Analysis Overview
Threat Level: Known bad
The file https://github.com/pankoza2-pl/TrashMalwares was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Detected google phishing page
Disables RegEdit via registry modification
Manipulates Digital Signatures
Downloads MZ/PE file
Drops file in Drivers directory
Disables Task Manager via registry modification
Loads dropped DLL
Drops startup file
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Adds Run key to start application
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Drops autorun.inf file
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Delays execution with timeout.exe
System policy modification
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry key
Enumerates system info in registry
Kills process with taskkill
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Runs regedit.exe
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Opens file in notepad (likely ransom note)
Runs net.exe
Creates scheduled task(s)
Modifies registry class
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-15 18:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-15 18:42
Reported
2024-02-15 18:56
Platform
win10-20240214-en
Max time kernel
782s
Max time network
789s
Command Line
Signatures
Detected google phishing page
Disables Task Manager via registry modification
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\fwpkclnt.sys.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\gm.dls | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\gmreadme.txt | C:\Windows\SysWOW64\cmd.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wintrust.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240859031 | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sodnciwkms.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\n0rt0nant1ldks.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240803734 | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240849140 | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe | C:\Users\Admin\Downloads\AcidRain.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NyanCatIsHere.exe" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\AM6528~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM9F84~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM2B68~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM6020~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM0683~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMA4BE~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM3D76~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM4CF3~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM690B~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM4F04~2.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM7077~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM1C0B~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM3085~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM59AD~2.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM4D7C~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM4B40~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM4552~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMDE56~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM0743~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMDDAD~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM9DBE~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM63CB~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMD7B5~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM0E5E~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM11AF~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMD94D~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM664C~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMC6FC~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM0935~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMA2CB~1.0_N\Desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM7BFB~1.0_N\desktop.ini | C:\Windows\SysWOW64\cmd.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\BITLOC~1\autorun.inf | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ncryptprov.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WINDOW~1\v1.0\Modules\NETWOR~1\NetworkConnectivityStatus.psd1 | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\irprops.cpl.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\certmgr.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\schedsvc.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fr-FR\netcfgx.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\it-IT\netiougc.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\packager.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WLanConn.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\mdminst.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\DfrgUI.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\WABSyncProvider.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fdBthProxy.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\InfDefaultInstall.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ja-JP\apphelp.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ja-JP\capiprovider.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sfc_os.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\wdc.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\appwiz.cpl.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\DaOtpCredentialProvider.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\mountvol.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\fidocredprov.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\XInput1_4.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\auditpolmsg.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\quartz.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\twinapi.appcore.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fr-FR\mscms.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\it-IT\advapi32.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\it-IT\das.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ro-RO\comctl32.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\activeds.tlb | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\vfwwdm32.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\sxstrace.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iscsicpl.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\rasauto.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ja-JP\mscms.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WINDOW~1\v1.0\Modules\PSDESI~1\DSCRES~1\MSFT_W~2\en-US\MSFT_WaitForAny.schema.mfl | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\BthTelemetry.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\CPFilters.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\netiougc.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\wshtcpip.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ja-JP\clusapi.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\ConnectedAccountState.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fr-FR\doskey.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fr-FR\explorer.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fr-FR\joinproviderol.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\it-IT\MbaeApi.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\it-IT\subst.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\KBDTUQ.DLL | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\mferror.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\BWContextHandler.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\Fondue.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\webcheck.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\scrptadm.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\es-ES\pshed.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ja-JP\faultrep.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\accessibilitycpl.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\AppLockerCSP.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\prnntfy.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\avicap32.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WINMET~1\Windows.Media.winmd | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\de-DE\rstrui.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIAB25~1.0_X\Assets\Preview.scale-200_layoutdir-LTR.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~1\HxCalendarMediumTile.scale-400.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\images\OneNoteAppList.targetsize-32_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\6924_24x24x32.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\6924_48x48x32.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~2\OutlookMailSmallTile.scale-100.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI97D5~1.SCA\Assets\SECOND~1\DIRECT~1\Work\LTR\WideTile.scale-100.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MICROS~4.0_X\Assets\AppTiles\Weather_BadgeLogo.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\application.manifest | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\en-us\styles\wefgallerywinrt.css | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\small\wf_16x11.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI0911~1.0_X\Assets\PhotosStoreLogo.contrast-black.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7930~1.0_X\Assets\CalculatorAppList.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~2\HxCalendarAppList.targetsize-20.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIE745~1.0_X\Assets\FILEIC~1\FileLogoExtensions.targetsize-48.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\dm_60x42.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\st_60x42.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI0911~1.0_X\Assets\PhotosAppList.targetsize-36_altform-fullcolor.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI41D1~1.0_X\Assets\AlarmsAppList.contrast-white_targetsize-72_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\2818_48x48x32.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\COMMON~1\MICROS~1\ink\ja-JP\InkObj.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\DELETE~1\MICROS~2.SCA\AppxSignature.p7x | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI20CB~1.0_X\images\CONTRA~2\OneNoteAppList.targetsize-96_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI97D5~1.SCA\Assets\SECOND~1\Place\WideTile.scale-100.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIE984~1.0_X\Assets\AppTiles\MapsAppList.targetsize-32_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\Themes\Jumbo\jumbo_background.jpg | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\mz_60x42.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\small\vi_16x11.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI0911~1.0_X\LUMIA~1.VIE\Assets\IconEditMoment.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI691C~1.0_X\Assets\CONTRA~1\AppList.targetsize-16_contrast-black.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\EMOTIC~1\large\waiting.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MID550~1.SCA\Assets\SECOND~1\DIRECT~1\Home\LTR\CONTRA~1\LargeTile.scale-125.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\COMMON~1\MICROS~1\ink\it-IT\InputPersonalization.exe.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WINDOW~4\ACCESS~1\wordpad.exe | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MICROS~1.0_X\Assets\MANIFE~1\CONTRA~2\Square310x310Logo.scale-100.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\THEMEC~1\ClassicDeck4.jpg | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\Themes\Autumn\autumn_13c.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\Themes\Beach\beach_12s.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7C12~1.0_X\Assets\CONTRA~1\WideLogo.scale-100_contrast-black.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\small\pw_16x11.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~1\GenericMailBadge.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\COMMON~1\MICROS~1\ink\ja-JP\mshwLatin.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WINDOW~1\ja-JP\EppManifest.dll.mui | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MICROS~4.0_X\Assets\AppTiles\WEATHE~1\30x30\156.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI79E2~1.0_X\Assets\GetStartedAppList.targetsize-64_altform-unplated_contrast-white.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIEA86~1.0_X\Assets\THEMEP~1\Effects\outer glow.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\ch_60x42.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\CONTRA~1\GenericMailLargeTile.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\COMMON~1\MICROS~1\ink\FSDEFI~1\main\baseAltGr_rtl.xml | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7930~1.0_X\Assets\CalculatorAppList.targetsize-40_altform-fullcolor.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\6486_36x36x32.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7C12~1.0_X\Assets\AppList.targetsize-32_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7C12~1.0_X\Assets\AppList.targetsize-60_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIC69C~1.0_X\SkypeApp\Designs\Flags\large\bj_60x42.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIB685~1.0_X\images\10191_40x40x32.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MID550~1.SCA\Assets\SECOND~1\DIRECT~1\Work\LTR\WideTile.scale-125.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI06B9~1.SCA\Assets\AppTiles\CONTRA~1\StoreLargeTile.scale-100.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI101B~1.0_X\Assets\AppTiles\CONTRA~2\StoreAppList.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7B67~1.0_X\XBOXAP~1.MOD\sqlite3.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI22BC~1.0_X\Assets\VoiceRecorderAppList.contrast-white_targetsize-36_altform-unplated.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MI7B67~1.0_X\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated_contrast-high.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MICROS~4.0_X\Assets\AppTiles\Spacer\5px.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIE03D~1.0_X\Assets\toast.scale-200.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\PROGRA~1\WI7DB9~1\MIEC84~1.0_X\clrcompression.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM92F3~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM73BD~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMBFA6~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMBC1A~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM072A~2.0_E\ADSNTD~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM5F12~1.0_N\DEFAUL~3.JS | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM13FA~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM843D~1.0_E\EAPPCF~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMEF78~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM4FD3~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM44A9~1.0_E\IALPSS~1.INF | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMEE5C~2.0_F\FORFIL~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\FileMaps\$$70EC~1.CDF | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\FileMaps\PRCD36~1.CDF | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM6FEA~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\WO2177~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MS562A~1.0_N\WMSADM~1.DLL | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\IMMERS~1\Settings\AAA_SettingsPageCortanaNotifications.settingcontent-ms | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\INFUSE~1\Packages\MIB685~1.0_X\images\HxMailMediumTile.scale-125.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM5C7A~1.0_N\storvsc.sys | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM73A8~1.0_N\Amd64\CNB_0398.GPD | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM11E2~3.0_N\deCP6.gpd | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMC3D7~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\Backup\AM042B~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\X81C3A~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM~1\MICROS~1.MIC\ja-JP\assets\ERRORP~1\needhvsi.html | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMFA13~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MS7608~1.0_E\MICROS~1.DLL | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMD22E~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM4D34~3.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\X8BCFC~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MS5FD7~1.170\SYSTEM~1.DLL | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM5F98~2.0_N\WEB_LO~1.DEF | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\Backup\WOC895~1.DLL | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM013D~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM8170~1.0_F\CDPSVC~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM14C4~1.0_F\FFUPRO~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM3086~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMD91F~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\Fonts\georgiai.ttf | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\INFUSE~1\Packages\MIB685~1.0_X\images\CONTRA~1\HxA-Google.scale-300.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\INFUSE~1\Packages\MI06B9~1.SCA\Assets\AppTiles\CONTRA~2\StoreMedTile.scale-100.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM34C8~1.0_N\ED913D~1.XRM | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM150B~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM8735~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\X8C5A8~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM8FBF~1.0_N\smalle.fon | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM5365~1.0_E\MSSMBI~1.INF | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\Backup\AM821B~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM1BE5~1.0_N\redirect.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM2A39~1.0_E\CSCSVC~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM029D~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\WO8759~2.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\INF\mdmdf56f.inf | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SERVIC~1\Packages\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM2077~1.0_F\BOOTST~1.MUI | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AME157~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AMA07F~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\MSE8A9~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\INFUSE~1\Packages\MIAB71~1.SCA\Assets\WINDOW~1\WindowsCameraWideTile.scale-125.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\INFUSE~1\Packages\MID550~1.SCA\Assets\SECOND~1\COLLEC~1\SmallTile.scale-125.png | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\MANIFE~2\AM0ACC~1.MAN | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AMF8B9~1.0_E\C_APO~1.INF | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\AM0A8B~1.0_N\netr28ux.sys | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133524961991336145" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Japanese Phone Converter" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "1" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Adult" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 205791d2e968da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%SystemDrive%\\Data\\SharedData\\Speech_OneCore\\Engines\\TTS\\fr-FR" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A0533 = 0f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f9030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a3620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f2da2933f60da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "409" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = 7e122c149aaa93b13838083a2eb340f90acc75e3fe8c64632da049ee241e1016 | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Hongyu Mobile" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A0533 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "Microsoft Ana Mobile - Spanish (Spain)" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mega.nz\ = "65" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\it-it\\M1040ElsaV2" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%SystemDrive%\\Data\\SharedData\\Speech_OneCore\\Engines\\TTS\\es-MX" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "German Phone Converter" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%windir%\\Speech_OneCore\\Engines\\TTS\\pt-BR\\MSTTSLocptBR.dat" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2e0c2d9a3f60da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "{C6FABB24-E332-46FB-BC91-FF331B2D51F0}" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "%SystemDrive%\\Data\\SharedData\\Speech_OneCore\\Engines\\TTS\\en-US" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "414184877" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Runs net.exe
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TEMZ.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcd89e9758,0x7ffcd89e9768,0x7ffcd89e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3572 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2148 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5636 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\ReadMe!.txt
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\SuS.jpg" /ForceBootstrapPaint3D
C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_VbucksGen.zip.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"
C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:2
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe
"C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"
C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe
"C:\Users\Admin\Downloads\VbucksGen.zip\Vbucks_Gen\VbucksGenerator.Gen.exe"
C:\Users\Admin\Downloads\AcidRain.exe
"C:\Users\Admin\Downloads\AcidRain.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\61B9.tmp\Acid Rain.bat" "
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SysWOW64\reg.exe
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\timeout.exe
Timeout 1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\net.exe
net user Admin 888Z.QrK2T!ZDshw5jZ.QrK2T!ZDshw5jRR
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin 888Z.QrK2T!ZDshw5jZ.QrK2T!ZDshw5jRR
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\timeout.exe
Timeout 1
C:\Windows\SysWOW64\net.exe
net stop wuauserv
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop wuauserv
C:\Windows\SysWOW64\timeout.exe
Timeout 1
C:\Windows\SysWOW64\reg.exe
REG add HKCU\Software\Policies\Microsoft\Windows\System /f /v DisableCMD /t REG_DWORD /d 00000002
C:\Windows\SysWOW64\timeout.exe
Timeout 50
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcd89e9758,0x7ffcd89e9768,0x7ffcd89e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4316 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\Downloads\AcidRain.exe
"C:\Users\Admin\Downloads\AcidRain.exe"
C:\Users\Admin\Downloads\AcidRain.exe
"C:\Users\Admin\Downloads\AcidRain.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sodnciwkms.vbs"
C:\Windows\SysWOW64\timeout.exe
Timeout 65
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\SysWOW64\mspaint.exe
mspaint
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\timeout.exe
Timeout 5
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\mspaint.exe
mspaint
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\timeout.exe
Timeout 5
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\n0rt0nant1ldks.vbs"
C:\Windows\SysWOW64\timeout.exe
Timeout 5
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\timeout.exe
Timeout 5
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs"
C:\Windows\SysWOW64\timeout.exe
Timeout 55
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2196 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5176 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Users\Admin\Downloads\x.exe
"C:\Users\Admin\Downloads\x.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\is64.bat" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4360 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4532 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Users\Admin\Downloads\TEMZ.exe
"C:\Users\Admin\Downloads\TEMZ.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#125 S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5804 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=1748 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1480 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6252 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Users\Admin\Downloads\PC shaking v4.0.exe
"C:\Users\Admin\Downloads\PC shaking v4.0.exe"
C:\Windows\Media\PCshakingv4.0.exe
"C:\Windows\Media\PCshakingv4.0.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6552 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4548 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 --field-trial-handle=1768,i,9357622991497331701,2410399256948199542,131072 /prefetch:8
C:\Users\Admin\Downloads\Dro trojan. Virus prank.exe
"C:\Users\Admin\Downloads\Dro trojan. Virus prank.exe"
C:\Users\Admin\AppData\Local\Temp\START.exe
"C:\Users\Admin\AppData\Local\Temp\START.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ZbDz.vbs"
C:\Users\Admin\AppData\Local\Temp\Killer.exe
"C:\Users\Admin\AppData\Local\Temp\Killer.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZbDz.bat" "
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "DisableTaskMgr" /t REG_DWORD /d 1
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM Taskmgr.exe /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM Taskmgr.exe /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM Taskmgr.exe /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM Taskmgr.exe /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM Taskmgr.exe /F
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "DisableTaskMgr" /t REG_DWORD /d 1
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Collapse_all.js"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SHK.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SHK.bat" "
C:\Users\Admin\AppData\Local\Temp\Shaking_horizontally.exe
Shaking_horizontally.exe
C:\Windows\SysWOW64\timeout.exe
timeout /t 1
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM Shaking_horizontally.exe /F
C:\Users\Admin\AppData\Local\Temp\R_O_13-27.exe
"C:\Users\Admin\AppData\Local\Temp\R_O_13-27.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\OptionalFeatures.exe
"C:\Windows\system32\OptionalFeatures.exe"
C:\Users\Admin\AppData\Local\Temp\Draw_cursor.exe
"C:\Users\Admin\AppData\Local\Temp\Draw_cursor.exe"
C:\Users\Admin\AppData\Local\Temp\Error_icons.exe
"C:\Users\Admin\AppData\Local\Temp\Error_icons.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Users\Admin\AppData\Local\Temp\Inversion_and_oil.exe
"C:\Users\Admin\AppData\Local\Temp\Inversion_and_oil.exe"
C:\Users\Admin\AppData\Local\Temp\New_Names.exe
"C:\Users\Admin\AppData\Local\Temp\New_Names.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a5b055 /state1:0x41c64e6d
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.thisworldthesedays.com | udp |
| US | 64.91.240.248:443 | www.thisworldthesedays.com | tcp |
| US | 64.91.240.248:443 | www.thisworldthesedays.com | tcp |
| US | 8.8.8.8:53 | 248.240.91.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ww1.thisworldthesedays.com | udp |
| DE | 64.190.63.136:80 | ww1.thisworldthesedays.com | tcp |
| DE | 64.190.63.136:80 | ww1.thisworldthesedays.com | tcp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| DE | 64.190.63.136:80 | ww1.thisworldthesedays.com | tcp |
| DE | 64.190.63.136:80 | ww1.thisworldthesedays.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 172.217.169.46:443 | drive.google.com | tcp |
| GB | 172.217.169.46:443 | drive.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 172.217.16.238:443 | ogs.google.com | tcp |
| GB | 172.217.16.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| GB | 142.250.187.202:443 | content.googleapis.com | tcp |
| GB | 142.250.187.202:443 | content.googleapis.com | tcp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| GB | 172.217.169.74:443 | blobcomments-pa.clients6.google.com | tcp |
| GB | 172.217.169.74:443 | blobcomments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | drive-thirdparty.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | drive-thirdparty.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | drive-thirdparty.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
| GB | 216.58.212.195:443 | ssl.gstatic.com | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dbd5bc5b4fc0483c7df2c809cffb3e38 |
| SHA1 | 696bdd99b43b963fc8285c4fe37ea63d26a10ebd |
| SHA256 | e958b99741ba282948f99259953c231ac69b2f3fd89f2ec6af793b739c0fa004 |
| SHA512 | 795bedd4a92fe8b57436afa2af7f42148e64bb420cc1b9fc40a2d46a9e4420a65546dcf7c3014afa60db5314ba81e76cd40be2a413a3f297244890ce957504ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6842976d84c2a636231d860e29711a4 |
| SHA1 | 566972663fc16d65c192b9b7ef37598a83e02074 |
| SHA256 | cca14c3cafde620c444c75d00829a3aa60c1783b374371543eb85a101eecd7c0 |
| SHA512 | 1e00b403ff46e25f6e3357676aadd183f68ead0977dddd7bd73e47acddce30dc5c6efc7601e22496bb84d3ba3f422011055c836f8f7e93ab221b85b643ee9499 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0c2ebb004f315a54bc1f2bebd5c95593 |
| SHA1 | 2e5288c665c926835f2129640d39688bfe09bd3e |
| SHA256 | d76b4669340b89afe830d55f1447f7922327e7878a653bcb53383e44b9348c84 |
| SHA512 | 6c437176db474529f4bfff16101f5eef4130c9c7bc9445e9ec1b6e43fc3f47f213823486766b12feb8b52e4c7bca5abb79b2505e15b98da7208144b97b298c37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8eedad140da3558bef6c60a9ba3bca41 |
| SHA1 | de6c0c6c8e48ad5562a4fcd0d83d9ab16ccb4f66 |
| SHA256 | bcfd2995110b75df00c7206ce88722eb810061afd252caa77bd147a12b46c98e |
| SHA512 | 1a5345ac13972a88dc340fae998f1dd5554cf033964fa4607d856a0cd1cea5769b76a76c97289a4ad47b7107ed9997b0fb824c32eed0387bffde6071a329ab48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e87c74356ab0814b06184ce9e7ab58a4 |
| SHA1 | cec8b4f84a1cbefe42a618c7d58236ef4c57496c |
| SHA256 | 17f853dbd26203970c7dc35d12918817c9885968d940d2218c15b0b5cce56845 |
| SHA512 | 6d5ab7c7e9a84c29f1a4786ee855671f6f7f8cced2ba29b8c49c2c046c0ca9aa316ce18a8cfd7663d558f2b78cb13f58c2da78cbc37001a6f527e12530f156dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aabf4e80da33cfc938eb80184c489b59 |
| SHA1 | 0b535631dc8667e86af5d7386c9e0900a3b640a0 |
| SHA256 | 21234265a0e19a5d47bf2a9fd48bf181ef1ae34320cd2c42e72782443ba83ccd |
| SHA512 | b661d255d1f8bd4e75dbc8fc9a490192491c410c00f18a9740c847e9c52f724027a0c54b98345bbfb3a84c8ceb5de0acb8b7ae7f303806315056ead8da413ae1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a91c8171349946640d309bb0289c1cd8 |
| SHA1 | 5404be72979b67bea9954f1e2fa449e5c6ddcf4b |
| SHA256 | b7e1f5f11cdc20a6652a4fc481431778c921dd094148c947ee48ef877ee07d36 |
| SHA512 | 1ad3b39ab1d8312a9f85850f193b2a17c249c7281c49a48c29c0dcdf86899609e254c4d1ad77333374a19ea740ca6ff59c82b3695072f8f4d8f6e764ca9ec1d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f3fbc822563b318b6a890a7397a6660 |
| SHA1 | f45fcac37fe8d4f8575dae97d012c60d2baa42ae |
| SHA256 | 4c6280d30badf3de4c592c46238f2148156aef528e459a716d4c6435b9ffffac |
| SHA512 | a35ca0a3cd29837bd46dabd922167f1af2b6e3b8767029d0eb1c5cf3c1fc91ef2e55f04a6b05392d74270dcb5db0326b5a909206406109d36da47a6d5f536cab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b9917a9ba4da2ef8b451de5ea688acca |
| SHA1 | 12d6a6e85dcc979308f6f9944e2cfee28ce9b7ec |
| SHA256 | 44a722ff3c7842dd8daa6d6a84e824e5fce2c96cecf8ba03cdad29623000de9a |
| SHA512 | 640ee061a485ed2dbb2aea4765804cd484115bef1017b4f63af7064b91ad638e00af0104aa631852bcb05603bfd780d0e6d2ab01441e73b8325326814946ee48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b38fbfc76d09c2f4921030aa2a0e5d88 |
| SHA1 | b7b112c399540663b016ddab4ff008f3d196ac6c |
| SHA256 | 4361469d829c9e9b0276b17e8b620db84b25383ffc146fff4d02f691096f3484 |
| SHA512 | b854897a229b8c542177cd277b6201efe0676e2942838d5baab3b4b7758dc75f1db61fff01515988c0c6d0c40c8db3db00fe6a00249359b9ca15237cc1cb9683 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 8b9eacf27d8cc019f76ef3af98561bf0 |
| SHA1 | fc122ef4d3e67cd96a9af327ae2bad8ae86ea21a |
| SHA256 | cd0630f5382ed34c83c05f228320cd7164afb42fc70a2b2c101a4fe212f64329 |
| SHA512 | b11ae48db37d2ba9a0e5026ee6d50d3b5deb4b38395af3ca4743a0f6aaa39ae1d84f348b4175901dabda05cb50524c2c25950848f89db5829346c1e281113e6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | bcf8a9566c19c82f4bdb43f53a912bab |
| SHA1 | aedbcfb45eed11b7ad362b53ff32bacec9f932ee |
| SHA256 | 52c97dd2602b4d9ac70b61c3dd9b0f9869c5c211e2a4b52e94eda5e150349ae7 |
| SHA512 | cfec8603b3eecc261735ddb3d9f292f47e5e34761d73c33b8a1fa1efcf8e07b9b5595a28eac3b238842cf1f63a155b0376840f42ab22ad3186390bcfbc62adfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 1570abcb0b7f274a02f4aa39a18aff63 |
| SHA1 | 87d392d2f1c89a2ab2672e495d1198b34e81fceb |
| SHA256 | cfcea4b88ddd288925d0a6b6a2b62f44b27160c6f55d5dcfaf293a3eb45f53f9 |
| SHA512 | 5aece76ee3a8a734404be76f2feffa30d4bc1c618a3ff4c8ca8244e6ccee2886599a095b6578be10d8da2810934e8e255658c90c22da35f0354617c9ad08b2af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 4b4947c20d0989be322a003596b94bdc |
| SHA1 | f24db7a83eb52ecbd99c35c2af513e85a5a06dda |
| SHA256 | 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180 |
| SHA512 | 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 657ed1b9ac0c74717ea560e6c23eae3e |
| SHA1 | 6d20c145f3aff13693c61aaac2efbc93066476ef |
| SHA256 | ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570 |
| SHA512 | 60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 2f3c7b5f9221520efbdb40dc21658819 |
| SHA1 | df12f010d51fe1214d9aca86b0b95fa5832af5fd |
| SHA256 | 3ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99 |
| SHA512 | d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 33f6827683553c84560411d0309998e8 |
| SHA1 | ed17cbfa1593734614a73176f1dbc6c0696c8820 |
| SHA256 | 2f590a0ba1fb67f7ce58d450831244feda8facff5293b843652fde3b8cbcba7e |
| SHA512 | 7b9cd0a2c64d457de6132cdb7528b0621c2111a4bbfc94f122a13b337ef395bd8c0e77c33e2752e8afe0903ae2f3cb96fe7d989c367389a5e0ea18bc15a661be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ca65cdb2a03fa4ff134ecdda6fa5acf4 |
| SHA1 | 5b12dcdc6bb954a12c80991dd22ff676e2fc80c3 |
| SHA256 | 77edcec9f93c27596fdce017ec5c4cea903f1d35b78f1db4d9f8dd38bc9f4cd4 |
| SHA512 | 9f1c0544ec1183be027dcc974d3956ceaf7855718534521d2df4aff79e0eaca74cb4e3acf39d06e6fbf7efd1739dbfbd8aec5e7c25459a8e8d62633295037808 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 7681ba6e447706935c297d6ae7707970 |
| SHA1 | 339523c7e340104c221fa3793a5cbdd982dfe1bb |
| SHA256 | 0d07386726f7dad947874420c79bce200df31e58799b776c30cc40880bf02be5 |
| SHA512 | f903179d6b55ffe2151cde85b05a9f95dc55791287957c239a16e92fef8146cfd36cc36148c8c0636e171e36052a5f81c0e7fec0f7a9d628a8f041a0714e8afa |
C:\Users\Admin\Downloads\VbucksGen.zip.zip.crdownload
| MD5 | f1adcee21b57d3b6b7b2c361cbb37482 |
| SHA1 | 6eb21cfa42c6669cd7a0b33fa78ac283879910a1 |
| SHA256 | c91f093ca512ab2f4e6a4da997afb3ebd6c673b8bd4ee24d03248e6eb5691591 |
| SHA512 | 2a085cd3db1a0ef9c693091784300093fc23fcc202c9040f9d681946a1f1bf2853ef00271c2c1b08fed90d3c189ebb042b74a7f40cd6b551129649184c0dbe0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c842520e2968c9157a18949e92c9ddc1 |
| SHA1 | 5dbd99b5ac5b0db7550ff441d240ec1c792ce23e |
| SHA256 | 5ae7b5ae33c36f4bb323d62b6e67cb6401c08133bdbdc12acd1c5cc8f27d52bf |
| SHA512 | 8951b08c40b319ee65b924dd01c69f4579e67da4b89e93232816eb5509a67f963313ad6e37c2b96e5020fada3b0eaaf39d6bcbeda4acb1e90ccdfa39176e7134 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a55897765e62164ec651cf2ee8b6690b |
| SHA1 | ef2b977803669b84cb9c0aa7453d05ce0551c813 |
| SHA256 | c48dd727d3c8f015dcb759b01943309588129d28d5945b069c426cd841d5ec65 |
| SHA512 | 0a2fd1a48d1984e8c80d80b9301b74850acae71753b47ad209d7ce57aa55ccbfad8d5a435df8b3be5df979c4f44656681484a053a235021ac3f008a6fec3a69e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad51ec07529fe997f0b6b98adaf34b15 |
| SHA1 | a0781b8ffcba64122a7ecd43d8793d96b01449fe |
| SHA256 | e2f3869cc66ca35f5aa171713c086a40b3b7096a62905b2e1ee66593e9136067 |
| SHA512 | b298fa8cb041302179e508ad2192b5eb34a637b0a032cf665e401b16d7f040fa26f1e26d20ed765eebb468c942d5e4fb8dbc15d8a8b86ec17d1e810bbd1dc7e9 |
C:\Users\Admin\Downloads\AcidRain.exe
| MD5 | ca7d220a719d83aa0dd379dd2c31037a |
| SHA1 | 88518880ee68f2b108a99449da73ec92b5e3658a |
| SHA256 | fa9189d2c7408a9f3bcb0af1be7f00ba71af5014a8bca0986eb11a891fa6c8b5 |
| SHA512 | eee05cd53f4f5edf6c6929a294284473c39b8193b211a3165333ed65c38ea4e9d5cc6a8e1a1ae2bb38652e83bc7d2ad20fa6d38f8cdbf3a94a7a10fb6358af78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c1bdd1c25393b2ef0ac2f1f8ec9d0a10 |
| SHA1 | 25c96b389ba9e69463eef41ca2da718d045b9411 |
| SHA256 | 7976150741fc4cedd640246836556844bab3b3facbd21a246ee8fa7d89e958f9 |
| SHA512 | 51b7deb2b439e317b19bcf45c1a07e475ddc762fd2c4da8861b92336d856bff596fd62b65329a76e28888d4a128376fcc5d1e4e138bc937661253dca97f6d061 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 74d501bbbd4abc2f7d9875ade36aa3fd |
| SHA1 | b388d991a2bad94b8bfead1d3395785306822158 |
| SHA256 | bd9e61c91474199e4630c065e4e9c96a931f0d26aaca170068b1f206614114d9 |
| SHA512 | c9725ef46e0b15436acc9e6f5002d65738b666ee50e60c38ef17b7d687ac2cfd981c3f828c768c5f1a569ad36758a232cbed4dad440d136bf6688bca78b69785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593781.TMP
| MD5 | 7cb12550cde65595a7e3c06b49bb26c0 |
| SHA1 | 71971f61dc97ce2e8010ea5f42bce500518d4497 |
| SHA256 | 7b15f7154b63adc0009090d713a3506f0018cc8550ed3bb0b8a3a6617d16d1b5 |
| SHA512 | ef837de726091d38b6a07c94f0c9d70cd32b4fc0c5106862c73fd1838d5abef9535b5a10d81f9ead562d84d1d768fb54a264f4f76a4d65765cdb71063c57d276 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5fc2bae88665fd12c6b9f1bb0c3a6194 |
| SHA1 | 684975ec796c3f989e4207d7a199dbe508963ec7 |
| SHA256 | c59811bfd90dc1da4895100694fa9d20cfb577d0a3b5efcdd820e5aeee97ba1b |
| SHA512 | 7b7b0c0161064f92a9c538b8815ab8a9a05f66fde9b559b93a23e045696c83abe980b6d763a9f4b801c51e7fe48e4cc2ae29d569fd27a147d0e5eb6f80ef9ff6 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\python39.dll
| MD5 | c854f4f8043c0b1de729b710e5f17f66 |
| SHA1 | edcb4fac70cf566de57cb36caec50c169c624a4f |
| SHA256 | e95789b50ea39940fdea554394aa254b9d5ef8254ea55237c42f575e8d724612 |
| SHA512 | ceeca4deab147c21102c70733efad8614ba801fb814c22d7c7ed07acd678d3d8c1eae4e1cd41c9d2b74020f175f17dc1c613089ea3e4624530e701be793baafe |
\Users\Admin\AppData\Local\Temp\_MEI39762\python39.dll
| MD5 | 66f97b811b0fd8b0c07f61c374f754e3 |
| SHA1 | 673235ca2728540c8ca38e336fea8d7966f3acbf |
| SHA256 | 74dc99c4fed18dc414e7d40170e04bf01ee19a6b6d60690ccdc90af12b5bf9a8 |
| SHA512 | 08497397438389da86a08b98e8d7845d2e33715b9ae69db10850f0a40310ffdde3c7785abf09958ddd9ccdb45bcb30b84d0b2d93a8c6925a7d9fb80b39f7297d |
\Users\Admin\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dll
| MD5 | a523e9cec26729156ee179928bc0ffef |
| SHA1 | c98f10709fecd28426574862dd20462910b28344 |
| SHA256 | 5873918035d2b4c1073db7f1157fbf13fa558e86069dfc813660b03f08743077 |
| SHA512 | a9763d0f6d6f7455c079a20ac3db3bf6c53b2ba2beaf09f8393ce8320f5e27cff842096f81da4b39a7187cb7e75e90b22a75491f201ce638cbe904f6354f9ea0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\base_library.zip
| MD5 | c418f66c0ab1a7b1d575a62b2b3a00d0 |
| SHA1 | c5bfb86f053c4ddc11a81f674587848f0b6749c6 |
| SHA256 | 870945def4729239e020f6e1dba94c046d470129faf6a0f3ddffbf5ac5b31d1e |
| SHA512 | 8ecc87bd1afd8bcbcbfe0051ad234cc2624f782fad87d5453668235f03c11e5b8baabbd05f459456def54e5ee1c695b1ff25cceb53c0cb5475156889e03828d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dll
| MD5 | a87575e7cf8967e481241f13940ee4f7 |
| SHA1 | 879098b8a353a39e16c79e6479195d43ce98629e |
| SHA256 | ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e |
| SHA512 | e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ctypes.pyd
| MD5 | 22cf43eaca1f0745896ccd7e8910f9e4 |
| SHA1 | 3df4d9f7386a044943fdcea6665acc0a13ed9fce |
| SHA256 | aaf9f6487b618aeb15dfe7d77b3f0d58185718fd68631323e56392ddef1d000f |
| SHA512 | 2e6d1cfabda0f617cd3acef0a9255e4c56868e66a7545a36f2da441ea27a40a45450887a48e0164a542fec1d6ae59f2933c2b6d95a4ea5cf4d2c249a3e886e10 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_tkinter.pyd
| MD5 | 5be1bd3100cae4bef967b2156aa7d0e1 |
| SHA1 | 51148ffb21eeb2e1b1bd01a7e6a3e09719725a7e |
| SHA256 | 704d032d9a65b92a8997dffbdf19b945360f8b5b2608f95452d163ad7992dfdd |
| SHA512 | 38aaf6802bfb6525b02d0dfd03c79d0fd441b2d52c662d30ea4f57b948f55403c18ef98ac51d504ca0384c07e8b91b2d0edebc4dc98a6b6030ccc5116a28ee13 |
\Users\Admin\AppData\Local\Temp\_MEI39762\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\tk86t.dll
| MD5 | 4b6270a72579b38c1cc83f240fb08360 |
| SHA1 | 1a161a014f57fe8aa2fadaab7bc4f9faaac368de |
| SHA256 | cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08 |
| SHA512 | 0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\tcl86t.dll
| MD5 | 75909678c6a79ca2ca780a1ceb00232e |
| SHA1 | 39ddbeb1c288335abe910a5011d7034345425f7d |
| SHA256 | fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860 |
| SHA512 | 91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\tcl\encoding\cp1252.enc
| MD5 | e9117326c06fee02c478027cb625c7d8 |
| SHA1 | 2ed4092d573289925a5b71625cf43cc82b901daf |
| SHA256 | 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e |
| SHA512 | d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_socket.pyd
| MD5 | ac90b2535025c3d2d88632591b619b73 |
| SHA1 | eee7a2803412a7bb362bd64cba378cfb5808d42b |
| SHA256 | ed1d6e0aa8237e491dde3c3fdfa6f4df35585eadf4716473f98aa86aa0a910d9 |
| SHA512 | 5fa573e3e2f712925cfc48ec5809493ef43db5c6694d2e244bebe6b9d2ceecfa5979619730321fd2a88ad59bbd5eb2b70672045e5062748ecd53fd216d116202 |
\Users\Admin\AppData\Local\Temp\_MEI39762\select.pyd
| MD5 | 0906200f02e2ee5eb3da08a64f10a69e |
| SHA1 | 5afcb2cc53a6d8ca85d1fe51389632b8b84d5194 |
| SHA256 | fb4fa3aed7a7955d4f78a3fbc2a6e6e1ab8d9e3768bb8b3f3a85866d1f2d74d5 |
| SHA512 | b69e9f7fdd77f776acd056cc8a2d8b34da76e1f30a50117b9aa6bf467a9ce7178407fc6b5e2126c0eea6f995ffa8ae94f92e0632c566fc39bab29ff278193cbc |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ssl.pyd
| MD5 | e7d8bbca8b419f220c8cd81b285cb4ae |
| SHA1 | c83d4e44704d46ddafb186526666bcf37aa927ea |
| SHA256 | 5e54983cb975784a358b2a02738d9db1296e0ab7aee1503277d3fdd8cf43e41c |
| SHA512 | 628107783757d52efdedd0a13ecbc9ef4c6422916104716c7dcb62bcb5beb735ca30ff990dee2916f752c4a643438c464cd6f5fb63c1366060a8b9ec52c45dbd |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libcrypto-1_1.dll
| MD5 | 63c756d74c729d6d24da2b8ef596a391 |
| SHA1 | 7610bb1cbf7a7fdb2246be55d8601af5f1e28a00 |
| SHA256 | 17d0f4c13c213d261427ee186545b13ef0c67a99fe7ad12cd4d7c9ec83034ac8 |
| SHA512 | d9cf045bb1b6379dd44f49405cb34acf8570aed88b684d0ab83af571d43a0d8df46d43460d3229098bd767dd6e0ef1d8d48bc90b9040a43b5469cef7177416a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libssl-1_1.dll
| MD5 | 86556da811797c5e168135360acac6f2 |
| SHA1 | 42d868fc25c490db60030ef77fba768374e7fe03 |
| SHA256 | a594fc6fa4851b3095279f6dc668272ee975e7e03b850da4945f49578abe48cb |
| SHA512 | 4ba4d6bfff563a3f9c139393da05321db160f5ae8340e17b82f46bcaf30cbcc828b2fc4a4f86080e4826f0048355118ef21a533def5e4c9d2496b98951344690 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_hashlib.pyd
| MD5 | 96bdc361b3127f01eefbf0b54dc2813a |
| SHA1 | f5900e228f6ccd1fe44a99a23cd27e6a71d2d88b |
| SHA256 | 95760d2f49b695cb0dc03720e2cdce34d1215285023f2bb7690f268e434c7871 |
| SHA512 | 6a9a481d130eef5a98b5d2b40ddca1d7aa83d7abb255368f3fdca85c395b0cd0711765143a6ec8f14696599cfd4876375449272f013969a59e7f26618a730b36 |
\Users\Admin\AppData\Local\Temp\_MEI39762\_queue.pyd
| MD5 | aac0035f5b5868a3e92df59f19e00773 |
| SHA1 | b3215c188385010af8519af0a66b9075644c4760 |
| SHA256 | 1ff1c01be25fd6797b263474c1c8df45107796a7e4d465e32a908d572d647b64 |
| SHA512 | a65975f3a1af79653a728aea801bc79de2274efcb5965f6433856c80f5584d16b46e339268068a3d5ca93216f0f3d81c7e79ac5a4eef2928dfeae0ed156d0b15 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\unicodedata.pyd
| MD5 | 814d6938da8e46d79b64326aa967a1a0 |
| SHA1 | 6d020c9ca51d7d4e77c197f5394d7e157482cea3 |
| SHA256 | 4059acb95b05b4536c983ebd232dc5aec00828914e61f31674b0fdf41656deb6 |
| SHA512 | f286b6e813bcd3ee9aad25f804689e3e8bbe13a41bb5715e49bcc1dc7ccae2f0c7595dbaabad806fea65825952e5e31d32ac9b31e583bf4b7cdf716ae6fa08d1 |
\Users\Admin\AppData\Local\Temp\_MEI39762\unicodedata.pyd
| MD5 | 8ce63e46ae9f75f9165af19630d7babc |
| SHA1 | 10b9155638b1d9ab707db6b7da8fb2b22001c121 |
| SHA256 | 4ea4984dc09b0a99c2a5c8b6b08aec9951ec1ba69036c86a6529017330827a58 |
| SHA512 | 80befb4b571b3e19d6cf0909b3fa7523738fd886255740e0301b8a7517cb7518f740d14521278d47e3f4f5bdfe4b77f7cff321b5c982f6f82bfd26427edfae71 |
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_bz2.pyd
| MD5 | c013236b137b64ff2f30dc0c2af56084 |
| SHA1 | 3d600c348794b3116c0d3230a40672be350142f7 |
| SHA256 | c435022d2cc868e26cde10e7749862ee8a177fced3289d49c3bc33af0c949d3f |
| SHA512 | 8fc14cafc32331af3f04257ea38d562d419c2c8c89ccaa8ace51593e708ec9cb27d9e1bd241bc717f929bd2d8c68aa78824af6b5adf1bde0e25812ec4de15852 |
\Users\Admin\AppData\Local\Temp\_MEI39762\_lzma.pyd
| MD5 | ecd60b380b7875d2521739e7acf365fc |
| SHA1 | 487ffde1f1a31f321a87658d22a1763624600304 |
| SHA256 | 1dcb9689a2a3eb1c2554caec217d4f6a10cf677701bcb6f762d6cc2111d14c4a |
| SHA512 | 37db64611f7098c08089b17a88db638ec329fa2b652689a3a7509566110afe8eca3ac5e047530d628503d713e15584ad376631576fa9d3e9efb4a1ca0c3c1709 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2de72ba43865dcfd9bcba8ed3aa1c276 |
| SHA1 | 66729d30ce103b6b06af70aa53909cb313a79dcb |
| SHA256 | ef515b8215f3e0a6412f54006f06fcc6e16432b6fee9496ba92bfe88089803e9 |
| SHA512 | 483b8147ff149aab617f9e0ee0222604e8c905d848ff3b4cf1473af670bbba507cb2fd4a38d92822b1e8fa239d81d3fd7c117b0d0fe59cad3688d78c65635494 |
C:\Users\Admin\AppData\Local\Temp\_MEI48602\python39.dll
| MD5 | 5042c2816090b7a4e64da2fb045a4926 |
| SHA1 | 5c0ea26524435fd848b4d3d7ff1c8a90e0cec528 |
| SHA256 | 2599258870aa7065f94941dad4b2618f6c7b10f3e6752cd7e7a0f470966fbaff |
| SHA512 | 41bdac360fdcfb3e0c72bd75ba4dae3364c38a06bab65070ed883ea83bf47ffa889b92bcc9042943ed713a0025b92769a3158b1c0ad6d77861b23709d1b0bab3 |
\Users\Admin\AppData\Local\Temp\_MEI48602\python39.dll
| MD5 | 6bb502e14103a7339fd4976dd8f3f4e2 |
| SHA1 | 9ff09e5d8aa2970138003d8e97cb3d6afaca5101 |
| SHA256 | eb42a9aeef63314b908962901f4c9ad3b5fc1934bbccc1aad72b28cafb14c9f4 |
| SHA512 | c478ed8d6d1ecdbf5ebc3a4f1a67a2453d50104d98c5563d1bc09980a6b60fef3ef56a35ef65a043d58e876156b62e283b2ba9ab173a586481c325f2a5989bf7 |
C:\Users\Admin\AppData\Local\Temp\_MEI48602\base_library.zip
| MD5 | 02f5e637adea94f9d58573bbc3f672f3 |
| SHA1 | 4124ec9bce6cc5ce919e2ce760149ac7bd67a39e |
| SHA256 | 32c13df904c55c4b7baa5a1afe51ac701e039529268723ce62c8d5015909482e |
| SHA512 | 3653670d113a71ef2dd1aedce602da9110620e973f9e283aa709efb9c7a0d913873f097631bbb3ec2a059c4aae09e966aa71b8b785ea0462e8d68b49d33930db |
memory/4564-3499-0x0000000000400000-0x0000000000423000-memory.dmp
memory/4184-3503-0x000002417E420000-0x000002417E430000-memory.dmp
memory/4184-3519-0x000002417ED00000-0x000002417ED10000-memory.dmp
memory/4184-3538-0x000002417D7E0000-0x000002417D7E2000-memory.dmp
memory/684-4497-0x000001A23F2D0000-0x000001A23F2D2000-memory.dmp
memory/684-4499-0x000001A23F2F0000-0x000001A23F2F2000-memory.dmp
memory/684-4501-0x000001A23F4B0000-0x000001A23F4B2000-memory.dmp
memory/4184-4517-0x0000024104DD0000-0x0000024104DD1000-memory.dmp
memory/4184-4518-0x0000024104DE0000-0x0000024104DE1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X7231HZM\favicon[1].ico
| MD5 | 72f13fa5f987ea923a68a818d38fb540 |
| SHA1 | f014620d35787fcfdef193c20bb383f5655b9e1e |
| SHA256 | 37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1 |
| SHA512 | b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6edda85a2450b31e998b3c85fb7ee50c |
| SHA1 | 38fd67ed3e61b0b2e87640cb95133056aa813fb3 |
| SHA256 | 0816dabe0fb98f01e405a718ce6b479f1442f283c84c34144992303bb05b5d59 |
| SHA512 | d1f1a4243793d4c0262d175810997ec16aa0d067419ed88b3e565e2c8834dcc0159cf0eff086fc14f41f6ddb4f132ef30e6864b9acef29f8ec8e2e47b21aadaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1eddb87b679bdfa1f2258d9710140e7b |
| SHA1 | 7bbb9c2b028343476154f2920b8e9427448b77aa |
| SHA256 | 00716355c72a181ab45868949359211a3d4891a7acb1ad4e11d5eaa6116d0e4b |
| SHA512 | a01bb1925eb26f76bbf31b8f67dc5d6066c2f014a7e076b82ee850c87d6ddb3a8b813c6bdd6e9ca4230cd5afa8d95dc2e7eb1a5cedc56446063a12f2c038c77e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6fcf2560772a292497f6b82ff368f878 |
| SHA1 | 888896df3f4aa320bd8e697f3399a1fd4d91fb19 |
| SHA256 | b47a9752fa91e86ef66369d255933d6e4998efa58851f228ba1bba890389e3ea |
| SHA512 | 8e2e17b546e610dcd9a1cbe770e54e0c24b8dc10cd6dcfb79ac15a8f22d73f1ff93b257a9b3bec10fecf32f1c4d338258b0512b1862cce85da74975957f87adb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d821df5870c66de3be00724cb0edfc84 |
| SHA1 | 5ffefedd282b0d4fab3bb5d5a0140f4604a9581a |
| SHA256 | c820db7296ec6af8199e8e902082dcc55688ec85c3129d1c056fb141c062ae4c |
| SHA512 | f2e841c4ae1c10b0398f4511eef5b94128a0d4386f9fbca227dc87deb6c4d096f438cceb85c5a54e70e39328e04d5e56ccc879b946be729be370c2def6c47852 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | df3fb509c668cf00eab7e63a8d4fd44e |
| SHA1 | 9e2b23d2b23bba7b9b88270f690e24d1285e070a |
| SHA256 | c89aa19649fb223b0dcdc718b499a9be43be743e5ca76238773d1a8ea37c898b |
| SHA512 | 73cc48e56a3938e9dc804badeca7cc2e1230a685e4d44e8006a6c50dbf8d413c562230bb82e9a5a36fbff836bc0e8f0b81695cd753d2b3aa28ed2272bca107bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ead4e3c56ccaa2a03a88c6efeb30ead |
| SHA1 | 4305aabf009d57077f516b0c96f67998a045cb44 |
| SHA256 | 60346d8932a492246bedda00f671eecd12286142ce8894eb5a4ecdb3ccaa96eb |
| SHA512 | 9538329b24a0541cb97320c9e3803e2c539ccbdd1cf7087b2f30c95b4c2250eee62ed4a6507aa1eb14145aab35adf565afad0460edde7090f1050c62bf01e867 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe
| MD5 | aacce8318a2e5f0a43c8cd50907d6d29 |
| SHA1 | fd5da11bbbcdb2421186626f461cb48fc634760c |
| SHA256 | 7217260d8d9c6b0b6c8b797f64c516d8ebe4db48dc8a5fced46eab9082378724 |
| SHA512 | 8991368b7e5391b37c4584eedddfbb4041ddc554acad9742b390aad7b5b4791c106d1068b7c9c29cda9e14bd62e5c36894318246c247576162c54f30076190b5 |
memory/684-4640-0x000001A23FA60000-0x000001A23FA62000-memory.dmp
memory/684-4642-0x000001A23FA80000-0x000001A23FA82000-memory.dmp
memory/684-4644-0x000001A240880000-0x000001A240882000-memory.dmp
memory/684-4646-0x000001A2408A0000-0x000001A2408A2000-memory.dmp
memory/684-4649-0x000001A2408C0000-0x000001A2408C2000-memory.dmp
memory/684-4651-0x000001A2408E0000-0x000001A2408E2000-memory.dmp
memory/684-4653-0x000001A240CE0000-0x000001A240CE2000-memory.dmp
memory/684-4655-0x000001A240D00000-0x000001A240D02000-memory.dmp
memory/684-4657-0x000001A240D20000-0x000001A240D22000-memory.dmp
memory/684-4661-0x000001A240D60000-0x000001A240D62000-memory.dmp
memory/684-4667-0x000001A240FA0000-0x000001A240FA2000-memory.dmp
memory/684-4669-0x000001A240FB0000-0x000001A240FB2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6UUW6GDF\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
memory/5768-4755-0x000002B898430000-0x000002B898452000-memory.dmp
memory/5768-4756-0x00007FFCBEBB0000-0x00007FFCBF59C000-memory.dmp
memory/5768-4757-0x000002B898460000-0x000002B898470000-memory.dmp
memory/5768-4758-0x000002B898460000-0x000002B898470000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1hsu2ziq.tbf.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/5768-4785-0x000002B8987C0000-0x000002B8987FC000-memory.dmp
memory/5768-4796-0x000002B898B10000-0x000002B898B86000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X7231HZM\favicon[2].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
memory/5768-5042-0x000002B898460000-0x000002B898470000-memory.dmp
memory/5768-5232-0x000002B898460000-0x000002B898470000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 921b8f8fa1c789b88e4c6e1f1362799b |
| SHA1 | 868cfa14caba91df1ca914091b8b18b32d7131c3 |
| SHA256 | 9e121af0f3fc9d8a1d8b7edf4f8d870a6db985d2cb414e190df1997481f7032d |
| SHA512 | 24909fe69ffb3e7209d2d7cd276f67fd97e8af553bed9978d9dce3731272d75511e12c92a1520ff9755f9ab1d02b8b7e178ed35b6211897c3cfa0c3ea04dace1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GCEJN9VS\anchor[3].htm
| MD5 | 4a37123455d34e351b12d08d2574c84d |
| SHA1 | e09cc16296fd82b56aa342fc0e4df6325cfdfa53 |
| SHA256 | 653597e08e07ead1452c6741c5f2c3ce7f2db4e566e53ee9ef273e8a250bf334 |
| SHA512 | 1c44ae6158263f9b64f037ff45e76ab9149e2c28add779b98af349cd26c9be04074e6b85332cae1b94a137a396c5c2afcb0bd1cd4dd311a09154a38086ef24e0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GCEJN9VS\bframe[4].htm
| MD5 | 124e0697db939d9d98432c3d4220a1e6 |
| SHA1 | cd03d205c05074cf1a652bf5476dcdb59e27f048 |
| SHA256 | bb2c857c4dae25350d6c1668c5d126d80a23ed7368e75dd1df13062f470bb1f9 |
| SHA512 | 358adde3a18704a885d70f6d5c6b2465998f6a5ebc05783b301b8e25bcd76c85860473207ebf41f11a463e30b996cc63ca85f48824f34ef81fe9d351a128c742 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6UUW6GDF\drive_2020q4_32dp[1].png
| MD5 | 916c9bcccf19525ad9d3cd1514008746 |
| SHA1 | 9ccce6978d2417927b5150ffaac22f907ff27b6e |
| SHA256 | 358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50 |
| SHA512 | b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\818432a\imagestore.dat
| MD5 | e36efaa4065647de40fff1ff23c06fc4 |
| SHA1 | 02f61a211bddfa5aa70dad98fd8f61a4e35e0c25 |
| SHA256 | cdf673062a5e4acb5d8627c13aec6012aa3ff600229e1638028437ac102da691 |
| SHA512 | 199ee995db649c621aaf43c7080656f98b3c46345ac1602fdfc064aac7072d9c88f6fa0fcdb16d1bf395896c9a7623a2632941e87374a3e2a7373fb6858af96f |
memory/5768-7234-0x00007FFCBEBB0000-0x00007FFCBF59C000-memory.dmp
memory/5768-7563-0x000002B898460000-0x000002B898470000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0ADODIF\cb=gapi[1].js
| MD5 | 8c79846f2b3509923d28dd933f2f0146 |
| SHA1 | 0bd969df614e46ffc63bced7d8335de2fd63e019 |
| SHA256 | 1b35e98600b2582e0efe7f7c741831081d8ca0c5226986efe1e090c9ea7556c6 |
| SHA512 | 7683e3983e9239e710cf17a6831381096229f9b82bda9dff926f1741bd797e12a6076ae27195638517111528aab1dcfb0191db555ab3121b77b9afac1160fcb4 |
memory/5768-7885-0x000002B898460000-0x000002B898470000-memory.dmp
memory/5768-8318-0x000002B898460000-0x000002B898470000-memory.dmp
memory/5768-8332-0x000002B898460000-0x000002B898470000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7aaa27c74a24c2ddde24bddbf9c1f233 |
| SHA1 | 7ca75ca56d726119f4b203eae9af5d2c84e0578d |
| SHA256 | 4b1ad043b970f16c26d12bd940df9375fef3e31e592f8376133dce488c856bfb |
| SHA512 | 61938d30230f76f11be7efd78f82e238e5fccbdf7b32cf045d5b7b95b7e46fd53ec784b47ba58b86cd90dbf6491f54f0f0c5e68f4d7473ebb335f6ab99d0113a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\eae6aca1-7e94-4878-b409-5ebe6607e952.tmp
| MD5 | 3ac4b2f83de8c0f7f9bd26f7f577a999 |
| SHA1 | 2a6aab5409c3dc5ffb99abb2646d4b4fdd9749ec |
| SHA256 | b2e582ce6e8ffb6e6423110177337c38bc501853dea8346eb38c2f8c4e556894 |
| SHA512 | bfd3077bb9c0843729532ba1838c6156aa7728313e97416e4e9c9c4b5107cdc2230d4819528a2cdfd2a3ff52bac915636572adb88d930322dc7077dbaf7fa560 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b5eb5a0381b66b276c398e9145e33153 |
| SHA1 | da518fbdfec21d5bee3d07db9c8acb67b66b6b5a |
| SHA256 | 8cea0c5f031834db5b92392aaf4a8869bd52c52086836fcd8121e424346ab0de |
| SHA512 | d943182264162697e9b461ab0a159b196dde631737838b52f52afb6b4b8965a3d33e094245bc38a968076f0b90612af7362b7c4848d215c065238a4e5e598a40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 71aeca35d7dfe3e298ca34bea70a965c |
| SHA1 | 1d3bd76524c30862547720f50d940e4f582c598f |
| SHA256 | 0631ec28163fcf4e3241fdcfa87ff3e2f70730789bf7279c2db802c77c207a81 |
| SHA512 | 6f9ba7d77d2546da64cc42d6a5051f7bacd2ff2bcbedb4fc52fc720f1c878d854189cedb29ad9ab0fb866203f9a08b47fc6047975e7bc6559eb88b01ad62fcfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 896b5cd27508ff08c9c0fdaf0c7f8cb0 |
| SHA1 | ad8702f442035b4224de44ad301f3829516211d7 |
| SHA256 | eee1c231351a4d5169bba243ec2b008ddb4c49d485650070ce2c4a722d941949 |
| SHA512 | 116a3cb4c623e71c089fdff36e4930a1a928ce70f4d2d91383a926b2b887c77893e29c9de484b2a4a5ea07d37847b9d1d4346cece6bce309f95bcd1bd7d1ffcd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fca310a6760f1fc2c7a5dbcc978cf53f |
| SHA1 | 905eaa592d2e8e285f1f2a0837046b3256100026 |
| SHA256 | 91d204f8b12797241f9231ddb79ebbd89ce8041274672f1fd556743538a3489e |
| SHA512 | 795f385023b2dfebe7b0bc24889e3c75fba0215229b7dced021b34aa75ecd921c8bc5018403bfcea66d09740a258fc12fd9779d8d278b35106bb16813cb9a3ee |
C:\Users\Admin\Downloads\x.exe
| MD5 | eb5ad0a90c7c3a23b51243844e41d780 |
| SHA1 | f07ad60430f5316cbfa8297c0fe8c69600f9f647 |
| SHA256 | d3032a664ef73356f62babe4ce53be27a7b0587f4c10036b4eec61a5435cfadc |
| SHA512 | 3bd11b208af263bec179931d0a55d29fbed59cca6ee8e2bb840d84ee52838401574b1812db3de792edf762258d108585fcf00a380e58b451a2e02180d3603122 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6648493f921b98c97c28bef0b781716c |
| SHA1 | f8cc534edd20dd3878bbe0fdd40124bd1e95280e |
| SHA256 | 1cb841960288e76de440ae31843fef7fe61c10a189860946410e7e1e74e5be4c |
| SHA512 | 5257294c734476d7e0b0b4f089f89ae949dea8f2a5e316ce086e8cb2c1761ff97ca8322a0dac08014599eccb40c85596a1dd34128931b6572775aec00b533682 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3950926e2f55c7a30565f30da004b3ef |
| SHA1 | db650d1ece53ad51d029de36fbde314f07d3dc3b |
| SHA256 | 821b093eab40afef657e94cead352c98355608c7e33ea4439a3286b01200036e |
| SHA512 | 4ff1b04fef9305831b77f25abbcbb822df612e7d0d3216e86d9d9dcd506371b8537698d47373bc2bf1da4ed9fb0a3e4515e1d6358c0a762f5f0505996692060d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | af13b33794f09db53b42622577a3315d |
| SHA1 | 0e25d7f1ec192ba238993d1e9c88e40ef059350d |
| SHA256 | a2ff9a03baa6ba10ae28ee1fb8455b579fc39d682adf6f7134f7f0193c170e1f |
| SHA512 | c39c09ed3ffe60ef107f959c94f628b4f87ee81de35a9ff2954f89233952a1ca424b9c6d80207170b2900df7f43b47119bae29bdac92432f390a6e5864a10abb |
C:\Users\Admin\Downloads\TEMZ.exe
| MD5 | e6168901057164d16298ef87a38efa66 |
| SHA1 | 6299e0d6fdd292a49a881292cadfec443ed98825 |
| SHA256 | d67b2b20d9400ffb4415cb0ea40bd5d4652c662957cadd090d103f2976c12f4a |
| SHA512 | 4aecffe0e84d706ffc7c7535ade9ef0b5f51f3aca7b8e579ac2fd178685fd068662b79b3c5fd3acc312d6504d900591944c84e9c141c3ffd1b61aa8970fe0bec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68ffc8b3eaf2fad3fa2c9efa121515d8 |
| SHA1 | c4472e24e5ecdabab165984639839adeda8f69c4 |
| SHA256 | 7c55440ba223254e46a75a74321619d984c80c12594f801a7664d05f6ff52612 |
| SHA512 | d185026d30ec4b10b4dc3095efa30c875d7b3faef3b5d664d2f6f96a5afc01dbc4c1f2e7f84b760abcf51ab3e461c9c8d420a9fd8ef953b936676af7ed9a2d19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe5e9d47.TMP
| MD5 | d68ff6118db0fa9a15d8019887020412 |
| SHA1 | 16e580fbc501fbb6602ba1d9097abcbbea455b3d |
| SHA256 | 969d4239b46e8dfb0d048c3f22625312834f6f4c35e9993fa0b0c0da530e9a58 |
| SHA512 | ed60876c0042a788badbcc7ac090b5b833cc291923391414aa18c9b587862310b3a6ce3818c95cc26026f9197b10b021a69f49a703210f85feb78871fa4c0939 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J4QGOG65\cleardot[1].gif
| MD5 | fc94fb0c3ed8a8f909dbc7630a0987ff |
| SHA1 | 56d45f8a17f5078a20af9962c992ca4678450765 |
| SHA256 | 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 |
| SHA512 | c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IU7021XS\microsoft.windows[1].xml
| MD5 | eddf7695d5f74f331eafdaf07cbbace1 |
| SHA1 | 13d91bd8463cd0ea74b620784ad9c9d9bd866c9c |
| SHA256 | 599370fb5b01278d7a69d6822578ef34ad04b88dec92a9f57dc225aca94f2a35 |
| SHA512 | bae82bfbde4c6f6c1bc5f6685580534ad5aed9ee68b117723705d438470f3f6300048cbc5c5849b0d0c34e560413a764dc49455c7882d0817189a66e4275c494 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133524967402755007.txt
| MD5 | f8920767feaa9c8771a1e8a267524b0f |
| SHA1 | b4c9a4189b0957a697951e49fcceed3798978a4f |
| SHA256 | 9257a3f3646246c5950338fa48689ec51a6870f16436abeb506fac5ecaca2b27 |
| SHA512 | b7a732bb97a907536cdfa57f8205f359c2891ef3c404127f40047eec5ec12b66064cccdbd949c583a3c63f205bb6800b85ff385fe9dfef9e81072d36f9a36758 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{14cbd169-5a2d-4b34-8946-764287d9bf30}\appsconversions.txt
| MD5 | f21f68ab0fd9bf5b4255eddde72be816 |
| SHA1 | abea6564790813e12784c8fabd43eddbec334bf2 |
| SHA256 | 9034fbd5f370a37a2e43cae5d482b84d3ed9b6c62c6ddbc4bee25b0526ad25ee |
| SHA512 | 3b75d817d4f5361a05148fd7e62f5c54b97e685d8db046d73bf4889cca3fb5080da0d8e52b4d0d34b31e927bcb9f2a073411c4597a1f9528c419aadbb2663472 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Windows\3720402701\2219095117.pri
| MD5 | e2b88765ee31470114e866d939a8f2c6 |
| SHA1 | e0a53b8511186ff308a0507b6304fb16cabd4e1f |
| SHA256 | 523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e |
| SHA512 | 462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aa54bfd940ddcc5ad777f355bbbaa79a |
| SHA1 | 94c74b7c11763b93edfa69046066297764205ef3 |
| SHA256 | 06f332ce7f0dd7fb6fad81d5d2219f56e2244289d821c53c2af91240bf745e1b |
| SHA512 | 588474581a23534f0f9df61783b41f0f9ac72c26d9bc2d19e6e413c11e66bd9716af676b988c759d001f3e2290164ea2224fba06e7243e98dc23447e5f96bf45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe604961.TMP
| MD5 | f4c9038ba5031f91d69aada07fa6565b |
| SHA1 | 1ecc7ea9c409ee547b60261828c1cf7d84e3b3fc |
| SHA256 | 20d7fcb4557aa09bf6ca25b78e89271da24abfef9e0ab505cba6239f1877f789 |
| SHA512 | d0652b53ad99570f93458e4e6cb2df07591303358b8640a45668c1cb1b2f802cf25ece845c40ee9b28cc26dc45eba5b8e5cdfdd078c742a5c384a52badae4aa9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e8124c2bf46f0bd1d98af5f21172d84d |
| SHA1 | df116266f7fe9eb72848e1e812bf0f78df80c6ec |
| SHA256 | 152b20da26d63020da8d3bf47958f5f28b4483ab521cde84335e0491f028942a |
| SHA512 | fa4635ffafd82f4bec4eb85a560ea2c90a129579fa6e05a6e9f2914bbf00ba167f67a0b47cd05482623212b5fb280d21c68252d3bc62cdd4edb04031b9208c3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3d468c0bdcafec25d24a33138706e5ef |
| SHA1 | 9289ddc4e91cbfa54ea32d1349e6ad504c407dbb |
| SHA256 | ee783fcc7c6b925456470b4ddc9cde2f8cff8b685ebe1db5ee8c730d1c7657a2 |
| SHA512 | 1a540565566cdc3bb069d7d58f5b35b49db2fb2e4235bf015448774a34df0a6348669a761c6ae814083c7f87e96c1209b4726946c6add2cbbde297196244853a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3accf2d689a6491b6f7cdd94c6266c46 |
| SHA1 | 573adeea2c5cdd8c16c47248887d7c2fc75ce8db |
| SHA256 | 65badfff54a9e922f3389ab4a537d81dc23f14084dc40f0e56eb9948f57bed2e |
| SHA512 | 86453dcab64311e19f28bf0b20b7756ae6296c8818e7b7c4601566e64668066f74f11983fdd1dca8d09fca5e292c55d49860dce9c4a9f05e5f9eaebe6cb9facc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9ee561861dab1f07ffe033deef4b382b |
| SHA1 | 5dd9c7e0a5105c72da92c09992252d1a5cc0ea3a |
| SHA256 | 43337b78130ce99d9ed2ed503da8948d2b8dafdf5c2a72a7096603fac943bccc |
| SHA512 | 5768909740dd2b3ef1e0528dc4807b9800a9d775110454f9cfce04e63a1b234d97dd4c61d6a6db46941c9c157e80a3bdeb8a5be3414c4e192448a347d08b0e17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 239df6a9a4afb711b764144c6e5cfe90 |
| SHA1 | f3678a4268ad7eb8a87fba2fb622a73bdfaa716c |
| SHA256 | e4e0d00f737e9c8a2cf89a533aa94fe53447bdf862ea374ae7262d76802ea2ba |
| SHA512 | 48cbe5bfb7c7999f3f0eab7e316869606a369b502c9ba103157cb2335c40d3ece1b064a30abe93c73e03044f460efe82887f344797f541f7789086aacb299983 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\49469818-29d3-4215-9f0a-35e604ed7a23\1
| MD5 | 465936e30f7432fa8abe70e34de66aa2 |
| SHA1 | ab9046df9cb728760405e14c1bfc6b607988989e |
| SHA256 | 4655b926097fb9afd6fa020200f98eae5f0c58550c8294790d75ccfdbb84954c |
| SHA512 | 9289e1bb240e63ef784353b0c975a47dd407219d79ed0aaa3f6018d6e72b85db65da304eda643703b387cb61dcc05aca9db0d13650278d9d127aeab0ab4b1c6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 68accd33da0b1f1653601787b539692b |
| SHA1 | 43c67118d02da47e31a96058652555e16e734ecb |
| SHA256 | bcbea0849780e5406b3071dd99332139365a385973ab6c612af66d840dfb0037 |
| SHA512 | 91c90d1384103170b6fbb14619d1d59233d14cb7e828c531685402d64ba4630ea837f3a3a94ae4df436e06bfa44580ec235fbcf6a13a822aa98c519d33a2165b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 32cbde5b838f177a46d30301801a43d0 |
| SHA1 | 644162f9aae8efac5b2176506bfcaa14f6b1cd1a |
| SHA256 | fd8ff97946671b85197f630781ac53627364efea35c44dd22298b7e6a791ccf2 |
| SHA512 | 0097cd9c305fc38271346af86d242b6fc5cc1043746532d6c275ba9cbfa9eb5eb34e69ceee25c9983ca455c91aea30b8b3389c56f15412385af975590f573127 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7f055dee65f4c87d37a33c4e081a017 |
| SHA1 | a34f9e9fc93dcf3c9275635e7ddb01e2bd2b076f |
| SHA256 | b47f6e89a4e71a4c9d5442b726b204b103b636bdbb73ff396477905e0cbfb7cd |
| SHA512 | 73e7fb7d29da57b930128dbbcecf4fa63b8d498f2e23301a6305bfaf77c4aaf62f747dc0b1c0f2512d175968323360eb9b9f70b70467e38dba5794328bb1a257 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12095275e68f3608aa5d565c342b9c1b |
| SHA1 | 264650e1b3958c4f0dbc9ff9a299aa0e5fb24bf4 |
| SHA256 | c5dac1b80ba86606c0d65708602f3a6b017af4f1736b22adf0d1f342c5b31628 |
| SHA512 | 7cff87c770f8f83f22ca1fb36684aa6bc3dcc371312c1e09dcbb711b82e21700ad9ab1350650c3e9ec17bb530517d0fe296e1bbe4629b317d71622a03361b0e3 |
C:\Users\Admin\Downloads\4562cbdf-3605-4131-be70-ad89d173f98e.tmp
| MD5 | e26f1f44e0d84aba5a48cceec98534ef |
| SHA1 | da223630befa19401c1acd16b70e58ff2421d9e9 |
| SHA256 | 58740a0adfd2915d2d34cc48d7bd41378f845bd43d8de78cc2236d51657216d3 |
| SHA512 | be48a993f28f05500d5bc6333f7cb99ec9405ff549b2e05958a4b5c874b21802c2a57b1433bf69a70f01c03269a188c34747a3ccd55b6ac8159195a67b384399 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ea329ea3d7e61ad9f5f4931a1512033 |
| SHA1 | 8684d83fea76d0e5f213d9d6ea6ea5cb14734471 |
| SHA256 | 980a7b9630a484c48dee3e7f4156ec6551a106d29155fd91ffc5d1fefa3ace5f |
| SHA512 | ed270cad85881b18ae4ab237e235ae80309f750a496923dccbcbbfddeb13fd42c7d2cc14e9730025f0e5841c3989073c543c0a6973c77d1f62f6729fa3856eec |
memory/3740-9402-0x0000000001290000-0x00000000012AB000-memory.dmp
memory/6112-9403-0x0000000000F30000-0x0000000000F72000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d630ca65bc9ac362dd568fb2b9955e5 |
| SHA1 | 4c58820f786226ac17df0db0132e6152b06472f9 |
| SHA256 | a5b794267ec1aaf65026235b305826e657cafccf5ceab7dc695ba687ab6b41d5 |
| SHA512 | 2531c6afeffa02159afdae87df9c0ae9dfab2468c24181b1dac9d658308503f9ef1c1cda4c9c182ea8288118f9566f9879a40aaec4e3646f1ab968b81a638de9 |
memory/6544-9422-0x0000000000FE0000-0x0000000000FFB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RFe620d58.TMP
| MD5 | 444daf9a77aa3df2fec1d3c2442e89d2 |
| SHA1 | 075db16a91ca98d9f0c6fe3e07b44e17b79c41e4 |
| SHA256 | 1722a07d7d069e2a2b32f17cf8e7f101c85e16c52d0c86fdeffa37997c27240e |
| SHA512 | e2c2c509e6db329b46c0d671c7eba8f329d5ae68ccc16b84f7fb965ff9cb74a81ee82ea95b9da854042c715a8f6dfe0cee055b7b74dfeaac0892216af7c79b89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 40815b469bf73bfb76dbee4c741cd260 |
| SHA1 | 31f8415622ec8b723dbded96d5120aa7d2caaa0d |
| SHA256 | 87a01d609297779c337f95ab429bd2c8be982082b364802f2440fcbbc2fe1c86 |
| SHA512 | b9e42a46483d1e21f46513e2a07c5a9fd68ebf5c7883d4848e2b90db076366d340d407bda1c096041fa76b049bda7586f4567d5e8f70b3119148404eb8e072b9 |
memory/6112-9435-0x0000000000F30000-0x0000000000F72000-memory.dmp
memory/7828-9436-0x0000000000DB0000-0x0000000000DCB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a50b1cbb7ccaedb94fae734f4b7552b |
| SHA1 | 81cdbd39b40ca9278407edef88f3a1d9c772b234 |
| SHA256 | be17f97498ad1c305eed183e6219d1fb463f3301a2d61f5de058c284b72e7a1a |
| SHA512 | dba9cce99cfc4a6f56c5305089c3d1e726c3985865567a532eb6fdf26a35f8bd30480ff2de9738f6a2594b882da10e9bf1b1a1c511730899327cf243b43dc651 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 609ffdb8f8ed5b10228a2e4f100286de |
| SHA1 | 2a79c0c9cd942302c8518fa6992f1cb6c2684e77 |
| SHA256 | bdcb1e616c5b7b4cfbbd696543d3730f3982198b78206fa116cd62d33ec3f5c6 |
| SHA512 | e0413d8b7ad6d826c9c4702c766be06d3af6e46cdd02f12068877ae1ad65a3951d79df64e214f17e5e07d87319c7b5940a3e00aecba449b0b336f4b08f9bcd44 |
memory/4088-9459-0x0000000001330000-0x000000000134B000-memory.dmp
memory/7852-9465-0x00000000012D0000-0x00000000012EB000-memory.dmp
memory/7552-9469-0x0000000000BD0000-0x0000000000BEB000-memory.dmp
memory/8052-9472-0x00000000006E0000-0x00000000006E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d81e52421f6f7f92273ceb389eb97507 |
| SHA1 | e4bf5f1a6c17e76de5fdd8dc6cd6d1978304666e |
| SHA256 | 98cf5d0e4d994aca43e06c1fa447472a4c5770996a9cce194dd6170892d87c0e |
| SHA512 | fcecd820deb4260011b6f7de3c7387993e04e6ca84b32b56afcd5d3c0eb450cc017f6c111541a7211b87db000059c717d0e0e6e48e1cf92cc446bbd2c7eae290 |
memory/5768-9500-0x00007FFCBEBB0000-0x00007FFCBF59C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe639224.TMP
| MD5 | 3a1fdf3c8a05caeb08164a33032b7df8 |
| SHA1 | 3c6f1ca2f33d698136b08c806d8b8cb8e409038d |
| SHA256 | dc34369265178750713aea3253e85d8d39c80165995e0cd1c6743946d332d88f |
| SHA512 | f5119b6cca239ce3b5b308b34c3d51d5e9a124d6dbceb1387e0accc0dcfa8c99a3a66d0da3ea23c337d262967e4cde2336fe4128bd92575bcf3f5a4fd11aa86e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fde353dae2d21304f94ab2ae50a0a088 |
| SHA1 | 7920eb3c7bdbadcd19d823155bdfb33198bb6c70 |
| SHA256 | 89ec31b91a998028bb7a6bd8773b9d59f8784a125e7df3601df10d9f3e32ac16 |
| SHA512 | eac9cf09aa2451ccc85d4a0f22ef05733838dae2ac0fa7017b1fb37fb2747cdf288104f4d9171a815997c6f622428991ce738afa85783889a7860ba0433a7dba |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-15 18:42
Reported
2024-02-15 19:13
Platform
win10v2004-20231215-en
Max time kernel
1799s
Max time network
1787s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133524961988548284" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{3838619E-1B76-41E9-A26C-3387717131C8} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8c49758,0x7ff9b8c49768,0x7ff9b8c49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4616 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2308 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5384 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5320 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3156 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5460 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5428 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3264 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5400 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3240 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5024 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3760 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5328 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5368 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3056 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5248 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5216 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5608 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3084 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5660 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5936 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3260 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5576 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6128 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5780 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5516 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5540 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5268 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5332 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6060 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3232 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6132 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5892 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6432 --field-trial-handle=1872,i,17442589055982309971,14435679186904648297,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x498
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 191.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| GB | 92.123.128.144:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 88.221.134.129:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 144.128.123.92.in-addr.arpa | udp |
| GB | 88.221.134.129:443 | aefd.nelreports.net | udp |
| GB | 92.123.128.144:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 139.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| GB | 92.123.128.139:443 | r.bing.com | udp |
| GB | 92.123.128.139:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 92.123.26.185:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 185.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.164:443 | th.bing.com | tcp |
| GB | 92.123.128.164:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 164.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 31.29.187.198.in-addr.arpa | udp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| GB | 92.123.128.139:443 | r.bing.com | udp |
| GB | 92.123.128.139:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| GB | 92.123.26.185:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| IE | 68.219.88.97:443 | c.msn.com | tcp |
| GB | 92.123.128.164:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 52.168.117.170:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| GB | 88.221.134.90:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.90:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.90:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.90:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.90:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 88.221.134.90:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | 90.134.221.88.in-addr.arpa | udp |
| GB | 92.123.128.164:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | ecn.dev.virtualearth.net | udp |
| GB | 95.100.245.213:443 | ecn.dev.virtualearth.net | tcp |
| US | 8.8.8.8:53 | 213.245.100.95.in-addr.arpa | udp |
| GB | 88.221.134.129:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3pcookiecheck.azureedge.net | udp |
| US | 13.107.246.64:443 | 3pcookiecheck.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.appcracy.com | udp |
| US | 172.67.72.239:443 | www.appcracy.com | tcp |
| US | 8.8.8.8:53 | 239.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 172.67.72.239:443 | www.appcracy.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 243.174.119.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.152:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 152.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamesfeel.com | udp |
| US | 104.21.46.188:443 | gamesfeel.com | tcp |
| US | 104.21.46.188:443 | gamesfeel.com | udp |
| US | 8.8.8.8:53 | 188.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| NL | 89.207.16.201:443 | dclk-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 89.207.16.201:443 | dclk-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| DK | 37.157.6.254:443 | c1.adform.net | tcp |
| DK | 37.157.6.254:443 | c1.adform.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| IE | 52.50.217.250:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 52.50.217.250:443 | pr-bh.ybp.yahoo.com | tcp |
| DK | 37.157.6.254:443 | c1.adform.net | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 173.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.217.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| FR | 178.250.7.11:443 | dis.criteo.com | tcp |
| DE | 91.228.74.206:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| IE | 63.35.13.1:443 | pm.w55c.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | 11.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.turn.com | udp |
| US | 8.8.8.8:53 | 29.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.13.35.63.in-addr.arpa | udp |
| GB | 92.123.128.136:443 | r.bing.com | udp |
| GB | 92.123.128.136:443 | r.bing.com | udp |
| GB | 92.123.128.152:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 136.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.152:443 | th.bing.com | udp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 139.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | classic.minecraft.net | udp |
| ES | 18.172.213.5:443 | classic.minecraft.net | tcp |
| ES | 18.172.213.5:443 | classic.minecraft.net | tcp |
| US | 8.8.8.8:53 | 5.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9p1bb7fwdf.execute-api.us-east-1.amazonaws.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| ES | 18.172.226.89:443 | 9p1bb7fwdf.execute-api.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 89.226.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 172.217.212.94:443 | beacons2.gvt2.com | tcp |
| US | 172.217.212.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.212.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| DE | 142.250.184.227:443 | beacons.gvt2.com | tcp |
| DE | 142.250.184.227:443 | beacons.gvt2.com | tcp |
| DE | 142.250.184.227:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.184.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1252_HHZPQBKHULKZABGM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 19e16bafcc9c7330913a49c9c8d092d4 |
| SHA1 | 2e3f077e23b92554dd880e2143d509ad5679dcb6 |
| SHA256 | 06eff35ad1f3af8a93629274f479e2850f9c4c5c11c0fd172ac96916b278aa2c |
| SHA512 | b6a21b2f379b1fe193659765f1fbd34b180b4e006f7fba4eb912f8d80cbebe559e9a8ab6d4937812d67b104961a764de9b48183f94b567be9eabedc37602fc95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4432c5bd14da15249a95b0b1d07c11d7 |
| SHA1 | 258cd1eb0aa6061e4019163e089a15eb86ca9c23 |
| SHA256 | 85ab06c54f928353ef24d06cfe5885fc95675371307c8149c6ef55101a6b0563 |
| SHA512 | deb59be81dfe01a9c864b751dad2cbba65c652f4cdc291b38aa3dc659f9790a48e49c775131ba7460e26c7f72ef0073273b34303d6c2c70909226a9ee2c54c25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 257abef13157bf1e4fbe1eb6b49b8a1f |
| SHA1 | a0b389dfffec575eda80ddd6c75261c58d5feae2 |
| SHA256 | fda7280ce6aa00c558362e0f3662eb9018e4e7511871c4e70332f71361717085 |
| SHA512 | c1c38d48c3095f656dc909f91f2ea21cb8d3469e2c5288f4cd95495c9a9ab5df2fa6e1bf5d7c1b88b9376e8fc0cd4465407a2a65615634ba3cfde8d1bb29a81b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8721b50d9aefefd8e7e0bb19fbfdd43d |
| SHA1 | 2607998f97c3bc2efb6ba74b12eb73dd447b9051 |
| SHA256 | ea4bef2a1e4652526c8effaa2076dd279ae66c1de31726e0cf9e35466225ff57 |
| SHA512 | b1afd5f467d1d52969a2e6ca9a62bc7c6ccf443f92d8da10beb6bcb27fcacae4f60327327d3ff7df3e826c1d5e6b95c72c1591bffb80b78bce86771101f43241 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 365745127f8198d94bb86cc05953dc7a |
| SHA1 | 76802cd8359ce96693cc5ca84555a95065314109 |
| SHA256 | 41c07b89d792a32703ca6f95dcdd93fd5305a0cde1bf57e7f8c94f53bb9d3e0a |
| SHA512 | be08c24c74abf3c84609798d64e3ec149fdabc8b5f66335f90b310ab952813bab8f958c214686e237006174b4ff69857a7663f957e6f6790d9eafdb830e993b6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e36ee2cb0c0cdbf0b165996a676245f |
| SHA1 | 825767be5dbfe9888e52281ae4f91d876fec58e1 |
| SHA256 | 628369d504c3ceb3f2cd37d8b49dddb6659abbca54bbb2345749ab21247fa9fe |
| SHA512 | 696bf77ab3430b5658ee36e790427d307cde9c2943181a814bc2bf496c25b3ef107e656e48c1cf7bb23b456110e14fd3df24747a31a7f1e1741ff1898b74c8cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f112f435dc7eed689f1ad0ce5e35ca22 |
| SHA1 | b2a91d6a7b48ff2f4ede825bb26917ed02243024 |
| SHA256 | 9cc4f94cf5b5af718acfbd8fba2ffa84855b32d5c8c37af919639a088b82e40f |
| SHA512 | 2da1965ea42ea92ac5e0f242590002bef660d19f92614b5c861528091c8ad3f04594fe49dcb2ae15616d29d7e210f8376b1eaa4c341924ab0acca5d0b3b0eb45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b852e281983114c0ab045715a598622a |
| SHA1 | f89cb17a58d5782073f1bfe413859c240abbdc6a |
| SHA256 | 22197e96894f7cf65ffce3dc6370826bbea2c0f39afb7f8da7578807653322b9 |
| SHA512 | 421bef715f3e540e91510b9b4ba8b10162fd4abfe23841277b809da8f7eb02b8e24e3485a17f64fdb051821987e621831c045517fdfeadde76602cdb3aa6c227 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe64081f.TMP
| MD5 | 47ff7827939c242a32345e549d0d81e7 |
| SHA1 | 29c6ba61f00b5fdaa72b2139361f478c713b3230 |
| SHA256 | 877bd707706a940f0e139397490827442429aa1ad6f51ab0010d5f90ea7056a1 |
| SHA512 | 2109b7e41e3b07e1ff43495d12305e0a7dc557bdef03238a5927173b7d93901b127619a6ef1866a6d8b29ba363a9bfbfe2e5f57ecda7578e629017ca62e7ba06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 01165c160f20479fbd4da21c95388ef9 |
| SHA1 | b4e35314a571d844329149d7474bff478011d1f4 |
| SHA256 | 2cd199870f5fc72195ad29ae6194f6750960583b5b5a1ec3c8722eb5505767cf |
| SHA512 | bd2124e3f40de846448f037fe22911f0cff4f7c6b2af4cf8650bd5ce81454d49c6321a9593834d528075dd31bb55122320670789ce78927ae58bdf4e2875141d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b4c0be328a8380373e746d1aa4ab7431 |
| SHA1 | cc7031eb17cc711f9f7bb3c38d15a6b988b1871f |
| SHA256 | b1a8c137b71b8e26c4363b8fbe4e463bcc0e269676bce53b6d4a2e37be3dfe47 |
| SHA512 | c59a0b5dcc464d7ce938803d2ae76112e7c778758edd43b210d083b925c7296c58d285e91d191c2964fb7b5a38c16502b0a4a602fa3525692927cee85eee6909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6bdbd9994cf02c49f40df9a14d87e29b |
| SHA1 | 77bbfb3ee6b408f08b1b5345d239380419e6d1b2 |
| SHA256 | fcf4ee9823271739d87c2ff2751142d1555c3b340c1bc97cd84ebd6999ad8156 |
| SHA512 | 65ae367da1f3a6d9a0468514e89443efdb3d86a3d5aaadbdb82a34a60496cb97e2e6d517b7b9eaf0d150492a81f6d02b16ac1e03a346349a510a485f07a63792 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f595d446bb6573dfb759e58e241b8887 |
| SHA1 | 7a3c8e4f1efad50e146e2b8b3a3d141938f3f7d0 |
| SHA256 | b7a0e411b4405a6a114075b47aede4774817be6ea873bcd56a026714550e667e |
| SHA512 | ba84b26d6f207ce555d89a2c21d875bc846254a88752be32f66384ff74848676f4025a83842b6a82dde4dca63300d53a50e032f3096cf21e7c9418ef09a82da5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | de0101c9da168a4960f4353f9999f838 |
| SHA1 | cba1bbcca61cd6007a96485aeda1bd734481fd67 |
| SHA256 | b5d1fb51ddc2217a4c2b06193e9dab7cedb37a96b90cd5d544390547df333da1 |
| SHA512 | bbe4e8e4a3858972af16aa69d59a0c8a48a34898f34c077bf34b472b04b54862f62806aba779bba2ad0295fdb21ebd26775ba52977a2c9225350bd485ac5e400 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 368050b8871b73c9795073699d26799e |
| SHA1 | 25763dbb7bb4e3d7d496a62ce258af48972d07d0 |
| SHA256 | a7d614217a4ce6ee94718785055d9d22243625328e7ccdff3092e69487d7da91 |
| SHA512 | d02abb37e225b0c40d256bea702be1c1bbb8062d404e9941baa3c87525dcf88fbe57b0cdcb9cbf28df6687eeeac32c7a1908567907ac2a0f19798eed33a32a72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8312a8a8-82d1-459c-91cb-16805b75642d.tmp
| MD5 | bf486adc0f395013867449f458f23715 |
| SHA1 | 965dec3cc91ae932f3fcb83c8642f234f16cb3a3 |
| SHA256 | 995eead9e660bb3ab722abb989e3b2a9bd541384b4a00d0082a7fcb825db6e9a |
| SHA512 | 6d3ab1471f626110177cc99553aa8b1b05ad74d3663dd8e6a1898ef762c32d6a068f268642f40821be85e5ead59ff33bfb6114a234dc8bde9d51d16acf6b66c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3648c69cb326171a7520833b911c1c6 |
| SHA1 | e7d40707db0240951b5651ad35123eb2582dde39 |
| SHA256 | d1280653523af19b001db8990772a145d55a01a77e187e59482273fe5a6762cf |
| SHA512 | 6fffb9e0e3e7b4a7f30a1fa8d49023ae4beb8bc7814e760d54e9f3d6077357e8632835ffed3432e182fc4d53f89e4c9888c6cde2ebc4804cbfc48439b92303f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 97d4503ed87b6832b37f69a8e24fb764 |
| SHA1 | 4c9ffcbdde9f54a18f73c85f6768029ac87ed761 |
| SHA256 | 5a511d346aabdf94931300bb8c0c3622ae711a54db121ed0d2c9d70b1bf4a587 |
| SHA512 | 7337c5a9aec97327411f5688cee6d17dc7ed5df8a2666402a81885f5ad360694e05827be5f6719077a85eb6bfb2997949fe0410624171afeab72c926436e8996 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\db4f8c37-83b6-42fc-b1cc-2c75de94f613.tmp
| MD5 | fe3b453eafba048c8fe235e4e0b058fb |
| SHA1 | c1678581bbc4eb3c0d059f6f482629ec408b0971 |
| SHA256 | 95515d96423ffb9d3951e61094278a451cc57cdc4d67300a1e77ac46b0a353dc |
| SHA512 | cd2ce24fa4488152bd78e718a2dd469c353d328572b8b21f687a5eea38237d43131656a2961e84e357e842f25491d3f3cfc259f06da199cd0507fb3e983a547c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d
| MD5 | fe0d5205d7ba0c2cea00dfbd2d5b0235 |
| SHA1 | 40a233eb9f9376c19e9ead15ff9bb17588846a37 |
| SHA256 | bbb07150c9b4bb99294beca296824c4f5093b05f72b328296603ecfec07d514e |
| SHA512 | b5469205fdeceb930dfb4fc170be38e5dc8c35a0d78a1171585b3d38fc00a5ff46caebfabfe30f37910f5bc52fa89a3ff8d365ebe26731334fcc7cb2c6d5a29b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c367866b247521b08a4830d9e7f29d8f |
| SHA1 | 552dc8a2958ef984b5440e61f7f318c6ecf28444 |
| SHA256 | 11f3a882b216fdd677fbe41ed6a9d41e27347d70657ca96f83523be1a9f2bd2c |
| SHA512 | 74be5b6358e330b584ef68246e03fb8d42f9b649736c4aca6e1dbd8b260db19366024fab2aa6d26d46f5de4e2697407a060627dddc9081d29af86b18d1e1130f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70400170e13a6ba6eb1c5198bd95ed00 |
| SHA1 | f04edd524728a1676c8cafe837a3ad9079d0d1be |
| SHA256 | 50df661f809b827790881f443553e8435a59f3a4aff9a73477db2a914b0ee7b5 |
| SHA512 | 134e6e52e7d960073f6ad618a05139955b16fc7ab4a797823faac4ca4c7dc8e4916351186e3106ff8093b6e234c9c5fe96710387d3f6aab086b8aff0483e974b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071
| MD5 | ac84f1282f8542dee07f8a1af421f2a7 |
| SHA1 | 261885284826281a99ff982428a765be30de9029 |
| SHA256 | 193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0 |
| SHA512 | 9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\db3fb09d2e702930_0
| MD5 | 3bdb6f9d27c8330266b7d159cc637eb7 |
| SHA1 | 7ca97d968b3d61e356fa4d8a51bdb0c6537afc8c |
| SHA256 | 0017fdf2c8205db94dbb7fd5b4569bae3d09d44818c1001d5cff860774b9a736 |
| SHA512 | 8b5f3b568ca52ec5929394893c882c6baa1d080e6d7b2f44e82fd68e2f54c7806c028d26691d5e8c5601ab001e6c80b44d22e251e31c81c04f0566aef06e81b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6e820f09a4d97ba6_0
| MD5 | 21fb02216396631165605f31ccc6cb80 |
| SHA1 | 9624f0b189d9d909fe888802fa09d93c94790544 |
| SHA256 | ee5f2b9ed839a6d7582d405072b7dd5682fe65831bc915bc22439e5096573574 |
| SHA512 | a0cd98610599fd20c6b7e4ac2dcf09740a8ba2efa1b583303a0fbf606e9c2aa3f48e97cb269b8cb049761117c25581b91df215003e0725dbc18980ba651ea206 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3f87826a89c7ff0c26f14083b3d6891e |
| SHA1 | c3bfd4f138c578d80d6f5125e8c974d92047c577 |
| SHA256 | 0d8cf499eaae8bdd9ec9a3b969625c7b6eeac504f0a018c23dd5b4ec20567e09 |
| SHA512 | 1173e5b246e7a31d60603531a7e1628289b593f6b7a22ae08d2fc8146bf4a470e3862babfe6510a93158b9dae2639f45fbb6b72883c27d1dd72881b9e99da5b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79d7b9747fa2bfba_0
| MD5 | 16e9a767a1b0eab38f30165a7ad554e6 |
| SHA1 | a6c978d6d4fa484673a9fe687ec00eeb7e7fd2eb |
| SHA256 | dd0667cea27b6f074ff0f62903c3942008dddc72d5ff28a73b3bbdc3231ba006 |
| SHA512 | 2b292ee7a08f2419b257697cefc7bb52f6f3dfdfb2030b7d077008d3586c0521f7e3802fc7f63d6e36dbf522313495ce003c9f4fcdb0893dd7ae818a26dd2ce3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | cf989be758e8dab43e0a5bc0798c71e0 |
| SHA1 | 97537516ffd3621ffdd0219ede2a0771a9d1e01d |
| SHA256 | beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615 |
| SHA512 | f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7aed23d576967968_0
| MD5 | 3d66d3646e908958ef6a4728722825c7 |
| SHA1 | bb8ec7cc9c93199e3bf664fc7a9c8ac589540b67 |
| SHA256 | 68fb5dce213946eaada62ca577335bd68407422912bef75c7a2325f9f2d0829f |
| SHA512 | db3b7b69379148d457cbc907c7a8a6f9820702c1296169a68f18b1920fc47a2480fa18d3fe3fe4565a0f3a2e132751f90c82dc0d161be17583db33959cf3bd1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\20306d17af3f9e23_0
| MD5 | 5482682c5c3644431a09fe18c72d446d |
| SHA1 | 2d6d0bed10fafa72636df339d3c003587c1898f8 |
| SHA256 | a670aff9d9efc8d1f43073d9d01ae9a8f25dccd174671868cf9a681f442c61a5 |
| SHA512 | 6547aafd690174848f9c9a7005c3c68f7a9fea4eb1d3229b22eb940165b1ed74e229a45b9d0eeb56b1d6282cc562ce1a31303850a13970cc67dda8207e4c0551 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df53bad28ea1e322_0
| MD5 | d5a82cfca5c1fa2df56574b8186dfe93 |
| SHA1 | f052d7bdd59c41d36da8d9623478f23821db4ada |
| SHA256 | 423040b2a65906f5944559d59ab43ef368705b659eba7885d57daa45b311e445 |
| SHA512 | f1431d26d7d8b80e3e5b3ddbe2332b9ed5802f7e39d67ef0edafcb29cc2679f55f44210d159732ef076d7a7e7d4500fdb3ea7c1d9be6717e62cb9b2c45ba42ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089
| MD5 | c18477d1f0a9d6b7f25fd3c0a57b58da |
| SHA1 | acb5678eb73a7a2a629b3e4b3d0a720e68fde83f |
| SHA256 | f9dd1c2c82375ba3fd2da5f4d6a50818d13222a6cc3b9e7ac73644adc1c616c5 |
| SHA512 | 4c4e1700bf8134f77644737c3634ea9b972781139b3c5bc0d829d61340a46ee1f0df89dd555dfd450b32d6fc5547875560726ecb9dbb3249055b5fa9463641a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd6dec748d49f12a80a18e4ed048384f |
| SHA1 | 165cae7ed1acd5734d9aaa213b663c94a9589fb8 |
| SHA256 | 77149cadaf5525aba195479867190a3755e29d46b774b25b946e2dc4fa9a27b9 |
| SHA512 | 235fc9f478b5a771bdb9be6862252d73e07d2d1e8188ebbefae357f4cea15a2d19a4b9b9ceff96033f70994da11bdf0cea9223f07c43fb6d8c47246a7833d7f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\37562c5c-f83c-4304-98e6-ca7f5a82492a.tmp
| MD5 | ac0a6f96856f800de15a0ad99cc2f461 |
| SHA1 | 1188e0bffde2da07ea21802741900cb377976332 |
| SHA256 | ee97fdab2d277416d6f30c4bc1d3b2653c5c991a589c6ce09427663f629e4ea2 |
| SHA512 | 21599faced9fc13b589111bdd91c7cb6c7a157140d8cab8387715f67cdce8af21605c9fbbf4e091309dc2c7bd81c74376110feb0f58a45f77d5510d953a1a7d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078
| MD5 | 8c91894fd272a1dfd4a217aaf99c563c |
| SHA1 | 040b39490edeb78d79d05731963c564642fa0b6f |
| SHA256 | ade54c249722b24c1b74b20616c656cb79f3932386e6da33d24331e4180cac23 |
| SHA512 | 223901cc562d36501f5c6fa3f44109f3ad46e70a5027a89f8fba32f0f2896d38b91fae981493a64ac454cb0f995a671ca95ea88236f20efeb884537d1e778d0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2e0c50d85d85b99e4ef1f44638b50676 |
| SHA1 | 26b94de2fa1c45480d90e82602317e5f5c9b52ee |
| SHA256 | 67997b2ca1727a12563f1a1f74355321db12fd10d05db236436a233465a27612 |
| SHA512 | 303c04a0eef334685bf84e3d627e6893234eb94558b23bcdee81e376b3f2ece81f4c3b5c7bbb2ed27619d4b8bcf9613607819981f4d100b57bb4abaeb9f7182c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e390f250-aa58-4994-944a-3756cfa8d84b.tmp
| MD5 | c91ff9b196339e9621759985cf1db99b |
| SHA1 | 13c686c0b68537759918fb9c9b7aed09212bf823 |
| SHA256 | b79ae394884dfcdbc7259c2d3bda6663500fff7a9e7adcadbdcf3e54891aa21e |
| SHA512 | 2c175ea832ee510ddaa61843064679fdc17d486dac0477dd938f16248fda55993f8370b0b8afd29fc8b585ad6a9e4772f318bf536a3efeb2032a07f66c39973a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bfdd78cea0de7ca26e4080c07186c8f5 |
| SHA1 | ad964b893c335a3fd473179427470e9a14ecb2cb |
| SHA256 | 2eeb2c6b291a1b429af86c0bfe35b55aec8bfa26121554beb30740f43ee6d423 |
| SHA512 | c553a7168db550c70938f7cfad2a922025b44b99f6cf97e781b2890da817158de35524a316ad820cbe15a6b414d95502fa8d2f4e8f0d415554589101bc002164 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
| MD5 | ff020a23ff341f39685184ab01baa474 |
| SHA1 | de7bd22dc4040ea4d54fea595912cf7bf06353cb |
| SHA256 | ca017a61e42cb8e74a8307a5c0ea3e94ea4c2c3a4e19e040b8e2cadb5ece9945 |
| SHA512 | 770c4ac95226016971a4159200c4d8d5d722089741eac73beb49b9eb1fb99a424de12bcad6fe8b267f519b72743a2b98b32253ea07e999afc949c6e19a14b1f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
| MD5 | a464e92ca78ceb6fa320f32dbf6d72f0 |
| SHA1 | b338fa47b6ee84f04a04fb0a8bc5f163266f996d |
| SHA256 | d6c97e3110a7855f145fd5a1a78978438eb88ba6037670a51c387660d515ffc3 |
| SHA512 | 74bf7d4b494ffafa8bdfdb15958aac21b9d15d4706e9fef5d2ee7146e314665a2330f0847206cb0e539d4725da4705c501834f4c3651e49efcf53462d063ef66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e9a9eac773b423b6_0
| MD5 | 83eed36f37a9bd9de022b7d28b0ea2aa |
| SHA1 | 79d29ad3053dbebf7d74fd0a9182333e4e2ea0a6 |
| SHA256 | 282a52fff9b459f26be8bd4d24e47df2b2ce1b3899f7a6849a629e74d3dbd770 |
| SHA512 | ade5941b18795241526f2b5fa2e3f5c7d10fb221126df6173fbc4e2f1fcc11a385179869735816ad583c87dcb43fdc40d047cee2858336c746c2e33eea1aca7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\693ef6237f6088f6_0
| MD5 | 5fc3d3f69ed09ff13dea4af357ede9eb |
| SHA1 | 34168e98afc452db9805328b3ed6380efd65f67d |
| SHA256 | fb4a325c569f1081fcbcf76e5fac3665f48302b268e0f8cb9768f06fab9d08cb |
| SHA512 | 8cddfda9ecfc4e64356b1efb434b8f52fe617dabf8ef63096341f8c599bbba74f12b29f4742b50dfd1746c7f5d4b9d5b6a539a7276424e124b1821417249c9db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d368a4e191441ce9_0
| MD5 | e7cb5273cc80430e93bcdfada7df7d41 |
| SHA1 | ac498ddc84bf31cb40e0ecc29bb320754c1adab4 |
| SHA256 | b1c51fed4a5be6ea35ed81a08066fe15ed6a4378f50060e87f23ecf1a5c8ea21 |
| SHA512 | 6bc7f100549d95f88ae3b61e719636c2a703486596e91c3cb0392b095b55b7a0fe1be3aacc51fa694530f6a9fe335e413b3e87fd229f3c91ba7692c074077c6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26ad2f9dce92e37f_0
| MD5 | 8353284b577c929bd0750c13600bdf84 |
| SHA1 | 467e2a17dd4599ecf4d5225e134ab0ffc5de414e |
| SHA256 | eee73c59aebb2f80e4a08d118326c711370ec43e8e8c0a1fdac9b1759470bb78 |
| SHA512 | 78ea471343d2d1e06a5ed7f4c8d1ccdce00de32b83a9bd24c6d2bb32a4cfebde27fe2f770c63fd82fb86f50c59c153e59c077e8a88873749031ae788caf633e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e54b6a572f4b4b52_0
| MD5 | c509b7ad813cb7e57c2c1ae0eec42cf8 |
| SHA1 | 3b2f09303c18b288816585c750b2f06263af6d01 |
| SHA256 | ed6430c483b2ecbc5f4282ffa4d42af92ba8939d28fcad5e707be3fe1299e497 |
| SHA512 | 2da79c36d224a5eb61a4cd77e0afc3800778025947e6f0c47f56e55fd3a4a1ede92c5a558e7966b8886e5f80646bcb6552beb9a06956022a1a9d65c3330c6495 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8be4ccedb1fbdfb7_0
| MD5 | e1ae97aecf05972768cfcfd4ccb1a5d5 |
| SHA1 | f82a1a5b8bc427d1dddbdabb98ac862894923e4b |
| SHA256 | 77bf8dbfdd2eac5676b0fe7b9ffd15ed591333133fed48ccd8a95ff44a451aa6 |
| SHA512 | 8b7157c1c599632028dd92fd534998e7f35ef03fd52aaeb8b2ad9dff043942315a9711f9ea9e0dce324e0230ccddf37a01c3df270eabacaaa8029ef695cbfec4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70b97811cd6dcb3e_0
| MD5 | 9c1ab7a8d1232278d7a1afd7b16a9a5a |
| SHA1 | e8592c813fedb014937439614d498ab6ce597822 |
| SHA256 | a24bf45b0ce5b7ab4fe3643ac149dc413c7ae822e282ab2763b51bc736c5da97 |
| SHA512 | 7046bb158f91f3c979ff428a6d8b8597bffd9e38e70ccd919438216894b6848490bf28807e2e9c92e7023b32ee7c5c30cf3f28e64c39cea133a8423941b6a1a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4da1420221cdc423_0
| MD5 | 2380b6c235e47747c777af3964fad7b6 |
| SHA1 | c13ec93dc34fda279cce03f937f6081daacbbe6a |
| SHA256 | b908c5631fa95fe8161ba1fef38604abc20b12590d37b8b6b347a611c1045e9a |
| SHA512 | f82f1e9400c6bc974ecb63abbf513b938aa754a8dfe1aa15faea70f0339f6ab8aa29ba2f9f0b49e557c8ba46689b032547646e2ec9724f15e8c245b90b72cdd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f27bbfd21c2c6b77_0
| MD5 | edad87d2d31e0f75e2d821d634584de5 |
| SHA1 | 745750bbd067ee562840b17f86bbfaf81e71ee39 |
| SHA256 | 60adcaf6bba8d70f0362727cc2a15a20a5d0aefeeb3ee4ea55c790c7872bf9e7 |
| SHA512 | 4b73f28571e6696b5d5ffb61fd2bb7d18c6ee43dde8fdd8fdad4d70ec24763848acef8867b2a31643223534a265898ce7e536350e010ade77c5170027c715dd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f6eaceaff231a835_0
| MD5 | 5ba8ee56a88654d71aa35c0990baa4d6 |
| SHA1 | 9151dac0cd5ed278611c5627b2b666f5eac75f9c |
| SHA256 | b8a3189a09d2f8f13e7cf8113fc54334a620c919de917f0a09da5faa8224ceca |
| SHA512 | 4bcfd8a483281a9b5fd5c6b84bf2447cc73d4746a859399070e5966e12cfee1943f4c7dc43bed9735dbe2d86c4dd2bb3bfb26578aa1d2bf2c437c4a2a76ec9dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d12e889e39d1e1b_0
| MD5 | 7b39ec67b537fa3fc7797ac16a997eab |
| SHA1 | bb2bf99e1dedeb2c72fa9552fad35a9659f3c7fb |
| SHA256 | 5aad7c8fb0f52ad27accba96a51c32d91a6b65652f920c796534dad6b83d1b75 |
| SHA512 | 004df3be9dab34b9d6deb99c00f72c882f5a9e03780c86c79ad297dc1050594a0cdb103d718a5de2e2c9cdad2e7b076ef6e9e7c40fa3f74f7d98cbe9dc6616e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9415cb8a139b568b_0
| MD5 | f3adee8e973e4bd3d49a3379055d32bd |
| SHA1 | fcec1df6e0863df74adbf1c190c2079bfd7319e9 |
| SHA256 | 802e0dc573ad794a2753c269c8c95b39f7a3d0a06ea6117c8aba9f946345def2 |
| SHA512 | b4414006ee8f6855db062c2c5bbd6e895c90d93544de49d10dd5c2f374f3b587572eea5222cd5d6618636f91d0464bf21fa7d58c2c5e5394fca71e8aab591621 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d53cc71ec718c30_0
| MD5 | 3e9b82100bc68ba4033a01581135f18a |
| SHA1 | 928a7eedc4c0e80c55b58576cf00768a12219d89 |
| SHA256 | 46b54984ea4f5cdc0cd7c31e2a55f516e8c2dc36a949bfe00cc0475ba2a74269 |
| SHA512 | f28c1bfb15da183a8ce67d61fc52deae16c061005ed8dcc46c6bce2c3b19f8b1219a5952d77264e6ef04cdd2974d674081d73185f7d8bbd870638493ca787db2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e9e46cacf651084_0
| MD5 | e774bd321bfc6fa915b3bcdb7d814e83 |
| SHA1 | aae68d234149900baf900e309077b727acb73c50 |
| SHA256 | d3468160cfdf64cadf833eec414c9c7310d9b3e7cbcf5466c0e2c0c6c7f4c1fb |
| SHA512 | e3c45ca56f830ff553529b4ff06c38e13734538a0d5d3684fc8c4fb014063e1218ad1706c4a0edc1ea6fd05ae77a56d392a1a498aca57b735b3663eb9d82ea32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d64f822047ffea73_0
| MD5 | 2d4bd88752048ef1d5d9b937b22bc7e0 |
| SHA1 | b2673744a8f05ea98b9ebe8bad06a2f342388f28 |
| SHA256 | c75f6ab6e23a9b26b15dd9d782a095b30aa462869b3fff37015b90146682be7e |
| SHA512 | 25af675dda1aaac3f82b2a35cc323c1ad6b40983871937590b21c3eea4be300d95a8acaec67d25f4681496c9a4d20e97fac5eb25ce6fe929b3fa778231456fbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3e6068678c93f8b_0
| MD5 | ac1e2e8b9770221ecba5bc563441c1b0 |
| SHA1 | 7b279b288ed53c3df35a69aa0af00fb80e5909fb |
| SHA256 | bea71540445893ea02fa2504208bfa8066bfaced895093e4481d6d3c4174fc24 |
| SHA512 | 9a733e4ea2321d66cbfe8f11be93931e7d835afe326370df95aaad3954206e992f1e0d10aa9b98723aec9dae2c04a30f336144ca7a9f9a91c16b6a1c940ea021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe9ab3093c5dc7c2_0
| MD5 | 97107dd72600bd48689a19be0b02c808 |
| SHA1 | 3b2d147b4443bfe9dc3f3b76679c43ddd5299405 |
| SHA256 | 90ba63b6641341755c986aba84dced47e7b68ca4dca1c36514293ac65f220b49 |
| SHA512 | 7039b873e470d7c9014a0936a8da8fc81a2569583ac4aa3110a603c07420dbc93bdddee19b59859884d7098207fbcb2edf9b428c84fb9e8907ba907d28f956ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29905953d9553b50_0
| MD5 | a04868f389e3173c34a060cb6d2449a6 |
| SHA1 | ded9ad3865dd1724b9e0e6117b5abc50e49f930a |
| SHA256 | 5d9d1011a8c53fc4116a63de876ee8d62c105b683ebaa41a5e3205fea43f0dfc |
| SHA512 | 08943ea78fc53b1a50d92cfbe8a30a9e6e16a6a4d684dd8fc23810b2560046f6bc0e09d16922828cbfd3936c6bc57ed276872da46c95d95fbe6998dadeaad88b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4cb7f1c3dc82553d_0
| MD5 | 82facb42e9f44996c60a0b50531b31f9 |
| SHA1 | ec288af39d7e623c551dc81cc432bc3a51b92fcd |
| SHA256 | 03af905e690b40f992f4481db16977460511c2b16a77a19e2de566bc324d925a |
| SHA512 | a962fc2e2f87505b6c82fd7e9f838202176cedcac24b3e07036e701960f16e1a3696b983076b7ebeb4b6db82bc12b13a5110afbb4d0cdd832ecf85625c7718ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ada99723fb940b4d_0
| MD5 | 75a84bdd521c4f1e35c76dcff480a05b |
| SHA1 | a9f760f416ea622cc8f6476748a7e482744ee72a |
| SHA256 | 2e9ec835925e833d56e3d1e874fb743ac0fe39fb90eee5ee6fa11c565477b31f |
| SHA512 | 653ab3f1715029b18e6c5969bb044a698eefed89aff332006b3bf9793b0d3e555eddb06d0945215cf442ae872a183205b127d93c0698fbfe8d95d55fe9c79e09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4bacfbe0da3dfa2_0
| MD5 | 94ab976ab88ee8373f9b953671ae6867 |
| SHA1 | dc4de8690c03dd4e72afa65de9fed90731eb4118 |
| SHA256 | 94e0158c68e8ff217cb59909a98172ee28887f66a0b5f1f0e15da437181f856c |
| SHA512 | a11b561eff53f0b722770037e1129411219ae8bf64f74fc9c611a6141fb5c2b6cd2c585c79aaf7299380735fd9ab963a28d62b4188f7cc8ca7b37074fdd8f28f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82fe12d7c5774647_0
| MD5 | ffa1bb9909ff63ce78e2d5b5f68af3a9 |
| SHA1 | c6d06a687f8ddacc0740621b39694988ea79a244 |
| SHA256 | a881b1f42d578a00ce006c15f0dd757da9e2cb5dacbbb4defefaf0816b6119a2 |
| SHA512 | 21dc87b43e808457e49aa11451a6606c8e4a1892efaaa3acb6a5aa05bc2f3007c2be77ccf4764ab77eca27d52621c0c52aafc553b3480cf8076c4c0673522ac9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fb6d0b6d0a12ce0_0
| MD5 | 7d241c9e5b22f81807c79580d68b47f2 |
| SHA1 | 06045e85b5ee102992dd4512982d9b69016906c5 |
| SHA256 | af3fa2041c31104083b2605c8108c6987cfd653c80512ba36bb6c5d7e9b1c6a6 |
| SHA512 | caab3916f08dd1089fe8bfa15ce7ec5aeb1e455592f1ea9b90b4fefb99d548b2edd8cdf763d8a7ffd77b33f466be52db130214bed9066a6545e2995c33a4515c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8082cc7e81da7171_0
| MD5 | bfa62dbb9697de69db9048f60a2a590b |
| SHA1 | 686cc17568e1bee00eb126ce3d274dba712d6e1b |
| SHA256 | 19e0a1a9572e97fbea2eba74efd0d9f088594b07f11f818c9b2706588ae433fa |
| SHA512 | d209759811c75901019486ec150eee537274a07affe422f0df2791e7fec9eb7aa22c04beca9a7dbe03df151448838bb079abe9e0349b393e4da155aa75ab2d17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\13fa039c7b8f70ee_0
| MD5 | 7d11f33013e01e71ed358d0c093e4303 |
| SHA1 | a068c2738a7b5e60a163bd5e99ce49639aa01b9e |
| SHA256 | 20575cadf2b2b9311440f50c72940f893965fa6f0fb8e890bb69f974d73a509e |
| SHA512 | 9015cbdeced5a47967ac9f3d59337838e4d6f6ddf848c01b3e8d015f71d13ff06de7fbdbca453b34c401f6900d8c01126b44fd63d0b4fbcf7ad3d7969156e7cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\53a52e2ebed62e67_0
| MD5 | 6c1594367126b4dfcd157e8fb6bfa9d7 |
| SHA1 | eaf23503406005fe767280fc8897e288cd636145 |
| SHA256 | 65bb6aed3f19c51bdc99d7e72322f30d3415784851ae1c9ed0149f600a1a0a47 |
| SHA512 | 9d4f22daeb4efc39272216cd3cd387cef881a97b0e71a0d3f848bb485e7ee8acbe0982d2ec58a10ca82f11c8367f5559d1eac0ef000841d0f5fb3716e5ccbcc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37e479844c19ac3d_0
| MD5 | 9da699e335e37e5e8d8e15cead05289c |
| SHA1 | c97035033cb92673d556224ba278d20254119703 |
| SHA256 | 2ae830f1e74509c5ea8c61e2fc8543da700f46252093e3bb18a056fb55706dc9 |
| SHA512 | fdbc6bcb1265d575eceb40d91cd0affeb7e0b01c0e20a93793e8b745afdd4d464b0e8d47b9d7e64f90545aa8cff8c4ff77f44113f4c3ceef82ef16eb959bcba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9ee1814801b7e1217e3e269919f69de5 |
| SHA1 | 3de86b5fa68ca50d4070e6a785b3d0cea8333d52 |
| SHA256 | 069a8cd80a6b911a0942355ca4dc168d4cfc7e145cfdcf71d31996179ca353d0 |
| SHA512 | b08c8a329b0778158412a239cae47190739588555187ffcdf83b1b075e708eb5f2f3c8ee55d0b92ea6f57eff425a08afa51654fb09bb4c35206b7f815b592133 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c5ee3e7029a796e5d77cc1beb06e403 |
| SHA1 | 1c90a9a1c2b7dce8811168c619c13b8fa60b7135 |
| SHA256 | 1a512a898ec37b3e12b849370c18f387b20a9cc4c0d3dbdae021d15311c4c225 |
| SHA512 | e7d1fb0e6ec9f5f8113ad9c91788a306a27d272cf91528a4d3d0929a800cb167c2f71b551bed8461e0145d03f29d5c5d0a1a19c58a13872632590432027e311b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\47882720d0eba4dd_0
| MD5 | 10d47ba957966877fbfd3164dd93ee8e |
| SHA1 | a312db11d2e07f6f7a92933d69eb99547409d9f5 |
| SHA256 | 8a9d738d201388d1f0af12066a8e003cf7ea14aacea322375308852cae29d9a5 |
| SHA512 | b3180a65ba4b29b0dd6fa7b43cda1388f40e6a9f9472c7e703e8504ac5b4c7b08dd8c2148d6d70f2e0d506c30753f139d5ab45d690dac3c71ea7dea6091f96e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ccea38d19616e848_0
| MD5 | 1d0495a07d053f8c75b734b98e62e521 |
| SHA1 | dfe8747f8b970fef1195a665aaf70ab9e28c7fc6 |
| SHA256 | 4a14ee25f0bc243f67f1c33b48b84f2b54e8570752476f73f544865c2d69d611 |
| SHA512 | 922f8f9135012cc0f2517bdfb2e05e9fe27cec2bc5a9113025cb196a0a8e53784c8ec9b253be02cdfcaa6ab0251728c84a06a12de39aad21b54f273e0f7f7c48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d24e73ed74d0bb64_0
| MD5 | 2eb8f040ad3a77f4e17ebc31399a10fa |
| SHA1 | 8fa03d398ca45493408b942353cabe7d47111f77 |
| SHA256 | 8021a82fa1b91a183e126dda8e6bb4ae52207991b50fc4603f763a5ef51613f0 |
| SHA512 | 8cb17f0a00aad54f64049279363fcbe12f54ab8a41bbe14db2eaa11b79bebebfec9adaf7e5f6f7cba1898d3ba57222d36b926242590a61527747578fdf95ad19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\829e9d52170cd37b_0
| MD5 | a5bb89f5535167167b006cffaeeb0429 |
| SHA1 | a0b17c086e0ab9e701bfe17784ff1dbfc3953308 |
| SHA256 | d34c1229b481e2cd0da0caaf979608e26b723e9248c3b347b962593295f32f3a |
| SHA512 | e5fba636bb2598338564d807aa0c38b1e7f50f2d55677de25d286d20a15723655f15ca696f9c412546f7944224aac3bafd809b211b5f188825c8312f303e2ce6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ee34af565106f44_0
| MD5 | 50b7cae2622948ff6bba07990df3fc22 |
| SHA1 | e407a131b87cfec5114bd229c4d0510fc679128c |
| SHA256 | 8f65ad6379320e0ddd864305f08985593d9edf27e385a4e9808347c12330c8ef |
| SHA512 | d5366219ec42602303d432fb6da9350f0b24c99de8578dafcb203d0c0170fb8711546fb4ead7208951c029dfe2904b045b120c09ac88feadf48512675cae36a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3821427eb1608eca_0
| MD5 | 68fbaa3050022e60963468ce035c967c |
| SHA1 | ad9226b217a7ca83c2ae6fa06f9b7d2a21a65130 |
| SHA256 | cb364774dbcd73e4c4083c4a5e3e77510145c8b25371916d09ed3745785c7cfa |
| SHA512 | 58dda0b221257c8d141092fc8f61ef287c73865d826182948d2f3fa0c36604a37c3cfbdc67dc92dbc09a9b96c1a5e482b667468781f25e705ffcc6765113853b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d9d0c91544146ee5_0
| MD5 | 6da13987b500e070974d2f97dc453484 |
| SHA1 | adae8a91aa926e101adade3949faeb4cd347d18d |
| SHA256 | cad866e0f25860f3153cb060f2ff5028e36781cc4c18c05be37b761ce51ffb65 |
| SHA512 | db2b71895c5dc4a7ff530bbe067a97a55700ace30c3afe380765108597254c73f65c248046f5d66db6ec2d5639c806699c77e0679c02bd3434b90adbfb23552a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a3d6e445aa76e89_0
| MD5 | 190b5d4605772b61be6254a130bfddc2 |
| SHA1 | 0184a8bb89ac977d5ebd206a650a9fa127f13505 |
| SHA256 | 5f8207fa9919157f6bd3c76f470bab3ca7440e9ea9f63e197fbbbdc33ae06932 |
| SHA512 | baf4deccaa6a126923bf565fe9917cfd11e9df62fbb3dd1109772fd62f5d8c76f5c0d8608cddc0f7b17a62d5ece0efa53f6eda587701db2448dcdb1630d4e873 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04e1bbfc486eec56_0
| MD5 | 1b6b34e776883dbc72aa0a1b70eca42c |
| SHA1 | ca32badf702bd4613d700271f27ec9f7822f01c7 |
| SHA256 | 4dab0265387642af2f96c07c2b5871d138df02a820ebdf9156e40eefa5f6c34f |
| SHA512 | 3d6c2a523173f7596571bce2a04067baed65cde867069bd279f881bae7f113bf9528db5bd637f6f5af2ca7b1fabf8d47063ce6370817f75ca2a9c01c8d7cc1da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3676ac00f8f874ba_0
| MD5 | 191f7413288f1ff22b6c4f8be08d8144 |
| SHA1 | a893a0e3f4c82724a3bf4ab54c90a5142d33d1c1 |
| SHA256 | 8a0ddd2e9be096840830e6bce41863ba4d0246363d71bb26c37d78dd9c9a1bcf |
| SHA512 | 3ba479553cff48e72ef70c9d6804ff3f543e2ea018394dd5832c77f9284af48f557e4e2b30297f5f3d39e2ad85c048b5abb71e605b65c787a9f63350323ca80f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c3bc3f9b582bf457_0
| MD5 | 3377b7f5d8c6efa7a9973f3be529cdbc |
| SHA1 | 248808877112a59708a204c19c917e1e52f4bcba |
| SHA256 | a7a0343c2b4a27aca8406a9234021037179cc2cc891d6a044d129d811d289c0f |
| SHA512 | f0b18f843e542b7248a3ac60fb5b8c64e0c6d85fa6b7ba170f7399d3113d2ae1005ee41b0789bd3f43f2637023ec4f31117a38f4a70bb9ab8682ac60f2cd617d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\698b1b5948f5c3ce_0
| MD5 | cb7b55abf9d50dce32599b3f79446b26 |
| SHA1 | 4f57e6bd326024e5d29d3e74b9ddfc46e383fc33 |
| SHA256 | 7008d29a23a625c944f4b71317c2c12d71cc3889172a2df774c2750b0db5b82d |
| SHA512 | 966ba177b61a93fd36676bda3f87b8d05e490b615f3813f98d09ee7f650f5bbd3d780e8253610e47501974d9344615b79d52e97d1a81dc0d57e8c179f6bcdb4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\059d9ac87a9c8669_0
| MD5 | 7a595fdc24cb5f9fc23a2400ad8554c8 |
| SHA1 | 0f78c60dcc8ea8565893dd6710024f08ee5a264d |
| SHA256 | ed3ee2dbef0a39cc8b7d1a37d7609710a052a491fc3bdff71c51cda64ae6126f |
| SHA512 | c4a4104900769b6bd7752bdafb2686149904a6bfe3300b113d573163c397b22a5676e627c41c07c5e00bcdca0f304d6be126c9c5360b2c6a84be8ea286500890 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc76e3e01da8a34d_0
| MD5 | 1d6e83022a905986cdafe2cd5fe8fbed |
| SHA1 | e8e08078748d414f0371fb75fd27688b9dcf9803 |
| SHA256 | 4cb982ef3c0827a14b08843dbce5a4c374d7843db0a79dba6ade726f171b5785 |
| SHA512 | 024765ba5001ec8cb3325ff99d6c1db528beab4bc995d68aa4d41c0b165d24cdb6b9a8849d0ed32301d32052339ee996ae7ea9caf9ea8f52fa0a6fa286c3b8f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ad7837ec850d221a_0
| MD5 | d40aa815f6c32f7641c49645e47ff8d9 |
| SHA1 | 64cd54ec9137d9f454cc3beac2136bd3b949799e |
| SHA256 | 9b5690f09e303cbd9027a60765eb14d4754100ca31ff1e9cf0d4c859cf32f41e |
| SHA512 | 3a0671cef50ec9bb5574a9be13ff3949f20369a009ea15d1fe234f8258319c8addae366e46ad0a5af70fc6e647d402c5c75d040d4c11f78f8142fc9fbe04581d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e087ca4ff93d81a4_0
| MD5 | f0a2e0418c43852ac83fa34c18fac7ca |
| SHA1 | dcc6326c608b42e8a67a2c03ddaa737d9bf91de7 |
| SHA256 | d5b76c9e9a8e7e935838bd362f31a2a48ff79689f124d80c93bdc013d1d42ca2 |
| SHA512 | 04eb38d130d171208d2298f84e07e904906f42647a979a6d136dc50f8d469fe53a6ac6e4e20bf91f067fc3f1290b597b46b08a97b5ea6ffdb10fc067ba9a3f03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f81d81db6c99ba78_0
| MD5 | 80d76c6b8d85511080e18b973cc89acc |
| SHA1 | bb7a58df56928fdc2c678d449b52afc58ea27f07 |
| SHA256 | a4894c76c92b0483cfbf2152291cfef0e67897ae6789bbb3c923312c56a046dc |
| SHA512 | 9dce09cd291c1c075289ae518ccdbe102affb540647f7d96cd07b0d72c8421b77a86d46022108f1f6a15a8336392116af58890ff339cb18bd68784edeb55904c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ebaf3529ab6762ee_0
| MD5 | 64049aee8643ce07dd2e7c3adffbdced |
| SHA1 | 849893bfdd43ceac05f4acfea8d6335ea6d768d6 |
| SHA256 | 87af332e9429ab0865cef1a6a914aa004346de3c5c03eb1011a73d72ef8da026 |
| SHA512 | 3cba7d9f07e57e887ad31df677460a6bf2daf6fe75fd10b0c1d9882160871e8b038be847209ef57de24ae88705ded52faa2ebbda9897e5e228c25362655ac1f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9550be5537f85f52_0
| MD5 | 6cc58bb1fbda1acfceb01545459b202a |
| SHA1 | 87d2960f493002af503c0840b9f4670001b35976 |
| SHA256 | b1751b0888b093dff1ca814b32ccb1633501e395f867ff8e0c92254c1fcb7465 |
| SHA512 | bb554a05a0e9e3d0dcdc7212e25b6ffa989dcde4c48c0fba3e01895b6742f8bb841dd92bc0bdb18f697290d10a4917715d1be46cd7a902991047dbd6adffe856 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e54d22dfbd1448b6_0
| MD5 | 676fd085275d4ad6cc8679d4038851ff |
| SHA1 | ccd4fe14493d3ae69c8c22ef5b7abcf6abbfcd7d |
| SHA256 | fc1d728aae906d0406a43af7197e505b263cc79cd5f5ed19a0da0e290b2230a0 |
| SHA512 | fff30441b5e9bef7293978fe92756959084f26dcebefb88f8d7b7544ce8d66878d534ed8b3388a567b10256f795ea086046016c438ca16e8a799577dbf90b5ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a1e27ea15c1607a2_0
| MD5 | dfee7eda9769981cbb27303296caeacb |
| SHA1 | 0c8e2b83882e682577810e221c881320ce91ca94 |
| SHA256 | dea02243653e9a61d3df13931912b60e723a343106dc085d447976e1740d1cab |
| SHA512 | 10e00103c5e0b7f503589dafb90eb353ec57667b3d7a0c2e97bced5cd0c46c4eaf3a046a2756f172fe62351dc9366d4e54137b4e3e78dbc227ce093ec4de5783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86c93e2b445fafd1_0
| MD5 | 655b2fd697db65b3fcfb9583e5e8f016 |
| SHA1 | 8bb3429564a56cec02186df942131f01eda6c079 |
| SHA256 | 018bb44d55e3a3079a7f819998bbc0c0597eab6c18f8f5ed790a46dacacab268 |
| SHA512 | fb98c56ff3231e8b79f6194af430270d3822f398a701bf987d212bc781fdfcdd8bf7fad35ab3275496c86737eee150117d9ce9350b71028f2828662e13c4d181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3a5983b52c861731_0
| MD5 | d53024c1ae1b2817680c8f542b1794a3 |
| SHA1 | b6d920f132b6054b28ab8d6861ffdaff5de0bdaa |
| SHA256 | 02c5176a902d4a3a90d6e7df0cb69a42c8282860a9b506eff49ad88a11f357dd |
| SHA512 | 874afede2b477160e5acc8b7eccb3f0f06fad0b93c0c13556da03c968c1b1dda293a3cbf93d34b05ee08035e180b84f3e3fff4f564ee89b9f2b4cf3f0a84ce24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\acac4e8020972ce7_0
| MD5 | 62e2cd42eb4df59cbfe88918719b1417 |
| SHA1 | 432629c11ec00fe718d4981f13ba5434a883824b |
| SHA256 | 6cd0c82e8a2e9bbcf2db4f0f640504eac4d764e69aec90d5dbb69fcb74de21e2 |
| SHA512 | 730604cfd4c773397e7490b7df9f3ef62799635f8a73c541d1ac95c8704c324b0baf40e7d8930e7faabdf0b729685ac1f8742a7055d7b0e531b811df9c2ddd11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fe32427d3c908b1_0
| MD5 | 5bbd8a2c797aa7ebaf8a9325922be92d |
| SHA1 | 012d7b887523b2ba697d34ca1332fc9eda811a5e |
| SHA256 | 2adb4ccc3a649789a100c912377510880261169ac1e2e1810b345dd065418d53 |
| SHA512 | b126a05fcc758e336c7b9b4d8d58d39aa17053a5b18c7466aa00f36d6feccada72836eb085cf4815b976d7a89a6d98f1c3c3c83278c84ca732e670d251fd31a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68f56d8d2f6e7f86_0
| MD5 | 08e49b4487039808d06e8dec5f69648a |
| SHA1 | 5ecd6003be8093de5efc77ceaa95efd2dff16e5d |
| SHA256 | 9d414840fe827fcf25e19220e53ff6d19ceae14cdeb37e482d22a0bde726ade6 |
| SHA512 | 9a7e3c702400e13cedc3ba985dffd45cb715d2ed44a970788465c6ba9290e3394e475c34b163a1f73c1b557c3c6318d47e0d701bccc0064c6e3663a35d42edb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6d23cf61b2188522_0
| MD5 | 57ed80767ceddd582721c0ce72da8347 |
| SHA1 | 72124d1c30837c464b3071d4138470c3db2562fe |
| SHA256 | b7141107f2ce3a25f7dec0b8580fc1d67f65e139c14b9d39774f389df602a485 |
| SHA512 | bfb96bbc3f835c085de8b3ecf605a8a8d9470b9b9922e6ae3d72b6db67fc6dd63671bf3f0b87ffa60ab2b2cdec90efbbb8a434a3a6f1beb3573af70bf7e93ff8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5aa065352c1f536c_0
| MD5 | 5f61541be63f90e13fefc08f9e57a97b |
| SHA1 | af64c7c1a8e9a64a866b54b2101a58c7f2e4f344 |
| SHA256 | 5bd54064baf23b9bbe7e73580c5ef8798ebeea7ef13147ce479068d0f9f19024 |
| SHA512 | 180a066051c96f68d9f5fdf2ea1800998ce880636681ceea7064da65cb2df07d5c426cb917682c211e01648561a6b6e7c94da5acdc522672426c60c77e3fd9b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1db6fa5b8a79ed00_0
| MD5 | 1494ab0081059d08982ce9cb1a6c21bc |
| SHA1 | d50caf97d2abbf1c2ff7c66293fd832dad6fbd34 |
| SHA256 | eeb534bba38d3a1ab905a6dea40dfc0e9cf45a241538fe24366153cb46106769 |
| SHA512 | 6c307a1de9fb346ee824a27e83ff2c749ddd25a2355b8e81fdd970081a15d9719dc6abe58b407a5039248b9a737f08589811537cddf12f17fc45ef0230806275 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\11ee0c7337fcc230_0
| MD5 | f9b0634485c6bce4b133a054f849c815 |
| SHA1 | 056daf7d69792905d0972ccb49a88a0eddef0dad |
| SHA256 | 8f558b5d5f658a699cc90c0dd8dc13ef6c3624b85285e5fe7f1828c7e76bb964 |
| SHA512 | 758f9e701407786e8f38527104847cf62854f2317e98dd05f512cd6191769511c569d9ad45bdc64a1fe3e39acbad1cbfb6ba0dd481fa39ce1fb45399fcd87775 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7efc05442895d387_0
| MD5 | 929e64e2afc468811e9d1e969cbbd401 |
| SHA1 | 1857ea6b48cd4dec05503cbbeb63fb62e6a2879b |
| SHA256 | 1e18fa48d286ae4b93675fe734415cd5d4950e95903a8aa71caf66865128fce6 |
| SHA512 | 6f719774817814db440485582d803f9808f37ad6e45900460e6933ac66c8fe516f579a0a8ae74b7db2cf4cf80ff2c3bab17a90926ac20e818cd5b71de1989632 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 889686818f7e9db0b6d58e46e7599501 |
| SHA1 | b29211da1297e39b764d02d9724a8711d501f613 |
| SHA256 | bcf97dcda42e40fbd9a2074f076241e15cc3c339e9efbac1614353e74d7c86bd |
| SHA512 | 348b7978dba7a0d7cdd3d7ae2d697c6fc93fee9ab3bd3963de94b18dac645d88552c75c24d631d431fe298a331bc20f7dec399c23ccea2b3032b1e8052784025 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6ad91219f308fa93acffc73494c2e749 |
| SHA1 | 63880e2f2a2313b656fb0b100d7beb5889d83184 |
| SHA256 | ca96ed35f23e700a398a77229aec1031d0b88fa96c85b1cba0c6b8d90348e5dd |
| SHA512 | 3009fcfb4770d8a3a3e7a84be538e11b270a75c4e6e3875f1dd49622dcfb72dcd1f42b3713621d9eefabd27d1e9a8288147df307c2ac64bfc2133a94fda3a833 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 23a11835daef24b0d12d2dcff14787a1 |
| SHA1 | dc80660bfdd749698c8cbe8b410798a964fb0634 |
| SHA256 | a71509579bd5e303d7dbbbb188f9a77ac3fca591b51aa895dcc661065da4bff1 |
| SHA512 | e87947f02bd609453157cae74eba2f15dbda995e2b4644fea530fc22377044d6489da583a8aadf2723c95c078feb9d4d5c1cdb444dd09231cafccd5ae7365043 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f80cf6c48f35bea73968043292171f57 |
| SHA1 | abf7792b0c3b7d16d610faff748edf6e79196a8c |
| SHA256 | 53bbd1603b1dfc5edef8d2fd3cc52077f548610b55ae855ff7ead9bbf662ec3c |
| SHA512 | 21ebb310e8f8b26cf015f601747eb0811c2a6df9d2c2679865d1bec334741be9c961014c44f4fe2cf36744224ebab6d8d6377863ea4bd7e32b6fe9b135b30f70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 292c2478b61c1eedbd41023e2894dad3 |
| SHA1 | db7cde7bd90634132a0bdbca55214b22a32d8d92 |
| SHA256 | 09b009c32ef454aaddd62e5781e9a1670b6fe716f078cd21debf36ce495490c6 |
| SHA512 | 4d865bd5bb5b7003374073cc8bc84ba3be9d5d8727611e6d4a1c8e4a68380ff0b820e66d44f01b1376381179bce71c4fcf848301adb92e69ce35bd40eac5cb91 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-15 18:42
Reported
2024-02-15 19:13
Platform
win11-20240214-en
Max time kernel
1024s
Max time network
1056s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000\Software\Microsoft\Windows\CurrentVersion\Run\RealBSOD = "C:\\Users\\Admin\\Downloads\\RealBSOD.exe" | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RealBSOD (1).exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RealBSOD.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "1" | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\RealBSOD.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/TrashMalwares
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff890199758,0x7ff890199768,0x7ff890199778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=824 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1120 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3708 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=832 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5144 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 --field-trial-handle=1780,i,6456554954122830534,4215732463024442326,131072 /prefetch:8
C:\Users\Admin\Downloads\RealBSOD.exe
"C:\Users\Admin\Downloads\RealBSOD.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
Files
\??\pipe\crashpad_1084_UCZDMDWFACFOXOYC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7b80c0353f37121d358caa3223135150 |
| SHA1 | db3b69068cd2c5c8dca75ba3c8158a697a221d2c |
| SHA256 | 84549aac1cb81e3bfd398467c11dd25d1f2c0bd3e7c3b576001c4e376562160f |
| SHA512 | 0af3f4cd3ed34f724e0ca1fe2dfcd9c9253bcce61a2afdfbd3add452723d91c774b0ea4c35463faa9b448b1e4783958e67e76e004fa84a7fc8558ef60590b68a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cfe2f9be0b770a157b65d9790aa8372c |
| SHA1 | b264876617c51089db3684d1ac5535d0617e8bca |
| SHA256 | c2b2ce4f09aeab27e4c0c5cf852d8423bcaa2566486c612ff459f82655501bd6 |
| SHA512 | 813f53011dbfcd5321bc32ee62e974a74759cd2dc1d130e0fb32cc419a19d6345eed46656313e7967ab02a623a860d4f6da6eed24b538eb879317e53d2b10793 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f840bacbd2f0b56cb0756b72d45f523 |
| SHA1 | 972a4fd2afb07a503ee9ebfc3c543b1ab2925eba |
| SHA256 | e7221ca7ed15e583c3fc28690333985dd1010ad97e057f4957f2bb9e8b77c34b |
| SHA512 | fac08c20024a5fc0e0be94bd7dce6fe27ed9200f0ca43878e054f6c40cafbd90df4fbae3a5135d5580770a7d0af1f73be9fd5bec98a6ead5d35ae6f64c26c8e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c9d252b96c11948bee99ba39b9a5116 |
| SHA1 | f0769e7ef02bd7b784264ff962adbdc769168be2 |
| SHA256 | 2043018399ea7814125c8835c1145f2f789f2740c9ff9415478cc3f883b304fe |
| SHA512 | 79a8845c69dda96412b1e1b805ae968ed3f532ed53fc3a7bad81a277b3fab8703a2c812d88f4da85e54f04aacecb98218cfbbf00b3a4530e5140aa3070702f71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2d59db33c38c4bad00c2f3cf92d49b27 |
| SHA1 | b712ceb8b4ac8e826068c98063ac19d61a194126 |
| SHA256 | 1586ffe027eb02825b59af2bbaa53faa63cb2c78d7c19da6b44ecb5878a64bc1 |
| SHA512 | 8dc679be7b80b8716f3d42f89e85db2a9de6b9153c09c3869daf168414a2c3bfad174d1c93e482db29a73f18d56672effc7f0d9b157b0fd9d2ca1fbf7e0c2d61 |
C:\Users\Admin\Downloads\036b5568-2b95-4baa-ba17-8f1158a65126.tmp
| MD5 | 1092ecd10230551ef8cc90c32f103921 |
| SHA1 | d9c539c583164c23d3f62b9c9e659bbde59dcbe7 |
| SHA256 | 21e9c64b50918b43b657b4b11bd1d54d70c69723fca117a077ffb38ec4cd5fec |
| SHA512 | 4fb10500f88bee5b57c255f8e776cebb5dd99729e7a2df3978347fb24541770a2f2865c54d1cf9989caaf1cb54a43f84fb4f33aadcf5135c85380927648f2b6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6160c4ebf7869a27f0f6de28c2b718d0 |
| SHA1 | 9f5f4b7b5741cefac185a0a0bbd39140720fdc2e |
| SHA256 | 09ca1d93c1d7df7ddf65604c57009bf6283e54ae765b94f17a8a69e36a673a12 |
| SHA512 | 21bbd231c997bc5bdab4126ad9d04ecc2f7295e892609905ce97bb8731ac26c38a8dafcd84a0cd6014ea26ccc55e5e5e777a8450d030afde04c11857f2d71896 |
C:\Users\Admin\Downloads\RealBSOD (1).exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ca2b2a86e45329a7eaaa276e3a0f3971 |
| SHA1 | 8a9d437dc0428d3ade5748536137b694bc2ac527 |
| SHA256 | 73a9f4a5a77f38a83c6eea80720e2aa9f558d0f93c8c0aa04c6181f65b581b91 |
| SHA512 | 878e8f3eadf786761351149c27c7fe90cafe656c867cdd9868d32df44b02ed9aeb5728bd24f4724c0df528677007dd36736463d76a461708896e788712ba0dee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ad0c8ad99a84fef56751deaefc64385 |
| SHA1 | f8e859ff007ef44d2c101090851743b3e77b79df |
| SHA256 | 27b45071bd4f4bae83fb48f463f478892ca915edc34cfbfeb5a4053bab4e327f |
| SHA512 | fda249540b4858cb1b6ea08e5f604b37095ea5983cce0d22b85ba19f8cafc0ec904041938f14e44d97f33278baf3905613ba989188f2848990bbc195719d0a95 |
memory/4928-290-0x00000000748B0000-0x0000000075061000-memory.dmp
memory/4928-291-0x00000000008C0000-0x000000000090C000-memory.dmp
memory/4928-292-0x0000000005930000-0x0000000005ED6000-memory.dmp
memory/4928-293-0x0000000005420000-0x00000000054B2000-memory.dmp
memory/4928-294-0x0000000005680000-0x0000000005690000-memory.dmp
memory/4928-295-0x00000000053D0000-0x00000000053DA000-memory.dmp
memory/4928-296-0x0000000005680000-0x0000000005690000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 379216b470597ba0acda4f4603301c86 |
| SHA1 | d749bf96adea284ab3171eca88f01956826b388e |
| SHA256 | 494b8029d5c95ee8738003a3406efe06dc3f85b7e3eb7bc7ea85948af9e66cb2 |
| SHA512 | e1d168db44a1a59e133169ffb2032b38bd0b354d70d4302a8b2ce544072e4bcd6f8233b4ebc74a3d7d03fd64d2a82df47c45b51b23598459d481c15c2124a755 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe674131.TMP
| MD5 | e0b4f6bba08379f36eafa716abe58b9d |
| SHA1 | 910f979e57d833ba202e5eadca4d89dabeff697c |
| SHA256 | 4e91330154f2af86e46a5a47c17585b574a51d13eeb220f1c59a994058f69558 |
| SHA512 | aeb1103a2da40a2e11c7f664e8aaf25530423abcb79734b0e24f90097e3fc62e5a948441ef39027cd3b97b34928a0c20ae37a3b9ed7519cd2001b5f8f1019c53 |