983f7abcc74df38d0d02f908cf6fc28fc722b0b5be395ac71d546d2d5d83e7944d8e49d44f |
C:\Users\Admin\Downloads\winrar-x64-624.exe
| MD5 | 6c13218beb950ff89d69de2d8ec3c4fc |
| SHA1 | 29ff350577da269524e45399f12f46abf90091a5 |
| SHA256 | 6bbafbcfa7c4bd2a2313318704a7fcec28785292d7dec53386d2f935af771a82 |
| SHA512 | 1b09ba5cd0513c956d342469d5469bd020275f377fc67299d16b89f7f91179f42cc11844822ebe5f3f0ed0ef5a7f9f9a9726e59121f1a762b0edd01fa2ea11af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2139a56f88b0f9527deef6f486caa04a |
| SHA1 | 0a15761a63c5e1a6c9589b8c499d557b79f3d5aa |
| SHA256 | 59bca3b6b8fa02c3a37591ea50421305d3b7af30a06038932397bd66ce004df6 |
| SHA512 | 3789905be6e829485443ad36f26decbd2bf8c7c069423d0bc57fca71fd55d95bcaa91c0bf28812be4bf51c0d0f40682c1d05a8ed14437013770d49f940184d24 |
\Program Files\WinRAR\Uninstall.exe
| MD5 | 8e1a194cdb986b277e44afbf419d0bd7 |
| SHA1 | c6a46bfb7e829fc710fbe668900a80efdff9c36e |
| SHA256 | fd934c3b663679041b82c12d60b14c51060d8d04742612ed5f9cfa82cccf1d37 |
| SHA512 | 3e64edeed5e50927e1c758e9788be5778af2ad3c52ee1cebf19dd020fe2378f2bf375f0a65bc87c3ffb4c3dc13133b4f9cd3f7d627310011e1325c1073634fa1 |
C:\Program Files\WinRAR\WinRAR.exe
| MD5 | 37a5c2406fc879697f78718e672cd25a |
| SHA1 | 9944f7b3477fac923e23785f71c2b8b698fa3a58 |
| SHA256 | 650ce2439670a9c962c4d50af43b2dc2b7dce3d1fd369f85b7ecb822fdcdfaf1 |
| SHA512 | 105ea94fe546a0977c300b663bb7c0e789076c0534280d8a73e1cef7e539a270d20af9e7be46bf00d373129acf508f647d6f4011d7520895fe8a3202262e39c6 |
\Program Files\WinRAR\WinRAR.exe
| MD5 | 928b05a72bdc940c450f059902691501 |
| SHA1 | 7931b85054c29be4cc3c9250a5dc4a821a446040 |
| SHA256 | 0d068a6aa2df88613e1c5c7ba412a5a5bc3cadc3f3ab4b76d10035ba8eec27bf |
| SHA512 | de47b4f9065bec41671f17f0fdd33d324e9204f323fea863774952ceaa05f17106c46ddc118c15a2fdb75d1313b6cc91b430357fa3a11d13355869507d075788 |
C:\Program Files\WinRAR\WhatsNew.txt
| MD5 | c78a76e698514a835452de89025b7778 |
| SHA1 | 091869306172f2b6fab1cd47ed2d4bbf1527321c |
| SHA256 | bf30a7d667b61a90bc00908317d96599386c841759540bdb74ca249e28ec8624 |
| SHA512 | 8696a6c11534b588a6feda356d2f9d9ee92547fb95e899490b3f355d08fecae73fc494a7817d5ad29924c7e9e61072a963aa6e59d3724145ecd3bfdd26495f9e |
C:\Program Files\WinRAR\Rar.txt
| MD5 | b689a0cb8c288849febffafc2144576b |
| SHA1 | 4cba85fa8ac528c3ac0af6356cdb912a0ae4199b |
| SHA256 | 59334a8ffff612755a64a912389bc23fbc35933cf209f845bde34f055011b8a6 |
| SHA512 | 63e3dcae9a5a7373b7f5fdd661ae624a27e8f72ca86cb1be91533575ae115cf874bc0785350f00e919694b36b4745e6fa581252ec0d8a9ba2a99cef20e26b247 |
C:\Program Files\WinRAR\WinRAR.chm
| MD5 | 6bd7d6deb6aa6c798e6e011b7eee9838 |
| SHA1 | 6766b040128e1a364e8f9f877b6ed18f37b878ce |
| SHA256 | 9d96fddee6df94a3b6bfa731e962d31fedd4d8123aaf29c231b06f0cc10a2b2d |
| SHA512 | 8e422346cf91d4757310919a6abe67ccff60dc84ef572d76fd8863bd2201dbc1c27377c382b4bdbc71c2a2f866eb1604f01fcb0d979594c22c43cd2db8877342 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | aebc36a4430cf5926895bd1af6594edc |
| SHA1 | ae011f1df4a04f3beb243753fa5f6c2c8067912e |
| SHA256 | 5bd4aceef16ee1e15e22f9c5344ef5ca27a8cf2fa1da783cfa639372c2e808c9 |
| SHA512 | c30eb42d0189e49af768991e990c23ce1c2b9e58cee99772b34a75ac4af412db079b6a028507458d3d6909cfe8f6dfb8d5fd256ced12bafeb55c1c80b0ca4f45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9ce645cb-7d2f-40e7-9cc5-d64dc3fcd38a.tmp
| MD5 | 782ae2a8da9fbd9010d30d904fcf0cbc |
| SHA1 | e203e674ee0a88e8c4ebc39804f4b765cb12e5d6 |
| SHA256 | d4b208daa44d51b7ffcb37c168a3b8af27f8e1ce3490560c9ae73f42c13d7abe |
| SHA512 | 2c10b27963a311f091ff2df0c7504947aff17db2144473ed605fa51c8c8bb407fd6b78e217eb0d796deeef7c390c7fb75d5c1dd25d83061e17da5a3b0d279baf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c94277d3f694a25feead549c426785d5 |
| SHA1 | ed81e500f1fc3f26afc54062607a42ff246b0370 |
| SHA256 | 717ab23292fda43e5e9009ef87fe3f9a00bcd527f851ca8fa7a82edd179de93e |
| SHA512 | 47ab776bb547e87d8be1bf51285585b6e7075ae9c481c3b3f3da20439e68028478070a5caea0a0f6931b61096bbafa5caf57a057a41e40ec15638e0dfda4df50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | 5f33c54d1567cfe59cc1789385dcfeb4 |
| SHA1 | 120a1d9857311c99c7ab1053940b8e7c8a0fcb60 |
| SHA256 | 0a4e2dd8c0b21223834c0aaa9afef563aed7c7be71d506de1ba23cfdcca2569d |
| SHA512 | 7804c1db49b8d219f89d2b6b6438d43e1b6adf70eb74e23ccb04cbd2a77caf2be06568195fd22cc356d2f6cc04f7126aaf578c7153a4916b76e122af150c7941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | dfcba188cfdc95a3ee228196d8190d66 |
| SHA1 | d874464de0d82bfc50733443794de3d971dba1f3 |
| SHA256 | ef9071218913c67c0c951a677870e7af4e2b8c46a55883bed3836959cd0bd1ff |
| SHA512 | e26aeb9e76ec3edb69feb452f8aaa8b26cab6fd6b6e5fb27115b7f2f8072105f4c9b6c56158bfdb151df810ff6c8cc39b5c3ba0e29334b3feb34065b64296ee2 |
C:\Users\Admin\Downloads\90a0016c-5df7-4363-82e4-446f8fd688bc.tmp
| MD5 | 5fcfb6ea981ce3adda3513301020c86e |
| SHA1 | aaa388c122f60a3bcd1d1d89c26569bf50383ac0 |
| SHA256 | 27213247197278b9de1a9a064d9a6fe53b5d399a500342c93c3de8bebbc219b3 |
| SHA512 | 1f5fccc2c73cb45cd2b77925c8683f7e398ad79417b8d479e7dc116693218008a7d7b916d1ed8576f24689f5402ecb58ff9e95281d683eec32eec992f33c91f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 929729aa7cff46b3dad2f748a57af24c |
| SHA1 | 81aa5db7dd63c79e23ccd23bf2520ab994295f2e |
| SHA256 | 3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f |
| SHA512 | a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a1f89a1408782c0de6846f6b9501164c |
| SHA1 | dbf1d421cd6d28a7b8f123371b1904e6a93d5da0 |
| SHA256 | 4c4c3f2d07fda6a6c028a94da698d00b9bf23c37b4c1f47d2e5e23673477db69 |
| SHA512 | 642a3c5d2db113adec94b066fe972540ab4f2745b9956c385ede8674265bcaf756d3b35bb73374b91c9969e84d2d88ef59064e9fcdf524d11ead5c6deb575201 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 60a74957c0ada03d61cf8e8f8a2f1d50 |
| SHA1 | 4466dfea1ed8b972e5abeb44ed2daf3610b9d4cc |
| SHA256 | 6ceb9a4994f4e0c2531b573ed3064256d37391212fe4441277b471e6a3ba530d |
| SHA512 | a7547287a645750de326cbc9e1ad1ef7423816097836e6193ca36d7410c5718ab38d74beaab3c61794134e91bb0ae40844158a9536c879601b27afc69f6ad6f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9cf95eda38cfedb1ed1f378afbea1fd0 |
| SHA1 | 4d2f4fe57b50d9b3e86b1aa2408826e4073290f5 |
| SHA256 | 1551aef2fba2c692448f7cccddc91c9eabd27050d6d4e696a8de33d7a9e9477a |
| SHA512 | 6dfdfdb99f09d33f1df3852cf7647d85a41b11c913d8faec402435b42f6c68f0aabeb5b5a2de8df3a1bd0708cb5e8e5e2ba874db463415625fa7a59fcfc3790d |
C:\Program Files\WinRAR\WinRAR.exe
| MD5 | 1fb15570b7012593a38f41e8b181ed3f |
| SHA1 | c655703089b74cf76e46b5c5c2651b86168505c8 |
| SHA256 | f054e03f602c903442aabd7c4b5a8cc7db78f5217f952f89a8cf9f57c246925e |
| SHA512 | 39283652962855699e463293548efceb272dd0b3c818233f28e3963af70af0a043bb24fab803719297a15707ab7c4506761cdcd9575270ee5022397bb58d39f5 |
\Program Files\WinRAR\WinRAR.exe
| MD5 | 0f23151978ae276cf015d179dc0a3a21 |
| SHA1 | 09c8f155a3cc3e930f8d27e592940029a3a271a3 |
| SHA256 | 52a092f1285da403535fc9bbdb20a6b7d7400f9dc5f2c86e62056c2bcac18f4c |
| SHA512 | 7f441b2e5b7c7d29e3ee38a12eef609de4aed68a9d8e771ae220a926562ac9e3605033224f65c1ee9190f4f70a2a455f744b1bdf46abff8058e2ea634a2d7a94 |
C:\Users\Admin\Downloads\Space_Therapy.rar
| MD5 | 906019f88922965ed7e19183523e59c5 |
| SHA1 | 6e3bec0c0db8e7d0b4e0c6f71939413a16e060c5 |
| SHA256 | a35de6dd5ec7d03e1585bbe213ab5a0641bfec925eb59f399dba3bbc692cbc31 |
| SHA512 | d587db309323e7222ca5f7b394c9a7337ae3180997ea06ddc8777bbb983f7f7bd8b4b85ff465e65502d46dca7d05d55ea69ed7284971f841bac49ca7956d24d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 917ce435d9592b224243be1cd984162f |
| SHA1 | 378eb98fc34eee79ce744ce64919860e81e0ad90 |
| SHA256 | b3edd850a903d03fd083d821b4c92d84e197874f57cb19fd46522eee5e2faddb |
| SHA512 | d8baa7d1fed2a650b64b2247c24c480db3af5ad030a15715f8a4c2964a6c83bd1624624ca2a17dbd56b15227bac3573d57710e4550f9f60bdbae6332f56c5b4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d2d47b23bb4e4aedb98e0f5cfb49e71 |
| SHA1 | 7cbe392c78018acee93479fc8af3d4a948f6bc24 |
| SHA256 | f9d566a5db92ff9614b910f890ac53b82251a3e9aa62d59aea8356476d79dd25 |
| SHA512 | e8522c6bd9ebbfcf610882f8a2d83106e23c477c5ec89052db35c966ac7997f3dacc06af49c47a1c5a6b0f1c6b1957161202d044d178939536e9fd0c268eca9e |
C:\Users\Admin\AppData\Local\Temp\Rar$EXa1928.28939\SPACE THERAPY.exe
| MD5 | faa95ce854b6f1fb73ab26bc6f81dd27 |
| SHA1 | 49823cd7c2458c87324625d61e004727556bbde9 |
| SHA256 | 50383c0bc4867af3c311208281d28e570b6a19061d4e08fd46d42f9a69b0c813 |
| SHA512 | 020ac1d9e745d87c7afabb6d7df2ad097bcfa6d8ac3091a3ee8023f4c72bb0fddfda934fab6b845e1bb1c5c5f43d0488b01c0828b51490acfd4fac95232abd84 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXa1928.28939\SPACE THERAPY.exe
| MD5 | ba22b984901b9838389042cc5d428f33 |
| SHA1 | f17b5c0fcf1a34987bc0c04a5fca9471d0502617 |
| SHA256 | a5310909b0a74e119f9c52f4c96316dd47c5b6357b88ebc07b0798261e084092 |
| SHA512 | 67d5ec1f2d2baddc7d0dd3474741fb3acce7eb78882ff4653a4a28dd65eb6b3fcd04bfb581000b61a5a6628a05f5e1ddb02504885d3facfd1255d22f28a959c5 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXa1928.28939\SPACE THERAPY.exe
| MD5 | 5b4fbba188cf254c724b6d66f8e4c51e |
| SHA1 | d32fb0e6e3948da67342e9e3c1fd9bb132c01707 |
| SHA256 | 5f97163c5124821b98477edf0ed3c4a6f62d7de9d91ff731954f5d9e8fc0536a |
| SHA512 | e3589a82f648f67ca36be974c844d93453e98d88748ac38dc60cac99e844284cbb4ec4bef259773f4a3bd78706da54a928042a12be4c186c03d2bba6e3835538 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\46a73a13-af6b-44c5-9740-36ba211fcedb.tmp
| MD5 | bf409df783aada15c915f9883928d6fd |
| SHA1 | ac187769c6a775ae05911b3e6ce6368cbe588db0 |
| SHA256 | bff6b395e969c02a86c2a5f732b84918140b239dedbbf508b83a1f6d942b085d |
| SHA512 | aa8beda7ac2c77c1f0b212c7c89b019b00d5a9d7255ad2c2c50f4cc6b67b0d282b943125f9d4910e026d0e8bd73c7a6a4ddf43fae995d172a2098b8d4eb56609 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources.pak
| MD5 | 57e425dcd94bf500fb4e1e0dc63709b6 |
| SHA1 | d462c1b9294f5d0ee52dd6410ed57cfcbd4fb977 |
| SHA256 | 3ba4302d1df7546577b927a329d561f53f64bcea4567c701ed8412bef5f5eeaa |
| SHA512 | 23c34c3d50cce940232505f65ea64e54dcabcdde016cf3503d8bf59fb961732c04c20c0501759ac087527777eb5eec5e372268a95c92b40a7f9da1cf1c0c73aa |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\LICENSES.chromium.html
| MD5 | 5e647f894667aa80b9dfe51426bb5176 |
| SHA1 | aeaa7fcc4c4b598c36a7f211e4f504e833e1e3ed |
| SHA256 | a1d74ca8a7380b81186f5faf4aeec2eb585af883d42854158fba0924f2946d2b |
| SHA512 | bac5b9860e3096c2d09527ebbb97a5a3b11a4787e824c89751f602fe6082252cadf6121461850505ff71132998ed009ba33d3de8110592b89f95c34c1b2fdf9a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\snapshot_blob.bin
| MD5 | 58f2611632bbf49737d045ee3a76192a |
| SHA1 | 4eef5aff2617613c0a94ef0120eda8d2339c09e7 |
| SHA256 | 6c30c3523a4739af8d141597935b47d9fc617ae50fe7a547ba5c36e405eba27c |
| SHA512 | e5d9b494d401a28727c5552d3c328174616c421aca947d913f4f734ab4fb92558bc75b4708598668a0a920bc44a2430c4224170e10ad577fe21fe824c67fdcd9 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\libGLESv2.dll
| MD5 | dce4bd194d5d4f9d8f64c375516adad5 |
| SHA1 | d2e31afdfe8461c1290c8fabe77d83c43cc24226 |
| SHA256 | 54c9684b18a14815f215652ee1169be078552b04208519a5a564ce83246ab64d |
| SHA512 | 7e28a4d23580057547ce94bc6c2b769ef64cec49f2eddd9d7f71c7464325d8a9fe06f6d2a784212ef3bddcdf51fb6fa763524bdf012769db09e97e404fa8e9b7 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 5d94130579cabff7d30d483f12b166d1 |
| SHA1 | ffc10a0788c5e70240f866b6f2971fe46b8e0bd7 |
| SHA256 | 775b2f9622fad904ac5e9f2e1b2d0fa86e80536237a45a7bef7a96c2136201d8 |
| SHA512 | d265e4abde8090494b638869c058a29e306a9a2411de022245e3b8a8bd2b6fc35d0e620b927ed1e22736a493e638237a3764e2d83063a13e2d2cd6ea1eb3e309 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\SPACE THERAPY.exe
| MD5 | ed043d1714a4d6c6b0459c1fb1804e62 |
| SHA1 | 7a56d1c82e8e51f7b3abd45cef746b62ab81e3fa |
| SHA256 | 89b280a5699b774d1f825938abf4239bbd9f486ca9c64981e6bd415f83c67626 |
| SHA512 | 9458876948f5421af7240af2a97e32393619147de2f0d3b51c704a05f6282a369e69a489857b66a9144cefac235ab2d66c97dac35905b4e0731d1fff7fb03c45 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\icudtl.dat
| MD5 | 0ef1cc15dca6dad8060d1ab8e769d7ce |
| SHA1 | 023b69c7a0457203098185f7df88dedb03565726 |
| SHA256 | a21d935b308df43507306445556b806493e2959658fd615e45ac1fd5dd661df9 |
| SHA512 | ff999492c9516d79a3ae204caa2f150a9d5064c528cf750f1349cfc2c8537587e5a256cfc6929cb7dc9959185265586109214f3af0e3f4cf91916521848b47b3 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\ffmpeg.dll
| MD5 | 18187657d8b6e020f1d15ce2c2688030 |
| SHA1 | 0cace7f756c1c6e9647b740a338ed467b1d1bef2 |
| SHA256 | d065e8e34f60c4939ec0c7b929682289027155aa1d2916c63175a4453f4c220c |
| SHA512 | ac9c2cd82c913840f8fc966a3eb01fb6a7a43ea43959ffa7923c73256d7ae5cb388878c74af7a04738b9afd72bffbf1f8c894213127ba1a82ea8c42306b053ba |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 46598a097badc1ee8518a359ccd01c79 |
| SHA1 | 79cac587e2f3ac74def355253ae2162c0f92fa45 |
| SHA256 | 9946dd77f45b02bc8d6561fda17a977bc4873256ee827153f0895601e51fc599 |
| SHA512 | f371d7fc3f5c71b4a6e74d9e07822b9127e74723e182e842dd94c5282b4c8f539e3ba19e5027aec2dc22e89c1c1b3a8e4a9770e72b364e87b3d969a457df5312 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources\app.asar
| MD5 | 988b676a332cca056266cf0d3922d17e |
| SHA1 | 65ebba2ac41dbcdf44644f56519226a93c76e4ad |
| SHA256 | 82b531dd694d17c14a680b480a6ec8dfde44fdf43af66837e9ac39ca9236b347 |
| SHA512 | d15a8048bdd2169a99140342923175d7d1d1f5a684a39d990b4a4b8fff1824b2ca6fe2b9342e27a034476e19b9f70308c7c6e19ae5d1c5373c6762404033bcbb |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\vk_swiftshader.dll
| MD5 | 1428911f623cf2dd02930eb1a40a0bde |
| SHA1 | 2484a333cb36ecce7414ce59c3c8b59e16ed9272 |
| SHA256 | f1a100c03935b5797b9c8f8330dbf73ef457e68a90d4ebc3eca8687ff540af77 |
| SHA512 | 0945c1abaa58cbdd29d14373995888a92b77272d69ca90228348dac1c0058e32d43c83b5d2d37f033d04f1347bd0d3d76e6fa190e4e87b4f1c169fb92abbe7d1 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\StdUtils.dll
| MD5 | 11a15b5c4cdf372558f58f21ebeb3b5b |
| SHA1 | e32f56ebcda428542918285b8b473e9fdd6d4583 |
| SHA256 | 1032bfa13ca7ad5b7e4c3469c5432f51622cd1ef952c29755ba47c471703a384 |
| SHA512 | dadc6c361db895316f6e36e8e1b69fbd87a27a0f4883d9e71809357896195d0d41339f282b984caa3cccfb18fd66f0cd10940bf4edb412ad7f51b91cd8d86345 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 056190abdb67dc349a24101f2f119c4c |
| SHA1 | 54a17e4546764c5b1cd665ccb6f159aa29d875ea |
| SHA256 | 46f6aa81f0f70adabfbca1be75983f69833271ff312e48cb2e5d807fecc09a40 |
| SHA512 | 96493002951ad4610ea65fa045ae630ae37987d1864ea008811d4388dff3deaa2178601a6fadbd6a1aedc7d4a6d91d791054bfaae561cf6f29805546c6eb3554 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | bcaf474f4bb64482f68b233876f0fb1c |
| SHA1 | 3645056b1fc4d41c43f25e845c10efd0b44c3e37 |
| SHA256 | 4c535bc566154203d0e0d8c2ebe038e2bb69e6e3f02ed392c4f7923174fd3896 |
| SHA512 | f6d9dcaf63fdc451202b78983bcb88808d842a4633703707aa04219a2ad67b3800e294452c7e86c02cb245c65d2aafafe407dd9251582e31a159d0d1fccec20b |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsv80F4.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
memory/3652-1342-0x0000000000060000-0x0000000000061000-memory.dmp
memory/3652-1377-0x00000000778C0000-0x00000000778C1000-memory.dmp
memory/2804-1501-0x000007FEE2500000-0x000007FEE2E9D000-memory.dmp
memory/2804-1502-0x000007FEE2500000-0x000007FEE2E9D000-memory.dmp
memory/2804-1503-0x00000000025C0000-0x0000000002640000-memory.dmp
memory/2804-1504-0x00000000025C0000-0x0000000002640000-memory.dmp
memory/2804-1505-0x000000001B310000-0x000000001B5F2000-memory.dmp
memory/2804-1506-0x00000000025C0000-0x0000000002640000-memory.dmp
memory/2804-1507-0x0000000002410000-0x0000000002418000-memory.dmp
memory/2804-1508-0x00000000025C0000-0x0000000002640000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 91fb30faeea725c43969c40aa068f13b |
| SHA1 | dbf18031a7a6c833638807a318eb5c94b9534613 |
| SHA256 | 1be92d5f606b07655be0616d618c8961bb3ca36b1608f592deaf5fa675144871 |
| SHA512 | b125d40329164eb1ce5db491689c0b3787fa7d3adec400fe41e47bd760558d3cf3a00046fd68cbacc38731bbce4004c2b1ad7041765cd8e54a5e686a16b99573 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3dead30f52ab3eaa90ea9da07d558169 |
| SHA1 | cf14506d663a258d9ef9d8df2000a2a46a69ae25 |
| SHA256 | 439a600db97c9909f71af9eff1d3d2312af3a5b4af16143a5be9e30fb7409a19 |
| SHA512 | b728976ee6ecc1dfde152b78f088116a8bbbfef4c00e193921d9ecac96a62f8b38733aa6994a36eadceae6ed55febcd01ad495e2a7aaa75156f2d2d49b5de0d6 |
memory/2804-1531-0x000007FEE2500000-0x000007FEE2E9D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3631c9383d184c05bf2220e2cbcd12a2 |
| SHA1 | 0721e39d5a5a123c7f3d98c397d109064f956046 |
| SHA256 | 4a7e8e5c0b587e3a46407a7e71d0fb192bebd7ce2d13fa84cc36e6642ed9f2e6 |
| SHA512 | 6e1329e5694fda8dc824f334d898e22fd82f86d155f3edecec745bdd5d8bf682de867ac7fb3f529470c28c44100ec534002539d6a06a36779fecfec5f650b9fd |
memory/2804-1539-0x00000000025C0000-0x0000000002640000-memory.dmp
memory/2804-1540-0x00000000025C0000-0x0000000002640000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-14 20:00
Reported
2023-12-14 20:06
Platform
win10v2004-20231130-en
Max time kernel
363s
Max time network
364s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1184579485820006440/1184593764526850198/Space_Therapy.rar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda2a646f8,0x7ffda2a64708,0x7ffda2a64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11621424394288258953,13677920604351264568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.181.190.20.in-addr.arpa | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.179.17.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.2.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 192.229.221.95:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 58a9ee207caef8b6881b10e37b4cbc97 |
| SHA1 | fa5f0c8626915f39161abb48df2212a79c9c6abb |
| SHA256 | fa60e147e18bd39cb6ce21d725ef37a2072d1d682547d9f7393d3f99e63711f4 |
| SHA512 | dd20d10299a8c628c74adb51239c3869a01a731e42946f0039c9138c03524d8c8a940716226f10aab0b0c7aa230195a27e91aea54eed611c6e5dc9f02fa90355 |
\??\pipe\LOCAL\crashpad_4780_YAXWLOUHSBVUNKQE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c5eb4c00d1915f3e9e3b9bd694babad |
| SHA1 | d624bdb4cfc67e433c1e01d97aca3b881fed08b6 |
| SHA256 | 20e52a61429a1a329f0f089081f1943361c3d43521428c47a41b6bc7993c5f84 |
| SHA512 | f2794e255e2ec673f35bd384e4537c7474e9cdd055aa4ed5408934de25302697b92ad83264283184d2a6317864ae114abc3deba031d9e73f629c9bad628245bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2746abc45b21d7f73529fb01c3c44b23 |
| SHA1 | 1c43928dd8aedade51cecf31bb0763d52226fca5 |
| SHA256 | bcfe281337d3a3fed71d8e7cdebaa06da770d849a5b2467ec635210bb2a91797 |
| SHA512 | 3d645b371a40df63e8bd684de1fbdcd5d2899795f97e14fa53fefa49a311ffb0e876664cbc060f19e49359ea29606d95dbba080efc2dba7ad706560168790b16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c645513d890705ed9cb14911e39233d |
| SHA1 | da798651f0dd3cee5e766a9bcfd67a1763309bb9 |
| SHA256 | bf75c49312263c503672eb5c50f9baaab7ec186c62b862077e550f647bc23347 |
| SHA512 | 1b9c3057584eab3a8895d8e82d88f53a6228a1c3fd92ab7074f2b3cfe8627e1f1efde7642491bf50ea7dd75c44909f3e46d24bcd676087ef44071b58402675cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7be049d7c959fde1e41f35b7a720efe9 |
| SHA1 | 52ad63c6660922da4e8f6adeb3ffc02c4680b5f6 |
| SHA256 | 3e0f584c3f5eed5d694d28d0341dbeccd25f72ffc95dd44082cd087a8e7dddb3 |
| SHA512 | 4d46689ec5be60bc5e4de95f0547bde8670a99c483fe9395f2df77e78a4f1f438d5865a024a6daecce3c0e7314d006b3e84682bc7e201e521f7c33b3343590da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f1f0b886-4026-4495-bfb5-3ad443f6d579.tmp
| MD5 | 0b58c266106c64d9b9626ccdab300137 |
| SHA1 | c55646da9fa00a68c202b6a49332d9f06da90fdd |
| SHA256 | 3d5139de1c6d938fbe5917582c4fdfba718d0e2004da545dc0112b1d4f0831e3 |
| SHA512 | 18d50beef5ec387c15e47287e280ec98ef2db128c13cd554318d6e3127a902baccbb54b7bde68a1261495575db96ed15149755d1655abc6e555c6604aff7576b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 3999a14d8cf11059999dd49b8cf411bd |
| SHA1 | 1a33a61073102eb7ebd0caf5395fb3c6125152dd |
| SHA256 | bec3df2d1be79a3ed71e7d4d0fd6a5cb9214ad5f3c24f64541327a5ad32adfcb |
| SHA512 | 6d5686236f4aab7f5a906addad35885205f4e32728dddf5874decb9fcfb983dfd30c26ded86b94f1c67309a51e1210ee0a4578e202103d2aebf44b22d0ec565a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7f4f9500ff9594defe0b46076e4e588 |
| SHA1 | b00efebf3d84d739ca2dca466dcbe5e4e7bf6014 |
| SHA256 | 21138a1bfb7917eca4dfeba30f7b2d63e85bf2605899b2289ce8ea904df14353 |
| SHA512 | edee396b9ef75741660293737e859a603f3a29c6440645df6d066a9593eaedaf0cc832e75259e6bbfeb0e02d7eec0c09ef15a777ae5d42730d3c4e0392cd04e0 |