Analysis Overview
Threat Level: Known bad
The file http://zx was found to be: Known bad.
Malicious Activity Summary
Orcus
Orcurs Rat Executable
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Program crash
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-11 16:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-11 16:35
Reported
2024-02-11 16:50
Platform
win11-20231215-en
Max time kernel
851s
Max time network
856s
Command Line
Signatures
Orcus
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Orcus.Server.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Orcus.Server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 7.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 7.tcp.eu.ngrok.io | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\Orcus.Server.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521429953854476" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\NodeSlot = "11" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = 000000000200000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\1\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\1\0 = 78003100000000008f57596e1100557365727300640009000400efbec5522d604b5880842e0000006c0500000000010000000000000000003a00000000000f37c10055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\1\0\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000f121adb55d2fda01b6f275fe632fda011ecae5e1095dda0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\1 = 80003100000000004b58af8510004e4a524154307e312e3744440000640009000400efbe4b58af854b58af852e000000dea80200000002000000000000000000000000000000f446bf004e006a00520061007400200030002e00370044002000440061006e006700650072002000450064006900740069006f006e0000001c000000 | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\2\NodeSlot = "10" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\1\0\0 = 50003100000000008f577874100041646d696e003c0009000400efbe8f57596e4b5880842e000000395702000000010000000000000000000000000000004a871a00410064006d0069006e00000014000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\0 = 5a003100000000004b587d8510005345525645527e310000420009000400efbe4b587d854b587d852e000000cea80200000002000000000000000000000000000000bf2c040173006500720076006500720020003100000018000000 | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\1 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0 | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\2\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 050000000300000004000000010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae9233cb8,0x7ffae9233cc8,0x7ffae9233cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9915806409464357996,11849971130022118083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae86c9758,0x7ffae86c9768,0x7ffae86c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3960 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5460 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2752 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1528 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3420 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2732 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4868 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5124 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5384 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1820,i,14107166224817631213,7351494822613383091,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae86c9758,0x7ffae86c9768,0x7ffae86c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2364 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3224 --field-trial-handle=1820,i,12546091514043307292,8345550877417260036,131072 /prefetch:1
C:\Users\Admin\Desktop\ngrok.exe
"C:\Users\Admin\Desktop\ngrok.exe"
C:\Users\Admin\Desktop\ngrok.exe
C:\Users\Admin\Desktop\ngrok.exe
C:\Windows\system32\cmd.exe
cmd.exe /K
C:\Users\Admin\Desktop\ngrok.exe
ngrok config add-authtoken 2cBMH4DqH6hylwrLYbRNCL0sYdn_4dRRJ923JjN7Hqq1Evff2
C:\Users\Admin\Desktop\ngrok.exe
ngrok tcp 7777
C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe
"C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Desktop\Orcus.Server.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Users\Admin\Desktop\Orcus.Server.exe
"C:\Users\Admin\Desktop\Orcus.Server.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1252 -ip 1252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 1372
C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe
"C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe"
C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D4
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae86c9758,0x7ffae86c9768,0x7ffae86c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4980 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1820,i,18154452493171487415,9969698261540322316,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5556 -ip 5556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 2596
C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| DE | 3.125.92.105:443 | connect.ngrok-agent.com | tcp |
| US | 52.202.168.65:443 | update.equinox.io | tcp |
| US | 8.8.8.8:53 | 105.92.125.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.168.202.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 8.8.8.8:53 | orcus.pw | udp |
| US | 8.8.8.8:53 | 118.199.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.125.188.168:10085 | 7.tcp.eu.ngrok.io | tcp |
| N/A | 127.0.0.1:7777 | tcp | |
| US | 8.8.8.8:53 | 168.188.125.3.in-addr.arpa | udp |
| DE | 3.125.188.168:10085 | 7.tcp.eu.ngrok.io | tcp |
| N/A | 127.0.0.1:7777 | tcp | |
| US | 8.8.8.8:53 | orcus.pw | udp |
| US | 8.8.8.8:53 | collector.exceptionless.io | udp |
| US | 52.149.199.118:443 | collector.exceptionless.io | tcp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.126.224.214:10085 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 214.224.126.3.in-addr.arpa | udp |
| N/A | 127.0.0.1:7777 | tcp | |
| DE | 3.126.224.214:10085 | 7.tcp.eu.ngrok.io | tcp |
| N/A | 127.0.0.1:7777 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| NL | 66.90.86.26:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp | |
| N/A | 127.0.0.1:7777 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 552758a7bb19b27354a76866861c4801 |
| SHA1 | 93a74b56e5bb5aa86a53db413081b3ca7ffb808b |
| SHA256 | 53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c |
| SHA512 | 13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc |
\??\pipe\LOCAL\crashpad_3816_DQFTPTSBGOIIJNPJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 678530f94274f4702a5f1d49ff17c85c |
| SHA1 | f551792ca4598230afda9e602b76077582ea6c57 |
| SHA256 | c5203a58550440cee3465c9153f351358eed2adb34927826cac00b177104ecdb |
| SHA512 | fb53b0284645d2a02653a01bafc9b49df656dcf5354ce16a241e21c7ec4679e15fbba43b61f9cc18ad2dee025a2a6b38be7a022786da9dc31f87ec3073aabb41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 24d0ee5326ac8c4ba482ed21487d5832 |
| SHA1 | a79a18f52b5ac76afbbe85cf92d62878bb61966b |
| SHA256 | 5f3ad5e1c752ada05492e0a38a1679c4aca3583dd8051581cdad58e91af309ae |
| SHA512 | fc89d1cec2428ef0d940898530d806f6ac7fe8447c05e8406d864f4edc659cd885f579a5af57d7104e26c3c94d30659ac52585f94d1189581025284ed9785f15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 300483cc3ba4a700da53baf6078666c5 |
| SHA1 | b57a97e289bddf176bc1913b05f5c8765c5b6f87 |
| SHA256 | 0fadc9a759e22ee184699c773c775b3a81d292159f1bfe7e75067e85307a5279 |
| SHA512 | b20038568e8232be9ef537d8cdf0ff655f6f6f550ab985f938c574743b0b85a40c765c69c0f3ee706e9babc39a35d7367703b272436dd1168daf465f7a10cc6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 63b6255b3f07d9e42bedebea98f2aca2 |
| SHA1 | 40ebdc3a328e822aec42b2373d092dc73101342f |
| SHA256 | 51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a |
| SHA512 | 0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f787bce53c07b0eb294400a0960b13f |
| SHA1 | 407f0f9d6eab5db269f1595910caa99324b75ebb |
| SHA256 | 30eebfa37064e2ce3ba38ca4ace679fc03caa3bc2b2ba4210f15a2e1d83a28de |
| SHA512 | a923f739d81ea0bb900e3e4f275490af602794e3a23471e527cb5d5f5d3fa70017f87971bf93e57086a6533c6cf66c4f611a3a50a43ae1c28c1ec9861456f831 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 183b48cc58df2683cc2f3d32aa068144 |
| SHA1 | 992803f3832c446e546dfdeb441fb2cb485e3ba2 |
| SHA256 | 9d836a93e49e9584bd0a36e05bcadf93c7944a17afae18327e2a8dcc5d931878 |
| SHA512 | 6a3cb9e27675035904cb6fb99da41c59245ef9fdfc76c775bb23918ec00fea831f9757d178ccf96b146d68550f83788c804c4fc5638ff5fe31ce209af3ccca7b |
C:\Users\Admin\Desktop\ClearNew.xml
| MD5 | daf968f3ae81b716fc758ec964f19ed0 |
| SHA1 | 6c0b2b7602f2520e689d201997176087409da734 |
| SHA256 | 331f3c6290fe0d9c6deada351b49be54f175289adb75a2e5cc064ee4776e3c66 |
| SHA512 | 08c2af6bf9b199144e0daf41f03481c0b636e599ca6d3a24c37a89daa0fd6f0c95af4c6a3e782024a54ed98ad03a70a2921606734592a122b3cfacf0c96ab763 |
C:\Users\Admin\Desktop\DisableUpdate.wma
| MD5 | fa6a8559f5b0753bc920ea3ad47b414c |
| SHA1 | 3cdf8220a15674ef1a41b7669f7f106b18e522c6 |
| SHA256 | 6ba0143c4bcee00f5c1c96479a6009858604b60191cf2d1fe5918ab926a1a82e |
| SHA512 | e465a8d847f622c3c4e4334b842052156d6956cb5cb0b96c4f489f34b3e232766bda3de0a249f12317457fb6e33cd7111583a8f48b975880af37967142c949e4 |
C:\Users\Admin\Desktop\ExpandShow.vb
| MD5 | 64a29a8ff22306d95587167607e90285 |
| SHA1 | acc6527b3f6d863e42f0977d535ead32b08cee8e |
| SHA256 | 4592cd81f9a835db6cdba838576556babceaad0e9669a9262eb381d4f6bbdf28 |
| SHA512 | 35b188abd5c6a093d82fd6189626472233c4fd9b8b02705319b629a15a70cb2944e5d33ead026f7f97065a39fe46416a28096a2b8d22e08b421acb5913c78d1d |
C:\Users\Admin\Desktop\ImportGroup.aiff
| MD5 | 139bdd7bb1ab8caa02d58b6f1601ac81 |
| SHA1 | 27722e2c47ccde36855707811db66648f1a891d6 |
| SHA256 | a74684d0f45d60239aee4a88087888f1f615eb12571a650d64be3e7b53d1ba89 |
| SHA512 | 23c22689f52f68541ca516e626499a17eaf46109bcd835eb82e62c202eb866285e6ccfd0a689095fda590490b7e7723dd97cba445a402f6ed079160d0b73884c |
C:\Users\Admin\Desktop\GroupExit.bmp
| MD5 | 127b818fcf7a6c8509e58a39becbc86b |
| SHA1 | 2a45c09a4395893ed36670133bcfe2ad36845ba5 |
| SHA256 | b7dddb841d20cd1351bba0e26ecf0e58702e0cc01b1c78ec209886a695eb0afb |
| SHA512 | fee4903de9f77ac3318b18a124f07c446c336fc9aa061f540acf7fabbc092d4223c3cb83de49fe8861b8411209c6b4e3935ff6fc6c7b073da8c26beb24d43ae8 |
C:\Users\Admin\Desktop\FormatUnpublish.dll
| MD5 | c2b9d46faa5d8cf4ad549998c0ea43e0 |
| SHA1 | d2c09654c6b944d9c636ee67d9ed900d7f06eec2 |
| SHA256 | 92dbdcf16e4b514891553b7ff149d093ce161b2528fa4cafa2c552a066e338ac |
| SHA512 | 9cd6fde0815e0334d76c496fdbb7e3fe38784386206b744269b2600e40ff0b283480e47de07b4096ced66cba6c63a880742374c352661e5aea25e6682a29c307 |
C:\Users\Admin\Desktop\ExportTrace.vbs
| MD5 | d2a5436bd6db91acb1437d47b483b2e7 |
| SHA1 | dd781fdff2c3ca32bde811ee583096ebfd4dbf8f |
| SHA256 | a26d4425910b152bbb7e3eed566d5840dc58c3d61b851ae19ce2d2a8d5bfd066 |
| SHA512 | d07ad384c0b087ba104b0273f379466df2e54d24254141b4311f268c5eb86503ef6cb2157a6b4855163ab98e84526ee6f1ceea071d15c5d39f7386fbfa035639 |
C:\Users\Admin\Desktop\EditPop.cmd
| MD5 | 66d17049ec46d8120befef1a6fe436a2 |
| SHA1 | 272a83eb6eb070d3ec006aa75629dabe461cec1c |
| SHA256 | d7dec7f9b6ff1bd5111d248cb0a909de219b962fe9978b581bc0bcf9f69f46f0 |
| SHA512 | e2c111b3e23fe5f1884b6ec1735f45f9eb6802447483d031307d4ccf82cda3cbe92d0a58edb2712cfd9f4df0b10e6a4aa72954cd1823c35687b5d6e527f3f326 |
C:\Users\Admin\Desktop\MoveSet.i64
| MD5 | 7978f48d0bc3eef120b0d96263f97d31 |
| SHA1 | 27b654ab77c7d9897aa5ad40b9dbf30dd08aa271 |
| SHA256 | f5fca8674fba5abc66f3b0b82b83896bea17b6c2eb5ac1cba7f25dd58ce43a4e |
| SHA512 | 50e21f386e7735aec3acb52cfc1e562e29fbe0e8895458b1b2805860f64caa2373679c7532bbd512373e03639c4767327f7f277daa2950bb5a54b079e11dc4af |
C:\Users\Admin\Desktop\TraceGrant.pub
| MD5 | b52322d9258f84cf44d7ee7518fd5b40 |
| SHA1 | 169f91d0e0679f9813af689f17b3b52b65c0476f |
| SHA256 | b820e55221db1702bef696b6b0968c9bac1426b7b27983c5498b85cf90696995 |
| SHA512 | a46a9e6083dbc37354f6ba06af1fc3706a017a13618e1a3a77dbe01bcf20a839c4d606c14b98978e2244de24c46b8c5416902f1d52f5c504bd13b243eee5cb06 |
C:\Users\Admin\Desktop\TestOut.mht
| MD5 | 44c22497d236af8c0d022aec225a9445 |
| SHA1 | 7dcaa326ff33c37856e65414a2ea5330134e6f7f |
| SHA256 | be39338b4510d253648c35dab34500c1ebef34ff5288c07fefc94f1fcb726d9a |
| SHA512 | ae31d83a0e10c96a2f50e4ae5fcbb4514cb7fedb9d8a85b3fb1682c8ee14edab3572b8de64c6d7a124413532c9147e958d872cd0740f936a1ae7711515b01e16 |
C:\Users\Admin\Desktop\StepEnter.m4v
| MD5 | 9f37d53802d288f46d49f2b6cb25e051 |
| SHA1 | 501f7307aec33bd8b111b955ee1bd92a61258ee3 |
| SHA256 | 7ee89360f902864280bf1cc2311da23905e0c14e9dc1b96f502fa88a3f9b0155 |
| SHA512 | 4800ee7813aaf2c28db26ef54ba05d4b39c0cca5e70ca19e1c6c22d742df0ee40be1c4b973744917783c50210d9494ca91d34378ce4512878d70b391fe591c29 |
C:\Users\Admin\Desktop\ShowResume.jtx
| MD5 | 756806f910a0ec388b646659a645578d |
| SHA1 | a447af08e37c50dae8b67badad89353d1c10b8c5 |
| SHA256 | 98e2c87ad135725a1025beadef6109ac5fb2cbf84740866ae951a9ebc2425075 |
| SHA512 | 9bf8e68ad1ce542ebecf1c2f4bedfea9a042d977ce3751212918376651b2efe6d649d0cf99ed6fa4bff1077ec9ba3b51bcf26e7f1b37871b582eb50b3273985c |
C:\Users\Admin\Desktop\RepairBlock.csv
| MD5 | adc92a95dc33823aa069aee0d1167e77 |
| SHA1 | 1fceda000508fe2d4b0ab19a5df36ab558c9355b |
| SHA256 | b02b03297ba72db6f2ca5600a4b8973962e53274973c21d643fab7ed7842a14e |
| SHA512 | a89cf14b93ee6c118a96b5d798810bacb131c1dc7d3380dc3a06e362db17aae02f478885a122f0c1f4f3b05aae29e911f26dd4edc5727de59e49abf724b3f3bb |
C:\Users\Admin\Desktop\RenameDisable.m3u
| MD5 | 41f942d31a5348b9fd07cbfe33e75d46 |
| SHA1 | b73625d1c22c618b6ef001c75f53c8ddc1a3960e |
| SHA256 | c86a96dffb31b5f79759844c8c4a768783257b1e7948faf77d625d7a15501f86 |
| SHA512 | 1c8da8653f4b2ac5701da9305639fc147f5bdddec4f093607303bdecdc8e1795f838b334b27ee58f37f2d7e29387da5fa7d1e639ea8f5dca930cf2e60362c7eb |
C:\Users\Admin\Desktop\RemoveOptimize.lnk
| MD5 | 4f8a26d7daff071b5be1b304c08be2d9 |
| SHA1 | a1232e369a21fe66cfa13ab3bb459aadfc9c256b |
| SHA256 | 634c47b82c177c6127c5e2dbec719ac5284e5686e7d2b2bb2706d5ff94bac410 |
| SHA512 | e599890b603b3ddf4c600e8ff949cce682f3ccf89e58ad83b73f8685ce5fe3065e12a26c89e1fbfbb2b05337f491c6c9b49a4d9219d73c638ea3c88c5a260685 |
C:\Users\Admin\Desktop\ReceiveGet.jpeg
| MD5 | faea53b3b8ef86c946a418caa3088730 |
| SHA1 | 20f9d3dcbea97e72fa859c5a9177cf7dc24b4a7b |
| SHA256 | d669186a91dafd8f7f5d85477e01d330a6569a11100dbbf61da65e4d90a2417e |
| SHA512 | 94bcba545f4658855b652dbcc69dfcef88b9ba47d1584f7eef518503a691218eb5cac8a5a5b982d9c9712bc05b6ade2a3747d3e71b61942c14c0babe709543f4 |
C:\Users\Admin\Desktop\JoinTrace.mid
| MD5 | ec653047ca6a732fde3c17ef30070302 |
| SHA1 | acf1887ac5bbdaacb888c279b43be735633fe69c |
| SHA256 | e1672d08697907f341da4754b8bbfe84757695f8677d9b47db636b96aa6c3d2f |
| SHA512 | 3ee4791fd93c33a610eb82354e44533dfa7bd50b793ec5f807486bf6d790bf93d052a626d8fdbb7e44846b1be12492d389ef978507f09d11993a6a21e78482b4 |
C:\Users\Admin\Desktop\InstallSubmit.nfo
| MD5 | 797043eaa9da8fed28e464ae79c80c7c |
| SHA1 | c5c6df4cf8adea78c2898fe4c7b9739b02682938 |
| SHA256 | fd2f5889249dcb32775cdd6e6b5b87b4d393ca3377d2523ae2b2d8e444c82d47 |
| SHA512 | eb6705549460af8650f9402054714cea2c773d6a27483f4320b00e8498d3b43869009ebc5393c0f66771054594c84479f6426d1f3e468cde14589c09b468c9e0 |
C:\Users\Admin\Desktop\InitializeStep.wmv
| MD5 | 28476f0a0ac3890720ed418575f1c0a1 |
| SHA1 | e0bee060ae5b42a46a4df8b3c24711665e373f54 |
| SHA256 | 79b41b96a9e3668761cabcb7c17ed9ee3eaae49f76a447466f02c00afdfbc0bc |
| SHA512 | 34667d4799e10a9d61a7bff1f4c1a6404e20f8f259665820008bb1ea184bae0fa1441c9f83793b0e0dab877ac1d0f12c66ceeb04f4a41052096c00548a75f666 |
C:\Users\Admin\Desktop\InitializeReset.tiff
| MD5 | 16262a1ff6f8bd597ea22bc667766f4d |
| SHA1 | d9af1ac0e622715e29f488779fe44201c3a0cff0 |
| SHA256 | 451ca27040d6f3ec746587d081ba36823537b0f95776afee17a84d4c0d71ba93 |
| SHA512 | dfd46d571f5aeaddf04e29aae0c8acf5146659ed0fe18d370c69e3a9c5974c1e7d4bfa775f73a9a4728a356bdb04c716f37c4bb7073f4a5d02b13e11324d9cb8 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 9574c2b146965c2ca459a74a10e519f2 |
| SHA1 | 78962ca3ef3ea2b73b37aa165c5eb2cd4ec1b363 |
| SHA256 | 55260495a1c3c24dafc3bcd3e3897c2600921f2e1bd677513b0f09af6e718ccb |
| SHA512 | cb66cb53f1ca201ff5a4bc7a2452bccc8f40680c7d40a8c0bc95f7af9ec1df35650c353ee5155fbf83437d6c4eef25e10eb42e499ddc19842454ac0c3361815e |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 415d219d913eed771a3cc70886ed37fa |
| SHA1 | 529c3db3a232556a3a663b08c42d1992e6267662 |
| SHA256 | 876816d60a9404c7b723f9dfdcc9588c63b881229b63ba8cb7c86a065405e6fd |
| SHA512 | 1d3e8733d354f2e2a65c9acb5c14eb55d9ac5f21ec2014f1a4fc0ea7d62393b8b173f9a0fe5c9cce87da114d87e22cb0b9fe47ee62d0eb8d71a150ed9a83fded |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 03ef3b4d6b94679ca139f3ff6895b657 |
| SHA1 | 0f750238fa762be5837f26f4c1dda0f0181a8d74 |
| SHA256 | ee2b48829e102cbf72ccd3fbe2bbe5f8263aa0be7ed57aa7200a1e37337b6e3c |
| SHA512 | 5da081d711c7b7a8d1bf59ee796b9316ee47eeecb5fc229101993cc8c08aaea8c814c684cb93ff9b6970c8a9c4156f96f0cd2ff3c0df4c0f47d845af5de1a73e |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 08c80ef2555a5cd453c6ce8f59f5290e |
| SHA1 | e415d87df98fc492e199e90aded2dfe7082999a0 |
| SHA256 | d1137d3bd8e853fdfe392aa7a65ae640927d831b1cadb889c793df3319b02215 |
| SHA512 | 77be5f8e6dd5a73f702ae3351e0cc0bffb8a92ba94fd731511f085602ff056f377244c03bde068ade08cf07ed46da6530161c97bd98308c426c819568574d092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e783643ab21699274491305451d0f91f |
| SHA1 | 9911580ee5fde1849e696486dd0ad6dfc1df24e4 |
| SHA256 | 9185aaeae7ca3117993e33c269c80a0d6160a1dfc03b5a4f1fd2efbd75c962d4 |
| SHA512 | a7a83719476f88ad93e7faa097eb3f12882091a452c2ce3d66a07acc24a69b2e5e37bc83b9e55991acc84a1fe368015916ebd4e7694b24cc2cbe7a8189dd9329 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03151e6f40eb8df23e60f85da7b846e9 |
| SHA1 | d84ba60da3bccfd2b804724742fd2f663fed4530 |
| SHA256 | 17f66d949536f6b55a1075c17a19872eb70b29bba91671f822f326333de1bf5e |
| SHA512 | 0ca37a65c9d6906424f3b0fc248e41dcb0d85e86ac737b5811f7a58f0a2b2d8b8e9cbfedaf9dc1c08e48f0b7c24168db835c0c36f7a886b846a0078b51a16216 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8871c76ef07838cf42e4974403f830e4 |
| SHA1 | 05ddd60778cdb00138ac0600eaebc3f087912172 |
| SHA256 | 60e8a69f8951904160c3b55f3321a5d70cb44662042a9c30af7894b0f1342eb1 |
| SHA512 | ee1e414985cb1ead42c804b11d742b8fe928200a52bc4a94a7ac2e1fb13135dbdc869730cb1791a5ec1a4e54209248ab793bf6b2922451241fc92f5e24353a87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ea04a4452d05d0f5e479c95457397e47 |
| SHA1 | ff8120937c3064cb8e0382c3200432c7109e2238 |
| SHA256 | 5a4e34fc23d3ff99faa5fa874143920d025500c3462d5ef17fdce32bc959b724 |
| SHA512 | 4ec8fbb45f36bfd525fef21bb6cf0cac7e4ffb61b119d7ceba4a8510fb05241ade960694a841beb45e89e6d26f05a896af0ea500aae3986524d80a5e6e5e2991 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 36104d04a9994182ba78be74c7ac3b0e |
| SHA1 | 0c049d44cd22468abb1d0711ec844e68297a7b3d |
| SHA256 | ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1 |
| SHA512 | 8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3455f5f3bca82dc3ef31167b382a8dd |
| SHA1 | 64078d3589d0d3f19b7cb43b43e26b39a6f3cfa1 |
| SHA256 | d228bfaa70de21d4da160d00ebf7e8f0e2945aa26db6c853619701c228438cf8 |
| SHA512 | 88c382e7c309395dd85b3d16daefad1caf0d299f053b73585a0eda110f3645eb2cfc83bf8ceb8cc8859f2dc577bf3dc5f73c6ba32730e440cdd8c1e707a5e488 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1be3c121ec53dd9aa4bd0db791a27ea7 |
| SHA1 | a3a803df1ae0e4de2f61ac28db5fc8d29ff3be7a |
| SHA256 | c43dda5c8a51e4b0d040ad314c6e3988cb47252ea0af48823e8e29af8223d671 |
| SHA512 | 18b4e0eed86eee9ee11d31bccdf9dbdfd8c5c284287abf670f62675d88c3dc87696e8070132d74228fd2fa05769154ee5455ffe232a99d26ef3a3ff8e0b93e15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cda61bd7f9c8efa613dfc862113206ae |
| SHA1 | d4a4e8545695a0e118aa14bc74f8138997d02629 |
| SHA256 | 44aa4ee970b5b6eb52659bf4e83fdfac69fc00342f40fbe946fa9e65643b7993 |
| SHA512 | 58c00f0036af0ab15e67dcb768e0f5983a3a54996662e611a6b0de46ab4427aa5c59dacb3e017b2d31514a631107c8db17cad8dadb703e2a90c2dc69040bca35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e32ffecfbb754320ec911fdf972a8ef |
| SHA1 | 46314fc2af935b0c312cf3963f880e6dd4be1ce7 |
| SHA256 | 3f47c9e9583324801a75ded600cef1de63c5544af21be6d4f3084c1987f62335 |
| SHA512 | e87cd579721a6060c42a9ff1dda6b33d092a3dcc854c58a03cf5080cb3650ff80a587206a9376dc62bbf23c3b510c544071a88e1785403f85f60bb9831d76045 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c4e2505e5f79e6801f415973b1ad80da |
| SHA1 | 8a2661cfeb40b6f23d36c593d47d7577e7d91cf7 |
| SHA256 | da9c4b3c2bb15823390d41209d6701f54eb3675f3cdd8c73c55ea34eace3f775 |
| SHA512 | 28a29891e394a2e51b5f5a3cf7ec29d4ba144c7fee2bc215c7f82ac1803f2db005d8f4fe494ecfb4ffc2d8e1cf8da5c481782cf764159d7def91ed4de650519c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 654302da3e3d2471b8b00170614d27c3 |
| SHA1 | 489cb2288eca7ca466e713fd05355123fd843ea8 |
| SHA256 | 20053ecfab3aec3a316568845b97b178a70fbaab1edd63ec6c7c5f5132a237d2 |
| SHA512 | cefb5f5ace08e2e8ef2a5d70c5761da15c757dd750287e9670cd9d2e184c2b08797d2b849ec10810cd392c6a6292c4f55f3440a39931068b2fb22dd8714ad213 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 917306d57b34b5d7927815e8bb025985 |
| SHA1 | 01b6134be30140a8bd86c84b8af03fcfb7a52bba |
| SHA256 | eb9758cd550bdbc64a6be27d95de9ccf980a3d41083a7756df2e7047ed1cabca |
| SHA512 | e63c16746370eee6265bb5c0620c4d0ada2ae6825b88a34bcd7faa9d7c6cf27c680a6564850e474ca1a546b6440c3c6c352f5a419faa88f6f373f6f40018b267 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 91a51dc8808fd9c5ec49d02919a2f737 |
| SHA1 | 6ba5b708763b1bcdaa90e37763408a7ddfbe4f8c |
| SHA256 | d30c4ac99ab662b3189c437bd4f903252ce96e33506c41eb60d237eab019f490 |
| SHA512 | 149c8d19cc35aa417c577d610f6305525f9f73a4a11595daee4b273c885b192bdc7aaecabccfc82be596d4b88ef5d289a48785cfa3cb262d1bd2564cdb17ada8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 42a748e98dae640b3937f6965026094f |
| SHA1 | 8ab17e0ba59bc29fa0c2595c12d87f6d57b9dcb1 |
| SHA256 | 47bf16e1c043575b00bc32b338be4aec1d5590798f39c08e553f483649cc417d |
| SHA512 | faa33cb52595a2f0d14e05f24be1c606d9c42ebae1a016294f116d36139bc351a76e4eb3949b6577778d58378b98c8f95c7c226e5c228a12e52416293f316d28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59d99d.TMP
| MD5 | 376623730926d68e55ae2df4d0d5cce4 |
| SHA1 | 5bc8a83eeb5a3868d25312fb1a4a763d4b82d755 |
| SHA256 | 961f638214d797c10fefb30347be95f995644d0b8cb2bc65b771fc1e4542da79 |
| SHA512 | 747530c994a2f78dce329b67d4eeefa5272fb8f79b20c68279d625e620aace82dd4006c2c083919d02a1ab36273043f1442d44254c9717486f335684bc0d39e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 973832f5610590f6a6a44c09879279c7 |
| SHA1 | 106c3946516146e3c44f9092c06df398f4bcf9bb |
| SHA256 | 541afbdbecf5bd3dc82192e2f92e4c1966656866f2a9f3e49dd2250031f881be |
| SHA512 | 7638ca65057cc58e96ba63ecfdf02ac961f3292119c28cb0a258a4be96e6ee741e8caaf42cca9f7e655c76187eddf9d625a529809e9a4fee4c77f64e15196164 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 615b9e6170d337450d2a1dd7c86daf0f |
| SHA1 | 855ca59e4b5929dccab7d7f7ad4ee6d0efdeced5 |
| SHA256 | 036ce90fa878224d8647d51b8531608f12b5e2c0d1836fdecf081b3c801009f4 |
| SHA512 | a59e21090db3e749060127d793b1dad1729a2c790135177a18798d57f4e94629e86e744c5f3f295584637b65f3dbb55ebe0543296f52613bdb2ac5097b0b29ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 83e5af0f26765e46fad25420854f5edf |
| SHA1 | 7ccd2cad803076f24bd1419816682df73656d1c1 |
| SHA256 | 65f021e2ec0f704f7475522bbec92d128755ea45865889978e7471f917499ebe |
| SHA512 | c4f6e06a0cd9bf592887331e3e76a03620312d831ef9d8cfd031296d045cb73eadce5d298917c1538ecb9428e3baa89815e4dbdab602d8a1d0fee5d655df6943 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e393fe1d5e8489e7c4ae814cdae14163 |
| SHA1 | 21c5dd2e63ad8b7cbeb808b5a5dae48bc0418b34 |
| SHA256 | af434bed66476210fd45d658626e166c5ec53ae751a32c58d2a619ddefc37844 |
| SHA512 | cb5dbdaaede9521712f22b3f237003b992222b41f50fd8d2017d2c159c4a7804e6843c5e81fda478efb6cf7fecb99c2cbd22586d57fa6ac1180193c3151521fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 639ef9f6a1a5346d8a5cb85d0f7a3850 |
| SHA1 | a183bd3aa7dfc2c15f0802025cea64d3858a2385 |
| SHA256 | 5c3db2a2d035efacf7a4d2f98a24653fe2db049ae9837e8e4aed9e81d900e649 |
| SHA512 | e9baa3fe1e2292fe4225ebdbe84a4157776dc05d72844efd1e412a22ea38c53ad0df4a9066aec155094ad92d3c461c9344d68363ffaf672d4f22dbb3a3f259c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f50d07e12e0a80fe2452aada3b909e93 |
| SHA1 | e0dac1ffa8822c2c1230b95e90bd9e4da08f2c22 |
| SHA256 | 18afff511c65ab4bb29601175e57b0f2cb6b6fe868252a39dd76ebb2b663451b |
| SHA512 | 04060d7bd2b9b8d297ef921a82173169d34b41eb78314030eeef79a791dab769006f6b04415c7da5ec72202135afcc792c6b2c0af7b5f28891de1116d0cb6fcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 34edf2aaca7f0aca23fdca17d9d4c6cd |
| SHA1 | de2d021e77f0ce921720a43f236499c04f78ae05 |
| SHA256 | 920b144355b6cfab31e127ff221ac3db7e1f0596cea5f54165adb6eb33d29af7 |
| SHA512 | fb2468c42023452a9886fc0c85dab134f5e568a7811c1c806db7013686641a237a08729ce3f96bbe12a4850da846ddd74151ccadaf2ac3964b04369f7e5edb6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca1a2e7372d0b4fd9d7150d5acba9235 |
| SHA1 | 29f3e070af3e15b67ee2570a91d47eb9878297d0 |
| SHA256 | 126367d3b7b9f340b813d6d3f69bfef9032686c496ecf3bee516af1f8a1e2d8b |
| SHA512 | 2ba00c8e18e9e6f1ba920d1bb9855994d825854389b5d73ffd3e03ae30d0fe2dc4b6de39eaa2a139d634f5569d429f72b121187939d63ff0463402cd09d8e061 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6d26aa8935ed87144056dc5008bc6e1d |
| SHA1 | fdbadabdb82962e8832c02d6458967e0d8f8c88b |
| SHA256 | 2e8c4ab8fbd8f88e96e5324fa483a5df2ddc2a0176ef7dbacc58cea9ea07f27d |
| SHA512 | d1533692e065cd142f17b61c1bccd71f294586a99b876c747d4245808503feddcad9665b82fb442a177479a4e02f14e9d19570373706a0582edf34c1d646d22c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc906b475cc1593bab7e263672a49206 |
| SHA1 | 947fc7284cfd5b4a87ccb328e0c35d45dce081e8 |
| SHA256 | 3d61ad10598daca0a2a3a97606b3de7c6f678d0aeb0f8c807fe4cf51c73c1c78 |
| SHA512 | e281a1996a9b0173b6ff2c318c87dfe2e5b2ad249794231a622b9f88d64d87ab1144cf01435a4e77b291a56421e8ab6e48bddabb7e6f139ed0e06b519e31d2b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7c46839ca9920b0cd7be9dd40993b90 |
| SHA1 | e686cd2383f5db61414d1396babf762f6051ab4a |
| SHA256 | d2ecc280f58cfbd4340b3f8b15b6f3e29d1b7b94d850f74a50404fd0268a6244 |
| SHA512 | bc1867407b7fe373480863fb94194e44264c294a4938e159696cc8a539576df3a088759228929468f2381d721dae793d13617b9680da6f690ca70fa2c3e9c869 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ada52b781eb85823d11102ec0403434 |
| SHA1 | f982f818fa2668ba877050c5533f68f6e5acb730 |
| SHA256 | aa08f2fbdbddae2bd8032dcee408477a440706da0b836eb4e0f3d0ce68edc93e |
| SHA512 | ed87e9e53b85e6b6d7386588ba0a1a3ac6c42d031c86fe13d00785c90b6f392fed528c4d0fb05a2c822a1978beb8f656921d1f693de5beb6c5ba94351130aeed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7cd2b31d214830820a6b8b5dca2a91b4 |
| SHA1 | 685b2125d1dc915d2a8da3c5b3ec4518cec7978e |
| SHA256 | 307708bf90eefb17db165c9161db00b6b904ca998d5ca55b5aaabae7021a1574 |
| SHA512 | cf5cffa49505fd2929683044f7bd5204feb745fd258d51b61c71be95c5d347889fc331e572eaca111578db5ada4782218919163a9223a1d0efc56c30ddfa5da3 |
C:\Users\Admin\Downloads\OrcusRAT-main.zip.crdownload
| MD5 | d10be9dba4c45ff0cb4a137f0b73c86e |
| SHA1 | b80117f856d3684fbd38b5554d046db36a0fa737 |
| SHA256 | 081796a23c8e6cd84e543fed368c2259b521be1388afcda8b959a4d3df987994 |
| SHA512 | aa83fb38f65a19de0360622d25798da942f166059e6c42c8ea4fbe34da98fbdd471165b7fa0a587c7d60de5e49d5026cade48b64531edf3b7dd91e4b026f56d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d5689a12c568e0ec497bc8870ed3f51 |
| SHA1 | 1733d1bcf8f87e00df100619e6ae32df43d54c3f |
| SHA256 | 25f6a720cd23f033f99221e77aa7b0ad7be0b70b2e935ecd289aa279b5a091aa |
| SHA512 | b9e427272969415161c4db745bc24b0d273c0e8fb023dbc5a6795982a4d8aaba0597f384d90d9e626f59a35b2f30842f8422e72934878b8845760f748cc53a4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36d32e08af3fadbe902bac9330e83905 |
| SHA1 | 41524c5d12b37ba3a903b71ee9c3198f6e5cc574 |
| SHA256 | d3a4c67e71601e5fcda4483a8e9733cf896e4ea6090f993f7b85cc265d3c6474 |
| SHA512 | adadf9c8c84708727b548e9b6449c14824d4477758d14dd47e19439c3659e1e91dc0c110df07923a43077915003e4f183d1a1ea4c43c068c72cdab16ec00cab9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9fa3156436fd7b68d4b7449877b94cbf |
| SHA1 | f7437b7466f0a0fc9abf4ac1f5926bdd86d195ef |
| SHA256 | 1a59dac00fe5bc8ed84c1d8e19ac96158b3b5231cf9c0357ad2ca6714a856143 |
| SHA512 | 3882904971e9a0b20e944f0dc406dbbd227eb3e4586d6eb606fd057c7d660fa9add8d577b8750f6c7b0fae240b8caf77d255a11a74bcbd3c8890e46f34285c67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94dd21f5e6456eb38717e5d84b61dd41 |
| SHA1 | ef18b8c9d78b0f4cc873ba0ee873ebedb04bd11e |
| SHA256 | 71e8a2775d62d20c9ec67a57680e3943ddad13e592f87762f855bd0ee9e11d9e |
| SHA512 | 845ad3d9cc518dad0db3518fe8763c56dfd522f62d967b3710609616db4de7b3caa6c2630d2b2cbe6720b69ea0bb2979a211362bc37565025e82f4c4e8acce7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0dd7aa3837e40207ea145c650fe8fffc |
| SHA1 | 8795f2a3e93b6734e6df02c0e18dc5358705659c |
| SHA256 | 0d7ad6b229df595b4fb73820aad64690cb8149040a003c8f5ae63249ab84795d |
| SHA512 | 9f0b4cca6ab7f5a3d1da2e11674ad925b279fd0aaf9a317a1cf86818278d2131914e30e8992ab0685dfcf6e99fcca476e07ca6c621e3600bedce90c30eecc3f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 091a1d9b3f7f2c02af8ff08e5e8f6d40 |
| SHA1 | cd0dd7c702cdcb36e275bd31f38376fc3bac0898 |
| SHA256 | e65857033d28d53006cc24fc7c61fd6341890f1fbb0a4cdd4c7060285dc01741 |
| SHA512 | 3f75677854f63e45453cf90769f5a0b6456ac7c8c9645b68e4153962bc47eeaae5c98c7856c0ee4f1df2080208241c009c9e246064210324ce48d88c77805ba4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6db38f6dafcc5d8d6567eee870bf2c96 |
| SHA1 | b77a0beec2152584fb43c4c5655400952b1b420a |
| SHA256 | 88c56f0503df234b52b53ad7a816d42ba11ff826887225e70e74296cce8792c1 |
| SHA512 | ed2ca83d3d0b9e656f50a65fcbe884bde02813227473cfa7477300ae9baedb81e3b467d172f61575f206f8cf60e3504354eeac41b837789a116eb85d3adad824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 3f131e67e8b17cdd17d00fa2e96448aa |
| SHA1 | fba697ddfb2c62de21bcd2854e0edca3fd87e44d |
| SHA256 | bb7f8b07c56ba57d4a41f0235770285f6a443b987d90ad7ddc2fa4049696571a |
| SHA512 | b9fe7644e20356fb284d0990f9e3b5e5ff50a76cb0c9fccf7ebad6cf1ca45b196c1adaede2eb1aca38f4b44e07bcbda5476f1094b148d969161c0cb01ee85b83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 371d9afc21a7133058e215e6e73910d3 |
| SHA1 | c107b24ea45e9fd718a913aa20bf4f0e18d16788 |
| SHA256 | 2e87a1107c14b296eee69f736ee4127c7389be44ca82c2ed702ae59de2ba9ae3 |
| SHA512 | c40d89b3742737b1d16f871b9767ab49e2096976c72f1167de8f4e0675001dee65057f1596e3725d9394ecdf575252248c462bc8ba83cad6594aee281fb03264 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7be4aec3-7f1f-4f86-aca4-0b8a0bc635d5.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ab75d4ce9f81cfb6e84f0f67792269d4 |
| SHA1 | c553b34a557a39713a80f2bbb5f9aa4e2b62c2d2 |
| SHA256 | b00debe1c1013589419ad7d7c06559924c451e0f25b0fa38104b56f36d2e4507 |
| SHA512 | 1729d277e68b515fb4720e6d8e6f496e208afe46a880bac5de1ca03e2a7650e9c34acbb98d11750a52e40fe8cb696cc59e98ad8506e4fe7141433be252322c64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e999948717b4c271a095d8f3a264055 |
| SHA1 | 29d63c7ae44d134115296033fbadf079b38c1770 |
| SHA256 | 9c6d85220187d5c058ad9dcac32223735c0a20d83b957535c3a956606c3b3d82 |
| SHA512 | 25ee811065f8fe00a42a2f51850ccd36a160b54ea5fe101aacec03beefe082d3ee58abf801be466ba915fcac80ddfc99789d057ab995f3441968cc34744088f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 385a0bd88c66dec45f638c0a5c2c5f2f |
| SHA1 | a5543590cd6388d46e8e4246ab2c49c22299a043 |
| SHA256 | 82df49fc55b6b8c7224df5c83f1370f09a02c8f779feaf988afd95336b01a5d3 |
| SHA512 | 5daf1c02076a85812ab4e9319990f2e44fcc51f6a74c206d3b1660b44ebdd3e99cf7fca014c39b54170246f253640556935a728d2e2d10f3b76c62080b2dae74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d3e4406efa08dd5cf7c74df54b725151 |
| SHA1 | f04c0bd0303547a3a1d68daa6c0b50242f363aab |
| SHA256 | c18b6a7ac782de61b621039a4deaf4241d276f1a346c1bad7b582c83f2a3559f |
| SHA512 | ceaff57350a7ea59ea20b20f3633a4a7cf7269d9fc8ab161e7a4152624d805117aaee7488bea6be889ed43813b3443a90371638fd3ead2610f6949c2c5be5b71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b460488cfa61210f87277066f2afe0d9 |
| SHA1 | c0ed4c73be2a5c207ed4005bdcc6b3b95d09942f |
| SHA256 | 97036714a20495d3a3fa02ddc2cce01f07e4382a57e0c3b8813ef3727df3b523 |
| SHA512 | e185e776d598bbf97112a40c331acdf728e3d8b135efd9ba5a5ea60e61f18a0b74daa0449f2b710c79f2faeee690f0e33f4a361860b7275f4ceba338707e2b26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3dfb79d533f6a828eac788d19e19ed2b |
| SHA1 | ef2def3b993125c7b57d252ed46ce6f37e6478ab |
| SHA256 | 30b12372a00e056226fecf3889e04fe21a84137db3ee92ceed246156ebcd5749 |
| SHA512 | 1f36a4c2850e2ac74c697697dbeade8992f97c6b3ec3e36f173d794030672b00a03549232222b47d51cf904b1b969410947465be3118f7d9411b4224683e09ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0a2acdadf07981fc92b699e735e065b |
| SHA1 | 37033be50390973c5a086a466066dcb4434a4d22 |
| SHA256 | 7526b296c5c30220bfc11faf987989855b3e86c051a8ce2887d2a2dbbda6be37 |
| SHA512 | bc1778607e3a1810c8bebe814fa74560324115e91c18a37f46578334c29f810b849790c11d1dced09b44db146ad007c607fcb33cab42df546e67dc9913773cd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 42cbbfac7bdc9f7202a1f15f1840b9d7 |
| SHA1 | 30c3b932369e32b491ffd2bd7928d2f8fa530bc2 |
| SHA256 | cf3af8b8a63a1d84b41a6c16f3a8b968b0c2098bdbaabb4f760c11b523b01ee6 |
| SHA512 | 453a430c4ad3e238a1f74578e58ad3a388fbbc3e8bd886d6d13c5928b1d06155b511b5328aea5ece43e24985f0f417eb6cffc33addafa45d28cd653e46e58256 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 67860c60e2a24f845ad0f37ff2037747 |
| SHA1 | c7bd2e6428ba9a8ddf614e624045cc6aebeefac1 |
| SHA256 | 864256d6b4d283f4cd9de47c3ef34bc812324608d330c7a27e993c349ba39c35 |
| SHA512 | d0f3be6a0fdc363f59d206229ae8540c356ac0280124d036698553aec3eda38d251f114a68da63cfa54b0b930f101d1934cd713da5b0593631509b9eea9baa1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28167868c9d65e78b229fae1bc4833b5 |
| SHA1 | 2ab6594fa6d0ce8be5fe94cb7357a5268e72d968 |
| SHA256 | e30c2b5c9620058d8e5040f7ae291e2ec8b94f69a2d1eef6a9e248f4e6d3ae01 |
| SHA512 | 6ca1a1c588397e4124123315225fe5b3747fed3d35fe8b38ec7779ccd7157ed4dd5bb501cb4066353ee09bbf34a0cde22a44ef301ea9f04ef58d1235f83d93b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5085a540dfc114bf9a2ec14933b386b8 |
| SHA1 | 09515b7f2060866deb60e5e8352fde022f61b3a6 |
| SHA256 | bc9241b8c8476332e08534aece05decd150e9dd6c640ce7d1fb051cb54e6faba |
| SHA512 | ec6e455a7fb5fa6ad99e7ac32b800cdc7b32fdd7c152314996197fa156f432551f8897fd7a5b442a99b04cbdb5f13a9c0c953b0f780af6cb2c145f5fc24e1241 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 78e9fa349a11e7fda070600761ac1623 |
| SHA1 | 4e93e0448d0481f32b76843a23aa5d8fab6855c7 |
| SHA256 | 219982cf2295d61445e8c6fdc0af84d8389c1ec4fafb7c62c112e2fe2ea1155e |
| SHA512 | 07208c00cda113fad3d55882e451a08bbde8302cf3e17bda52cc364d1a2c6b3ee29d2ed796c1ea404101ba4456b436809b577438a44e5498c4dc9bf6d86e1c07 |
memory/5132-1120-0x0000000074860000-0x0000000075011000-memory.dmp
memory/5132-1121-0x0000000000DC0000-0x0000000001DFE000-memory.dmp
memory/5132-1122-0x0000000006910000-0x00000000069C0000-memory.dmp
memory/5132-1123-0x0000000006EE0000-0x0000000007176000-memory.dmp
memory/5132-1124-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1125-0x0000000007180000-0x000000000726C000-memory.dmp
memory/5132-1126-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1127-0x0000000007380000-0x0000000007482000-memory.dmp
memory/5132-1128-0x0000000006E70000-0x0000000006E8C000-memory.dmp
memory/5132-1129-0x0000000006E90000-0x0000000006EAC000-memory.dmp
memory/5132-1130-0x0000000006E60000-0x0000000006E66000-memory.dmp
memory/5132-1131-0x00000000041C0000-0x00000000041D8000-memory.dmp
memory/5132-1132-0x000000000BB20000-0x000000000BB32000-memory.dmp
memory/5132-1133-0x000000000BBD0000-0x000000000BC56000-memory.dmp
memory/5132-1134-0x000000000BB70000-0x000000000BB92000-memory.dmp
memory/5132-1135-0x000000000BC60000-0x000000000BFB7000-memory.dmp
memory/5132-1136-0x0000000007B60000-0x0000000007B6E000-memory.dmp
memory/5132-1137-0x0000000007C00000-0x0000000007C88000-memory.dmp
memory/5132-1138-0x0000000007B30000-0x0000000007B3A000-memory.dmp
memory/5132-1139-0x0000000007B90000-0x0000000007BA2000-memory.dmp
memory/5132-1140-0x0000000007DE0000-0x0000000007E92000-memory.dmp
memory/5132-1141-0x0000000008380000-0x0000000008388000-memory.dmp
memory/5132-1142-0x0000000008390000-0x000000000839A000-memory.dmp
memory/5132-1143-0x00000000084E0000-0x00000000084E8000-memory.dmp
memory/5132-1144-0x00000000086C0000-0x0000000008A02000-memory.dmp
memory/5132-1145-0x00000000084F0000-0x00000000084F8000-memory.dmp
memory/5132-1146-0x0000000008560000-0x000000000856A000-memory.dmp
memory/5132-1147-0x0000000008570000-0x0000000008584000-memory.dmp
memory/5132-1148-0x0000000008A20000-0x0000000008A32000-memory.dmp
memory/5132-1149-0x0000000008A40000-0x0000000008AA4000-memory.dmp
memory/5132-1150-0x0000000008E70000-0x0000000008F02000-memory.dmp
memory/5132-1151-0x0000000008AB0000-0x0000000008ABC000-memory.dmp
memory/5132-1156-0x0000000008AC0000-0x0000000008AD2000-memory.dmp
memory/5132-1157-0x0000000008DD0000-0x0000000008DD8000-memory.dmp
memory/5132-1158-0x0000000009310000-0x000000000935A000-memory.dmp
memory/5132-1159-0x0000000008CE0000-0x0000000008D02000-memory.dmp
memory/5132-1160-0x0000000008D00000-0x0000000008D12000-memory.dmp
memory/5132-1161-0x0000000009ED0000-0x000000000A476000-memory.dmp
memory/5132-1162-0x0000000008E50000-0x0000000008E58000-memory.dmp
memory/5132-1163-0x00000000096B0000-0x00000000096B8000-memory.dmp
memory/5132-1164-0x000000000A7F0000-0x000000000A83C000-memory.dmp
memory/5132-1165-0x000000000A7B0000-0x000000000A7C0000-memory.dmp
memory/5132-1166-0x000000000A890000-0x000000000A898000-memory.dmp
memory/5132-1167-0x000000000A8A0000-0x000000000A8A8000-memory.dmp
memory/5132-1168-0x000000000B5A0000-0x000000000B5D8000-memory.dmp
memory/5132-1169-0x000000000ABD0000-0x000000000ABDE000-memory.dmp
memory/5132-1170-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1171-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1173-0x0000000074860000-0x0000000075011000-memory.dmp
memory/5132-1174-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1175-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1176-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1177-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1178-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1180-0x0000000007290000-0x00000000072A0000-memory.dmp
memory/5132-1181-0x0000000012E70000-0x0000000013488000-memory.dmp
memory/5132-1183-0x0000000006CA0000-0x0000000006CB0000-memory.dmp
memory/5132-1188-0x0000000013490000-0x00000000139BC000-memory.dmp
memory/5132-1199-0x0000000074860000-0x0000000075011000-memory.dmp
memory/1252-1201-0x0000000000630000-0x0000000000982000-memory.dmp
memory/1252-1200-0x0000000074860000-0x0000000075011000-memory.dmp
memory/1252-1206-0x00000000056C0000-0x00000000056EC000-memory.dmp
memory/1252-1207-0x0000000005440000-0x0000000005450000-memory.dmp
memory/1252-1208-0x00000000058A0000-0x00000000058EC000-memory.dmp
memory/1252-1241-0x0000000060900000-0x0000000060992000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ce7186ca0bc446834f0bf5c09080bc92 |
| SHA1 | c5e7aae44bdaa3233683a2b296cebc019bd0bf91 |
| SHA256 | 6a38ce32321f15f302b1211cd8ab8365b378cf7f1c9d761fe4b5dfeeaa18b091 |
| SHA512 | 2ab69ffd05752b20d6ed56a8f38bd0fbd90fe8a304642ac032f448a9c8f2a2bfaad3f3a2f3accf095a53680898a6b96deb475fee4b406b16ea18b63ccd7b4fc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27c117dfb148c953d238f5feead16aea |
| SHA1 | e4471794d5261be2ca4f9b8133180fdaedf694cf |
| SHA256 | 3ea73b1662306dba80ba41d64921ce41b4a6e1e37085f55298a78e7e0d61088a |
| SHA512 | d8291b2271b5ad916960f27ce30431900ea3cba3715e7f9018d51c63b24a7a8c903624ae6c5cac87a6d02d8782cbd49bddcb2b405e86e2712b3b9b1fb11cbdd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4a2a85e81d28f130036a4c364733f2c0 |
| SHA1 | ddc4872670be6dbd4b276dcfc6304a3b0ae2343e |
| SHA256 | ebd6c019c455b555016dfb539cedb6b062198d4aa0200dd7eda0a07bb3c44127 |
| SHA512 | 848944194ae8e7beb3a2ef480d80f3649f81002b0e73f91e16c06afeea62a079bfbeaed104b2b7d7595dc3285c3ce0833ebc0450414482b0b0f4dcb939b54822 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2dbd0e2d47a235422d37c1219b65d5f4 |
| SHA1 | 1d1bf974eaf530c225f0b61bde2d7f3e8174a8dd |
| SHA256 | b04e101ca73439dd4b69885f0ce8bfd2c1a4e906f5baf17e8305a11e50b22f89 |
| SHA512 | 8b400b903e21454ff0cb555b0695cb3fd8293daa538e816e3e6dc2f94df062493b3f2c8c2f935c0ad1005d9a22ea633dbcfb8d443a7ed981f2b0e9b4f8ffab6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5e141e4bd6580661de1bea8ebe67c9f |
| SHA1 | 26d03935101e96b4f2c38653afc9900bcca6df71 |
| SHA256 | 6b6c3f2b7f6d6e1055fb677d0336702cef5a6de82e16b4505447ad8835206c4d |
| SHA512 | 6c397d4f7d6493649a705ed49ead4e9cb387d4d26b2b9b26536c2f283fbf763b905d3fa068a23e75c023fcb55b4512445849873f3fa3406db511ce8d58f56d59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e8681180797bd0ddbf1f4bcc7f38bc17 |
| SHA1 | 296eab5ba09f7dc78c716b35eabe049753a17e92 |
| SHA256 | a6672f710a1d30daae9884644b7f204c60095b2527395bb6efede7d95319ff96 |
| SHA512 | 376b0f7a65d9279f0ddf674eaf4010522314d4dca45942c329a2ccf8f87daa3300b4461cb0b905d1fa1597beb987c8612eecbec8014812ab90ad5fd75c27e4bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3be378020429861752e18347004fdd78 |
| SHA1 | 8956b82b4c9599c09c417809a337159a713a33c6 |
| SHA256 | 19585f4a0d9783924d9b387787dc1984d69c02083cd91fa5c404f9cd3a8e627f |
| SHA512 | b1a4bd6b6b0f23437cd5a6e8e9f3ce679b0a76aa1280e12409fd987c4749cf0c0d4a3528b1a322471bb8ee4cf4a708c93bb93e25993f57a247a159107d5fe4f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e95cb9fa9f7973a5132e833c93983ebd |
| SHA1 | c017e53a51188c93e41317c91713cef66250a8ee |
| SHA256 | 442ee0a198bdedebeed904c7aae92948f35ddb1967eabe89965ff646f77e7ac7 |
| SHA512 | eb5877ece94594d697f6b4927539f4d8acdf9d4e5b6adc529b8094fc2fefa835e35f7c098e01d615b8f33681579d55a463929b0ecac8a3414e5e2567ff85d8b3 |
memory/5556-1448-0x0000000039FE0000-0x000000003A0AB000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 1effa95d487e36f2410226e150ae4a3a |
| SHA1 | 8396944f56ac76f472f376fae6902e240e419fc6 |
| SHA256 | 41364b590311ef6132ac9a906fbe9fb3d9de1d99a701cd344d56f6d9c80c2f99 |
| SHA512 | e0f9d2ddb9956904dc2ab7871d3ee83af91872b3bec61a6c92c3f2b2ec05f4ebcab5312c1fea6aaef18c041fa9cef0124fb8967650463bedf02f207afe5c8216 |