Analysis Overview
SHA256
e38e93ce4d34f2f83b0a07f5ebc7e14e15aad707da51237089c47b68fc5894d1
Threat Level: Likely malicious
The file NameTag_Mod.dll was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 18:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 18:31
Reported
2024-02-23 18:34
Platform
win7-20240220-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NameTag_Mod.dll,#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 18:31
Reported
2024-02-23 18:49
Platform
win10v2004-20240221-en
Max time kernel
1050s
Max time network
1011s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531867807960458" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0400000000000000030000000200000001000000ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Pictures" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Mode = "4" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000004000000030000000200000001000000ffffffff | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1092616257" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{35055BAE-4270-484A-ACB3-B570A3EE4922} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 3a002e8096f2fd3decdbb44f81d16a3438bcf4de260001002600efbe11000000f01188dcca64da01e1ecec5fd164da01e1ecec5fd164da0114000000 | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MonkeModManager.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NameTag_Mod.dll,#1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffabf039758,0x7ffabf039768,0x7ffabf039778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6116 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5656 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5396 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2764 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5808 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5672 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6184 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3440 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5628 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6420 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:8
C:\Users\Admin\Downloads\MonkeModManager.exe
"C:\Users\Admin\Downloads\MonkeModManager.exe"
C:\Users\Admin\Downloads\MonkeModManager.exe
"C:\Users\Admin\Downloads\MonkeModManager.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 29.250.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.178.17.96.in-addr.arpa | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| GB | 104.77.160.220:443 | img.itch.zone | tcp |
| GB | 104.77.160.220:443 | img.itch.zone | tcp |
| GB | 104.77.160.220:443 | img.itch.zone | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| GB | 104.77.160.220:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | 99.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| GB | 104.77.160.220:443 | img.itch.zone | tcp |
| GB | 104.77.160.220:443 | img.itch.zone | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vrtelescope.itch.io | udp |
| US | 173.255.250.29:443 | vrtelescope.itch.io | tcp |
| US | 173.255.250.29:443 | vrtelescope.itch.io | tcp |
| US | 8.8.8.8:53 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | udp |
| US | 104.18.8.90:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 121.150.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| DE | 172.217.16.195:443 | beacons.gvt2.com | tcp |
| DE | 172.217.16.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
Files
\??\pipe\crashpad_5100_BZYFXLVRFDYMJWYS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d88df8200d4db0344bd5188dcf7265a9 |
| SHA1 | 34d18926ad35925e8700e0df838eeec2d37cb969 |
| SHA256 | 87dd5630339bdb5cc56108192b69438d725f69e88b27440af9bca749fee1db3b |
| SHA512 | 716f872225a5f75fd444cb98e04ec4482545fc20994f975adda3e371a53429a06ceb7ede01134262d5199851f19558baeff88721588d7060ee3c03c56ae5abaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd86e8b0deeae203f95b4def68115de3 |
| SHA1 | 0287670be44718144fe25f7b2a846899591e8b64 |
| SHA256 | 224720e42ec8bee625e5ebbefd82f480e0ea2f994caa183d7e697dd369d3a220 |
| SHA512 | fb1a8c25ebe20ea629b588edb7b1f6a69149c46e461451a107353f8f77c23ce0ea7491f9e6e989bd258a7d62ed492cd41faba53e7f09e799b3143745eb7d9f8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d6e9fc1adb65b38201d9e15530e8ce8f |
| SHA1 | d4110fac3a34181335354d4ca97b8e3e383220fe |
| SHA256 | 19bdb360285988b561a09d9c24b3b73821a4c15e0eed66078cda1e69a960103d |
| SHA512 | aabbe7e3d6d95fa067d381acded1025501971365b3a6ee43ed06a94cee86c0f1afcfc3875de425082f8a086a2a10529fafc96f3e21c202daf9c00a3eb58d1545 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ceebc9ff65f5125de8f8c6962f6346b0 |
| SHA1 | e7dedc5f18a3b40653a67749e2d67322d4185783 |
| SHA256 | cb74637db05300415aa9ed76396f4207a942b47c1488b7ed983ab33e107a4081 |
| SHA512 | c34d0957ea7ee7eff9522101884420d56a19f59c47c6e8e2080a53f61a61dacce4762b9b38d4d858ea06391448586e2a1b92cc88a1a88582b50c7d59a7f11a73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e26c132ceb5bfabfcc2ae62fbd408cd6 |
| SHA1 | 5c5a33d53c684fcb41115bb62f8a20dd6fef8708 |
| SHA256 | f0abb073d2abfd192c2bb4c9c2263510c0eccf8342970935b394533be0654d27 |
| SHA512 | 7a991b5118ffdcd32ea2816361fdf2d697ebda325f130ee88c36ed8932d5ee26aba50193ff5c48869f17c7c25a85385a73adbeb645c1fc7231a3dc2f1e189c9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5893b0.TMP
| MD5 | 7334743e560a1956894e4b982d61da8f |
| SHA1 | c4dbeee858be61c67bb392f6cda20a7e14d7a4f7 |
| SHA256 | 3115dd5ca2fa7235a3609448ecd850a234541ab27de9705969aab658814dc434 |
| SHA512 | 5c68f0124f489d2b8a2ac0dfc2b64860a8d44361b7ee567021159769089076319d462c7a6e04f38f769fe971d1c754760f95377ba6396e1ee8327aa59e96f1d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6f54879931494a7f7dee16dd490dfcf5 |
| SHA1 | cc8eab6390909ca1ff5c359477de31a85f08ca33 |
| SHA256 | f582f6dc2cf859943c4fce1932f634ea0d9a748777866a78fb3fc33000ab6d0c |
| SHA512 | dcb8928dd606276f1d0651425697c2d93dd9e42376ca8fcd891bd20d8467d2a194f5d88a3dfb2f396c9d5612e45dcd319c5da7729d559248bd862471a29bb5f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f1d6532222444d4476e5a4ace6bfdb8 |
| SHA1 | 9ac0a22641ac46153d9c4b3e2abc73a3d49dce15 |
| SHA256 | 0ce6cd109f1ed51c0e4dd58ffdf2227f08642fd213db36bd84d540ea2ce7a18c |
| SHA512 | 1e979d8247259b2259e35179fcbf6eac6c0874b93788305fd6914e3b34fc66b090564c9eea25fd1ddf64ba6f33675b7094c979372364e622105aa4b2e461b8a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bec15d16b4ec479f091319eee589e6ce |
| SHA1 | d6cb4aaad10f20bf56ce332b3e847cd579ecca17 |
| SHA256 | 7cb1b02dfd07a8119a7574fa10d15717eef780fcca703ec387d0c3fed5eb5bd4 |
| SHA512 | ce74b20a4f9df80a73ed6289ff219b8e3b40491a265f2f069ea45e17225b083a0066c2b051a51bf260ac2412c925f83564da0d81601ddb9d35360ce7e70d76f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c176.TMP
| MD5 | 3e6baa4e04276f8b8847d81545f95f00 |
| SHA1 | b3f7c5c3b7f4a18ca8c5b91a7354a158e3d5db97 |
| SHA256 | c11f1cdbdf0e8eaac381dd8beb21017fe74da1d57f7da160615547779af9525e |
| SHA512 | 9065b36c1efbdf7d56ec602c6cc348952916f867aab0e19999c69785a1d884d25a0fd3121e7d0da048137c8e50cc3e61c492f72b2294216743fdb3a4b251a6ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5df0b9f3e011a6b0b123460f0b914bad |
| SHA1 | 6657b33435213e7ee3f8bcbfd1b92a2d03cac459 |
| SHA256 | aab795425c66ece706d06b1f770563db65c9f85271d16e31b182887b067c56de |
| SHA512 | d74b11d39ffa7c3ba168b5e6fc7917bcef78c7cf4250d58c958f737e448eca50531fd0f0a45c3ef6cb8b54c1f5b1a6196c9f6e09e86fced875e95995718ad3f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a66157998072f4fad60894706c8113e |
| SHA1 | 3941a12cc11c56a6501fef15659097bc2c6fd9f9 |
| SHA256 | 68241292a524b195d089c4e6e8eb5f34a31f09ee52ad002f5c410a850510cca4 |
| SHA512 | 6881508c30072b3348297c6ae5f7d2390c445323ddd46020dc1e1b58fd3db65b50dfd1aa1de0c22265b8a941f2c707821293a7bf04797f0a87b1c854ab0f860d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2fc1efc8dcfbe3ef2e9a9df40216c254 |
| SHA1 | d0fc6cc867e4a00c7ea3d34bef698e855ea7b6e5 |
| SHA256 | f5329abeab0ccd98357c5da177d18e0c0d9667d3214c33ae162e26bd64d0b8f4 |
| SHA512 | 98ecdede1d458421de2952a51fbe44a323ad07075362e4e24407b80fc0b0bcce1261271ed448a5251a410dcdae96375f760dc6d62f46c77bb45c3538b24df73e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a75e7e4d7760811ef5678f761597bf09 |
| SHA1 | 7c9d7395fb2819eda2ff1888e370aace34dc30a4 |
| SHA256 | 38173a384aa37c34bb8d98e2aa2b76664cad84af797053f7097ea6c0f0a9b2b6 |
| SHA512 | 2886bb9393c685fccd00b7626a00bcdf203f4a17571610d0cb904f1636a182f289112355892160fdfb8cf88ed6c7ccc5763d6dbd3b8e60448ab4325ef3fa0c1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 67804070e68f5141974922a54c2ef934 |
| SHA1 | e592158bd17db1ce537ff05849cc08d9b00629a5 |
| SHA256 | ee0d8edc1dc6128dbf2d7149c3a74dbc0dc83af637e6e793906cd625e48a591d |
| SHA512 | bd5e1b5a1c5b570305595bdafff0564d85d3584cd0d1244dc860498e739c877a43136cf5ce28c9f98c91242edd570537d73771f16fe19a63f13de503a88361fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ebc68901342b9e489753b926089e91d5 |
| SHA1 | f38a71716ad3186a09dd7cfaa8288d9b65161f40 |
| SHA256 | 4b7d785744e13224f68d0ee23ae3b5297f69999c62cc25f5b2b71b77f9e082eb |
| SHA512 | 789b10b3f3de74c4b2404551806ffa0a8b714d29010c0c8ad691624e8a0d993ec43a88c999c6cf8d7c16eba1e7d38896af673b8e642c0bc93f0e64285d649257 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 34e12ac55e8b692b03007129d33434fc |
| SHA1 | 1f3d76f1b2302c53e0087311adc7f397ff87d5d4 |
| SHA256 | 95a4683a44c99c1bc9d9c7c6d4a87b6b09c128e915750915ede805bbe930bec4 |
| SHA512 | 4feae6f4279084247f6ad0702a7d0943ce2b7cd2a0c298ea1830540c28ae98cfdab05745d099cfa7a989f1cca86adcff77e4379be229504f419d6858938d9d3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | acf2c8272de121f32efb553b8c1c030e |
| SHA1 | c13c59796f3ca6e7967275df544470162f65027c |
| SHA256 | cf62f0d28a9d4a9d402c6d7d9706d608fede9602aeda06465e5c31775b2b8460 |
| SHA512 | 86966ffb20e73c217e81cfb412f22e79705c4dee8b32ff446dffceca7f786e8a0d9c9cdd816ada2c2fa07c06b7ef770e2775ebe56d4a049b5492e2608466e15f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1089df22757a0794c60db79a4447cc7b |
| SHA1 | e59aac85e7b5fc7cd2bce47ebc35f88c6aa98076 |
| SHA256 | 0eb5e49ecc8fd1cd40fbc9b51171f9cf341156fe8b2dd09f9e4b3ed5af1fbc6a |
| SHA512 | dca410887812401a78bfe9d06311affe272577dc360193826d1617b0629cc228cc5c3cd69c57a14d55bf1fdae08519d72966d5180e2690e9f6cbd4bfd12da9f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43a0b64ad6be55c35f463cff3e2f9430 |
| SHA1 | 28de77b391f25cb67900eaf87df592fa5414ffc8 |
| SHA256 | 1694f1cc47be8c495f9ce3baefcc6846480367b6983e45c3cb5a53985ef011a2 |
| SHA512 | 638540ab4f8c51c2c9a956bd469d873aabcb28d4fb4e8de6cf16844885602c8045adbd7f77b6efb9c28d850a6a83f7aeab9b5e5b5b50173f4c7ca99a516ce060 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9720f9149eec18e5d0a470f31334e0ce |
| SHA1 | a14ce88bccb6e7cefa4e693d8b912e9029d39c31 |
| SHA256 | 0789c17c8283dc65e2256d633aaf8a6cab1742fd19c2c2ad828308e5162aed6d |
| SHA512 | 24d9d335e6bda6a2d49e4f2ba6d562e94b8ab8da9f70d222194418a17be3c26cf453c829f2453ae312607c8a4e71ac9e34e94c22ca2807b3c9e30c1330877824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a446936f4d210192af0b3f1c70bdd71 |
| SHA1 | ef7b157323580d8c488e993951ec434089460f6d |
| SHA256 | 7304ab4d1e8cddf3e391f109b07d22f3b65bd62a523cc463b6cd9c8e6b67692b |
| SHA512 | 2fca9306f75a3f089fc9525662775dff0550ec633b18b2adb88a5bd0a367cb6f83b107d8f82b51ae8217665eb28b27d553fe288822be6d0b59838840b830ef80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 83970aec4316af27d59d001bd04a1023 |
| SHA1 | 176ab71184fb76bfbebb6db548e2a919c744813f |
| SHA256 | 0741b15a866f6216d354e0788c6658e171c117ec26f9e064e4cbf135bafeab0a |
| SHA512 | a7ddf6112ca5b09b372ba40b83b3a261744216fa6d8ecb2fd3865e142939f035e1ed2ba08b943cc65d7738cdd7717583b1464bf2f53400e6dab6f350d44481a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8bdeb6f9281ffa3bcdc8745ff44d254a |
| SHA1 | bfea54ec5cfd93debd1a06ca46033be524de4496 |
| SHA256 | 0d53fd32256e281893c34df8571a6ec2be19ed57298a74f66c99bee371c8c1fd |
| SHA512 | 4ed18778de7d1bd922e344ed98c7201e3439488227fdb3fd2c45acd8caba429156849b2a3b275647ddbd19da5d513ef9d96a6fd46491f7b9b95142351977a92e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3625542f15fbea7250baa9e67edf3b96 |
| SHA1 | 62168a69aa445f762d5cf5b7a9b8e472b790ebc8 |
| SHA256 | bb1c033d69098ff17416036f76bc5885e0dca2f1274467f0571a5dd613c1c690 |
| SHA512 | 48367a846f8117350315a304e7aaa441975e5e569716eedf37c1520f2bb33ac40cc38fafa91bf1b54fb5da241f7c7c285f483b390bbb1b2d46c1e33eabbbc7e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5abd47f39d7a06064a17fc2a035a5394 |
| SHA1 | 9b46dbd6dab7ec69febdd20df44851ac552265f9 |
| SHA256 | db9016d4ee627fc3c0e6d7f30f859cf7ad5face391d27fbf0338dee18c5202b6 |
| SHA512 | c296beaec9ccaefc55a3afbd7bfc33c372dc295b6617f86e59638c6889c4f5419bea2d411aea7e16ac02aebce28662023ee104ce225aaf58233c97c7e2c7ecfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d272d1f3061f0b09da7f36e3ce71ca84 |
| SHA1 | e2d08e7a8ca6f18ab0e8c0d1b528b8a58e6619e5 |
| SHA256 | 1ae31a7da0d6c2a1b0a9813f116f91198c6e6cd8d81cd853f82e71d84acd96c8 |
| SHA512 | ca90a5c6c26c45147c2e3b79536e65332b4ac16bd014c3f1cb6734e5669c53efc79d263c046983dfa7b401540c88202a1d29c357de3a19a1492ce9aead19a3b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 841a033a28c515b49f991e55e4fe3a8c |
| SHA1 | 9b2fc8885cd539e440513af2874a027891e6aa6f |
| SHA256 | 333c5066131867e959b4a63995258c03df1eb21d09202a1a23f576629a90de9d |
| SHA512 | 1feea7a6d06bae99651dee7dacde86e5042a22b610c9b72ca761c48e84544edf6ef767963e57a7f195dfa44df05a66845fd5fc131a9a76a9f657e1a3998f8c1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe56e153e8aa84d21e8f590ea4ffe202 |
| SHA1 | 5edda3da92fd9ec5b884d391fe0ab982c782d350 |
| SHA256 | 0ac1a37287461e26ae1aea4aef1440b0489c6c021d0a7252ff935d5ea9489779 |
| SHA512 | 09b07310281e7be12522547d1a01fb02ffd69d93f2e6c7b2fd6a27c40cf444d088e6f34f6c198db6aa6fc48395aef9f6757cf367889b12f3aba4e5d5d14c3c98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 58c4f95735b585e66c438edee7bbb782 |
| SHA1 | ec45fc606805594da9a8145c5320aabff2103001 |
| SHA256 | 940a33a3a04010f19e102b8cf0a3ebf8e85734bc4ed36c6730844e766b3acdd5 |
| SHA512 | 76d8e3a7674dd8ec51b128c173685ad8dd8e907fbe4748516368b6fba998defadfae0632973ca959e04dcb73a200c53ed259c3b33a452e7697d861fb5191c35e |
C:\Users\Admin\Downloads\Unconfirmed 894297.crdownload
| MD5 | 1d62aa3d19462f3d5575fc54159911b4 |
| SHA1 | b37eab86c0075245fcc517a280f0705f6dffb852 |
| SHA256 | 6acaae0fb470790102a338e23dfe2263f31e529288e4efe51b34bca30371cb36 |
| SHA512 | 78a9501d7920920577a586396e5d9e2278a7c926448c9a98d7844db9032dbd887df90d2f389fe1754bf5a2071a19dfd5d40315624923e903ef9ef6cbb214b1df |
memory/1396-901-0x0000029C1B140000-0x0000029C1B17C000-memory.dmp
memory/1396-902-0x00007FFABB870000-0x00007FFABC331000-memory.dmp
memory/1396-903-0x0000029C356C0000-0x0000029C356D0000-memory.dmp
memory/1396-904-0x0000029C356C0000-0x0000029C356D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 83c60b3a5818951a7f8274f4eb3e8897 |
| SHA1 | 79ffe3829e27f3388de8df555896d9df1d9b9f31 |
| SHA256 | 2463750cc87d81ee9af3849d951fcdc17a5317eee9021fe0febfcaf1180ef67a |
| SHA512 | c8abfab6c4799f7daa3bd719b67378a5db4949080be721fea3af89db887ced897d35f9ffcf9f5b8c518f0084ba4ecc9629f74e87d23c1c5ac60d351bbb045aa7 |
memory/1396-914-0x0000029C356C0000-0x0000029C356D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b8128461ed7727c1ce1829777f5d8fe6 |
| SHA1 | d45b08158b599d4be0290ac6c3d4d619bd5e7ef7 |
| SHA256 | fbce12f02de228d1a5958210c31a45f9cb3b923fb8fbe8d3c449de9b91b32896 |
| SHA512 | fce6f4349810280a892ece4ee28541097944e59b7755ec90738497e01faeb439e8e714333205648bdbc05f495ae68f25436d2583db92ffde552da7bff6973fa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d06c5c2aee99d4249b4a80349b06c3e |
| SHA1 | c2c5975e9f00292edc3c5dd648a0f06fcda1eef3 |
| SHA256 | 5aef2475dfba3184c607cda0882b0b5e3d506e671305b2e45c5cb8083d9a6391 |
| SHA512 | 270f57b7e50d7cfbd67053e6d8a2937db41e089e6913d18ce68a7fb4e78c1c7967167d8119f7bfcd0b02a9543673ec7d2b59e0e9f664b4229ec810556d255039 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3d2518e915fe2250df5a94582f040416 |
| SHA1 | b59ce78fb235d9050089b805d6a90056011070ab |
| SHA256 | a6f91b981d0dabd58a9e897ac762c7915ee2877d415cab5ace4098df07560e71 |
| SHA512 | 3afd756833f32aae768c439ef13375ba9e76685cf8ec3218eafe7d5d6ab5cf609ed77aae411ae03de0da25075d3594a9e128325f68df1607ebbe1cae8d2501a6 |
memory/1396-947-0x00007FFABB870000-0x00007FFABC331000-memory.dmp
memory/1396-948-0x0000029C356C0000-0x0000029C356D0000-memory.dmp
memory/1396-949-0x0000029C356C0000-0x0000029C356D0000-memory.dmp
memory/1396-950-0x00007FFABB870000-0x00007FFABC331000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | acbd97d2fd05a13dce48547c8564c893 |
| SHA1 | ba7628b7dca59b744afdc626419161efb757b57c |
| SHA256 | 98cb2af3c786509d85456288a1c32cf81fddbbaebc97261d4f81e03dd53f7145 |
| SHA512 | 83b72722ae700079132b8202e309254090fc26d82070db67f8a048f5ec2aea6731cd76bc89897269239b70aec69c7e8460a39c6362159b6f3f5454921fd3d22d |
memory/2968-971-0x00007FFABB490000-0x00007FFABBF51000-memory.dmp
memory/2968-972-0x000002AF7DB70000-0x000002AF7DB80000-memory.dmp
memory/2968-973-0x000002AF7DB70000-0x000002AF7DB80000-memory.dmp
memory/2968-974-0x000002AF7DB70000-0x000002AF7DB80000-memory.dmp
memory/2968-975-0x00007FFABB490000-0x00007FFABBF51000-memory.dmp
memory/2968-976-0x000002AF7DB70000-0x000002AF7DB80000-memory.dmp
memory/2968-977-0x000002AF7DB70000-0x000002AF7DB80000-memory.dmp
memory/2968-978-0x000002AF7DB70000-0x000002AF7DB80000-memory.dmp
memory/2968-1024-0x00007FFABB490000-0x00007FFABBF51000-memory.dmp