Analysis Overview
SHA256
80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684
Threat Level: Known bad
The file LaunchBFH.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Program crash
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Runs ping.exe
Checks processor information in registry
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 11:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 11:41
Reported
2024-02-25 12:12
Platform
win7-20240221-en
Max time kernel
1562s
Max time network
1566s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe
"C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 31680
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 31680\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 31680\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif
31680\Apply.pif 31680\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 524
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Inventory
| MD5 | b649c8b485f6b192061ad04a185f03dc |
| SHA1 | 6fb0cc214d6d55d400793c3d085d9ea98c7fbb87 |
| SHA256 | fee25a6fcbd1d1bfbeca85e9a97e882d1b4a0bc5a521838f8b6ee1fe6c7370e9 |
| SHA512 | e12fdc7e64f6b2ad9ef45b01ec7ab87bb1dba4c29e727517b9690018b2ec699bdd2173cf9eac8a0f3441c32ba8a952ab8de2b0bf63c6c47c94f56ba92bf2cbe3 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Cookbook
| MD5 | e9db611974409fb7c1770fe95bfd5402 |
| SHA1 | ad077d6f8ad48bd4a8edbca88711cc4b7c71c1b5 |
| SHA256 | fc141ffe6bf256b8794c769feed25fa8bfeff01a60cdd2699e2d84e94585553c |
| SHA512 | 623694fdcc7acd66ed8170a158d2209706311566e04629c5a03b133902f729a554c3aaa6c85ef1163edaa3dfafd72d85b49f6edfa73e5419e57fac1d2f489799 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Increasingly
| MD5 | 863ce19b37f186c47a26882e399b9a81 |
| SHA1 | 3843eded5fdd895e41694174d79789854bccada5 |
| SHA256 | 0dbcc3e2ccfd18644f4ec3a24058cf6109e520b0c2213d8a083b5200696d20c6 |
| SHA512 | ca5323396012958b0269f4f0c1af62c0b26f593d061d81755060873dc270aa8680d4f61b00a445fc123d406d6f0e06fc1f7d45bc54c1efdc757b7e3531199f33 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Rounds
| MD5 | 12073c3269a07bf6bc9cd8b66462fc0f |
| SHA1 | f3a762ef9933b82aeae112b09a231f140ed2363f |
| SHA256 | 12221e02174a5148dd215e1b1dcc81e47704be82e8dbc4e93eb9a664e582cbda |
| SHA512 | e0c586ebb4b18a45345e293189ff52e83d974f52a76c0cd614ac28c6d50288e84f78fc28adeeb0d10adf3bae0a21789e59698e86a96012c2901a32406aceb206 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Affordable
| MD5 | e66c8890c2eb6adba5948d082bd215a6 |
| SHA1 | 93a813794b38b728c8a6248c64221a419b026ce4 |
| SHA256 | 99e62c44a3dbf370201324564c94be16ffb81b29c543ec5fd6f14e1a3be75e1a |
| SHA512 | 9b7546cee1ba82ff4db0a3598098be91bbd114e4a80116b15ac9ea106fa881b201eee6dda4ee91b2d917ecaab5bc2327dcd34047c60f122f6e0fdacb79e49d17 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Ink
| MD5 | baa1587c7effd1d982a3cfe987d0f4a2 |
| SHA1 | edf879652a193ac9f685a44fc8ff39da7571f803 |
| SHA256 | e4160779100599c8404fd1153f0af398df82c8a78ce0ae98e53fdcefdfcad60f |
| SHA512 | 68d8fdd4877ac7d97a238ad9fe2f91160bf71ea54cbb62bebe56dbfb00dcfe88d6291b9188ff6500caff28bd3b4518f4697e30227279f6059324e6756a995ea4 |
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31680\Apply.pif
| MD5 | 848164d084384c49937f99d5b894253e |
| SHA1 | 3055ef803eeec4f175ebf120f94125717ee12444 |
| SHA256 | f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3 |
| SHA512 | aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a |
memory/2512-25-0x0000000077D40000-0x0000000077E16000-memory.dmp
memory/2512-26-0x0000000003CF0000-0x0000000003D39000-memory.dmp
memory/2512-27-0x0000000003CF0000-0x0000000003D39000-memory.dmp
memory/2512-28-0x0000000003CF0000-0x0000000003D39000-memory.dmp
memory/2512-29-0x0000000003CF0000-0x0000000003D39000-memory.dmp
memory/2512-30-0x0000000003CF0000-0x0000000003D39000-memory.dmp
memory/2512-31-0x0000000003CF0000-0x0000000003D39000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-25 11:41
Reported
2024-02-25 12:12
Platform
win10v2004-20240221-en
Max time kernel
1800s
Max time network
1690s
Command Line
Signatures
Lumma Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO865243F9\LaunchBFH.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8659D3C9\LaunchBFH.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31671\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO865243F9\LaunchBFH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\32203\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8659D3C9\LaunchBFH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\32242\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\32373\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\32402\Apply.pif | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.005\32500\Apply.pif | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533349316720603" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe
"C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 31671
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 31671\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 31671\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31671\Apply.pif
31671\Apply.pif 31671\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb2ff9758,0x7ffeb2ff9768,0x7ffeb2ff9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4904 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2428 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4692 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3448 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:2
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\8lderxdvhq.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\7zO865243F9\LaunchBFH.exe
"C:\Users\Admin\AppData\Local\Temp\7zO865243F9\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 32203
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 32203\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 32203\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\32203\Apply.pif
32203\Apply.pif 32203\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\AppData\Local\Temp\7zO8659D3C9\LaunchBFH.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8659D3C9\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 32242
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 32242\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 32242\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\32242\Apply.pif
32242\Apply.pif 32242\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\8lderxdvhq\" -ad -an -ai#7zMap14512:82:7zEvent16719
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\" -ad -an -ai#7zMap4083:106:7zEvent25196
C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe
"C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 32373
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 32373\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 32373\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\32373\Apply.pif
32373\Apply.pif 32373\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe
"C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 32402
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 32402\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 32402\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\32402\Apply.pif
32402\Apply.pif 32402\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe
"C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\LaunchBFH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 32500
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 32500\Apply.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Ink 32500\o
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.005\32500\Apply.pif
32500\Apply.pif 32500\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\BlackSoft
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH\settings\settings.cfg
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb2ff9758,0x7ffeb2ff9768,0x7ffeb2ff9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3420 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3784 --field-trial-handle=1884,i,10494433232746413856,17824875327147230038,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | assumptionflattyou.shop | udp |
| US | 172.67.163.54:443 | assumptionflattyou.shop | tcp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 54.163.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 5350.xg4ken.com | udp |
| IE | 52.212.20.98:443 | 5350.xg4ken.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.20.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| IE | 52.212.20.98:443 | 5350.xg4ken.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
| US | 172.67.163.54:443 | assumptionflattyou.shop | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 172.67.163.54:443 | assumptionflattyou.shop | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
| US | 172.67.163.54:443 | assumptionflattyou.shop | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 172.67.163.54:443 | assumptionflattyou.shop | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qBnWsPFfTrJBhDSbGyd.qBnWsPFfTrJBhDSbGyd | udp |
| US | 172.67.163.54:443 | assumptionflattyou.shop | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons3.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons3.gvt2.com | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Inventory
| MD5 | b649c8b485f6b192061ad04a185f03dc |
| SHA1 | 6fb0cc214d6d55d400793c3d085d9ea98c7fbb87 |
| SHA256 | fee25a6fcbd1d1bfbeca85e9a97e882d1b4a0bc5a521838f8b6ee1fe6c7370e9 |
| SHA512 | e12fdc7e64f6b2ad9ef45b01ec7ab87bb1dba4c29e727517b9690018b2ec699bdd2173cf9eac8a0f3441c32ba8a952ab8de2b0bf63c6c47c94f56ba92bf2cbe3 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Cookbook
| MD5 | e9db611974409fb7c1770fe95bfd5402 |
| SHA1 | ad077d6f8ad48bd4a8edbca88711cc4b7c71c1b5 |
| SHA256 | fc141ffe6bf256b8794c769feed25fa8bfeff01a60cdd2699e2d84e94585553c |
| SHA512 | 623694fdcc7acd66ed8170a158d2209706311566e04629c5a03b133902f729a554c3aaa6c85ef1163edaa3dfafd72d85b49f6edfa73e5419e57fac1d2f489799 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Increasingly
| MD5 | 863ce19b37f186c47a26882e399b9a81 |
| SHA1 | 3843eded5fdd895e41694174d79789854bccada5 |
| SHA256 | 0dbcc3e2ccfd18644f4ec3a24058cf6109e520b0c2213d8a083b5200696d20c6 |
| SHA512 | ca5323396012958b0269f4f0c1af62c0b26f593d061d81755060873dc270aa8680d4f61b00a445fc123d406d6f0e06fc1f7d45bc54c1efdc757b7e3531199f33 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Rounds
| MD5 | 12073c3269a07bf6bc9cd8b66462fc0f |
| SHA1 | f3a762ef9933b82aeae112b09a231f140ed2363f |
| SHA256 | 12221e02174a5148dd215e1b1dcc81e47704be82e8dbc4e93eb9a664e582cbda |
| SHA512 | e0c586ebb4b18a45345e293189ff52e83d974f52a76c0cd614ac28c6d50288e84f78fc28adeeb0d10adf3bae0a21789e59698e86a96012c2901a32406aceb206 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Affordable
| MD5 | e66c8890c2eb6adba5948d082bd215a6 |
| SHA1 | 93a813794b38b728c8a6248c64221a419b026ce4 |
| SHA256 | 99e62c44a3dbf370201324564c94be16ffb81b29c543ec5fd6f14e1a3be75e1a |
| SHA512 | 9b7546cee1ba82ff4db0a3598098be91bbd114e4a80116b15ac9ea106fa881b201eee6dda4ee91b2d917ecaab5bc2327dcd34047c60f122f6e0fdacb79e49d17 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Ink
| MD5 | baa1587c7effd1d982a3cfe987d0f4a2 |
| SHA1 | edf879652a193ac9f685a44fc8ff39da7571f803 |
| SHA256 | e4160779100599c8404fd1153f0af398df82c8a78ce0ae98e53fdcefdfcad60f |
| SHA512 | 68d8fdd4877ac7d97a238ad9fe2f91160bf71ea54cbb62bebe56dbfb00dcfe88d6291b9188ff6500caff28bd3b4518f4697e30227279f6059324e6756a995ea4 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31671\Apply.pif
| MD5 | 848164d084384c49937f99d5b894253e |
| SHA1 | 3055ef803eeec4f175ebf120f94125717ee12444 |
| SHA256 | f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3 |
| SHA512 | aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a |
memory/3924-25-0x0000000077741000-0x0000000077861000-memory.dmp
\??\pipe\crashpad_4368_QGXKFJSWPOEXDRDH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/3924-45-0x0000000005110000-0x0000000005111000-memory.dmp
memory/3924-46-0x0000000000220000-0x0000000000269000-memory.dmp
memory/3924-47-0x0000000000220000-0x0000000000269000-memory.dmp
memory/3924-48-0x0000000000220000-0x0000000000269000-memory.dmp
memory/3924-49-0x0000000000220000-0x0000000000269000-memory.dmp
memory/3924-50-0x0000000000220000-0x0000000000269000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9040dca01af084779b86d59c66433526 |
| SHA1 | 5378f13105b75c2b1ea557228cc766446118d78c |
| SHA256 | 01bf78ad21ba2f96ccf3e3a9dfc85fd915398d4cffb53e1bc7e1eaec3e7bbdef |
| SHA512 | c1cf67fc56c4889bc545c9e0364215db3bb2a45f9e8c98cc0c442c4094c6423bc12015a51a97a713d429a700f4f09073b3a09af9bf30e66a20c49681036e125c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6ccdad67b3bbcff0fd6f0e1fe238f2a |
| SHA1 | 4f8b3ed6e82f4cbc87103b62789460296e5e55c5 |
| SHA256 | f08d049083749b49d420df14805a31b202322cf5beb2594513728aa6f80040d3 |
| SHA512 | 9935373b8485513037b6929c9be2051427ef132a856d90d431b7c5471cb648337a58e86c0b8dd59b7ceeb210ff25dd961a48dc6bb2ee1e72367a80f3ff591699 |
memory/3924-61-0x0000000000220000-0x0000000000269000-memory.dmp
memory/3924-62-0x0000000005120000-0x0000000005121000-memory.dmp
memory/3924-63-0x0000000005120000-0x0000000005121000-memory.dmp
memory/3924-64-0x0000000005120000-0x0000000005121000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b73fbe0ef0342f6c6edcdcbe50d1c8ae |
| SHA1 | 65aa6e77838c092418d676565b62709243683102 |
| SHA256 | e601f94bdbd474d4c873543b47de09f31704c1b95487407a4e703f2f8726e351 |
| SHA512 | e8eaceb2d7372361979014e73a06798e65e19de644d6645c3111d0c8eb9cf9c3477707159c3d0118027eebb1ad5a2415e47949ebcfbba0e3281396b9726feea5 |
memory/3924-72-0x0000000000220000-0x0000000000269000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f4ad5631f9f9f7f47af3a3a0105c7fd4 |
| SHA1 | a4050a39a776e88885d1aacf5dba2b835e33f9c6 |
| SHA256 | 0bd6f607d363d5300a8bf2ac8ea2cfc6b564381822be02e2d12bf38b1711582f |
| SHA512 | 2711baa335fda858ef23b666e8942899271a7d66f199db55191e27a31d8e81872510072575164f1e44665c559a81534046dd5f8dd87eeb0b9a5dfdb411d6112f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c76d9adcb9b24326066a789df5dee0bf |
| SHA1 | 7d29082cac036b712f0183df98ff06335ed12581 |
| SHA256 | 1b77e85114a7c8c85c835d4ac5a24932ec49a62bfa027eb0c3f2385ab7e7a461 |
| SHA512 | 4b6ce70b3a950804d85fc40019374c6f75b68c287fdea9ce3474ef422028c9305bf03dd507a3b1f504593429423440f37b399b956d72804badb32dbf6df6a620 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f3c6852f1cf108d64cba3069b5c7a003 |
| SHA1 | 130c4360e5250d24f697b347ec6fa8a300260b58 |
| SHA256 | d58c91714e7da60d394947129e912ab74c59e59f08f1bbe1c5147bfe1c496202 |
| SHA512 | bc90d7926b216b763bb5323a9a3d583bc8a390374287fea8158ca58761f73fbd2959b0cdf325c1970a7704b2884883956a75183a1617b5f51a4b3cb33ce315ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 985f70232e7d612b8f14970278210b89 |
| SHA1 | 4782d0af7d8bed14ec6fe50cb3a105a2f6b7e87b |
| SHA256 | 21ce6702cf279338728ad74c344b8280c1f9074de4a6a84886dae9b3335b665c |
| SHA512 | 1b198af16116554f679e539b60788e2ffb91052ca815d026d65a3b9bbdca8edf589624d6bdd3070004c142008f47131098d1082b382f06ecfddc358434216a47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b578ae50c968e221eb1675cb8a1b4e9 |
| SHA1 | a13706ba06e00f60ea6b69e6d5f47471b2221269 |
| SHA256 | 7771a7f7e24184a26ed0b04fc93684d9267e2fed5d92a5b19033fd30f5eac594 |
| SHA512 | 37351ebee7c84acd6b6c595dcf45fbcd4e21345a00dc6f730b9305d44a694319c44e0c62d04fbaf37ee3e9de42907cff56661255bb29cb12b626b2b88454782a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a8d5bb821c6c863367035516188f79c |
| SHA1 | f609ef5beb7fd58729f6e0053133f180e045b8c1 |
| SHA256 | 951b190dd87a5c997c1154347a439b22c8f16aaff6f8c33107813d33f6757193 |
| SHA512 | a41e60bcabfed58e27c1420c7a8d95455d04e93a1277835875c4d90290b430d6d46e6ec0df07e7862e9338ea6263ffac05ba3c25f7d5899804815d56f5aacc7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9df253751c0b4272c749a145a7084249 |
| SHA1 | de3eda61325cfe7d54758ff4ea2d386f53c83956 |
| SHA256 | 02eaf217cac8832c8cdf95055835afc4fe3ae0eb377cb340db8cb658f4884dfe |
| SHA512 | 7de9d603a4ecab416ecc9fb0d8edd33f1949b30fabef32094c5ef7aebf670ae7590ed546bdc66dba53b3d4959f0ff286b73d8593ecce1a8f7515b0eec1a91c01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\338861b9-48de-410c-a623-e61ceb3c5bb9.tmp
| MD5 | 46c2ba8dbe7b20ec41a1bc80abdb895e |
| SHA1 | 8d0d79eeb99f3252860c2548209c06426bb84d2b |
| SHA256 | 2ae54308401f100ff59b4cb8e4db99d28c69630778b7789da89a68a10327d084 |
| SHA512 | 0648580903ad6a4d96793e7ad5548e4d7834743e3c0b9f0b8d9bbb743a3ea634b799bba22383fd6f21fce0cccbed2af2d7fd562771194a53e8830261c0460d8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 09843255f2413230ed2c17706c777205 |
| SHA1 | 02b65db643fc2fe35683d53a6ff4adaaeca69ad0 |
| SHA256 | a674efd70fde651e2b8a6bdcb1d31e08e4bb08cd229c37a8b289b0d8dea2e4e9 |
| SHA512 | 541c4ff9e5de0caec8c285f248d00e34ece7dfa6a7d4845e81eca5d2b7413829cbca150be9ec50af92246bf977e4b1dac8dd2a03c27cf9a94ba7720aa10e98bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 4b4947c20d0989be322a003596b94bdc |
| SHA1 | f24db7a83eb52ecbd99c35c2af513e85a5a06dda |
| SHA256 | 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180 |
| SHA512 | 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 8d1ef1b5e990728dc58e4540990abb3c |
| SHA1 | 79528be717f3be27ac2ff928512f21044273de31 |
| SHA256 | 3bdb20d0034f62ebaa1b4f32de53ea7b5fd1a631923439ab0a24a31bccde86d9 |
| SHA512 | cd425e0469fdba5e508d08100c2e533ef095eeacf068f16b508b3467684a784755b1944b55eb054bbd21201ba4ce6247f459cc414029c7b0eb44bdb58c33ff14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 1deeafca9849f28c153a97f5070355d6 |
| SHA1 | 03b46b765150a2f308353bcb9838cbdd4e28f893 |
| SHA256 | b1639f4ce0285c41f4bd666f3fae4767094e3042b0379646b5ccfe04ef01ec19 |
| SHA512 | 52122b7e3ca9b58eab42fc652c24b4b8c17c43970f88860372d8377c49c540c31ddc81b519f4d59d34e199571758f82ab2fea0737ac1f847b3d4dd75d7acac19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6f8fb641d0c318a001deb7cb318c04bf |
| SHA1 | 414e1233cbf4aaf32b9fb635617a98e8ac1cb710 |
| SHA256 | 67e288c278d79e39914cb3f293ec17b1aa7b291a729647d65e443e944e9ef9b8 |
| SHA512 | 347af82aec8e701541023f8e4651939a192cf4d603a04801a99ac426e57381fd9a5c3cc66ab914493a8bfdfbaed10050c13da39cec4fab6cd6e03ff4fd87adf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c18e47992ea8d64b7b591602d9b2ad49 |
| SHA1 | 88bf61db6bbfec9946f61d677ed8068d8c5a6cad |
| SHA256 | 8c1cba4627a20632ea3a2292786f9b8c06c43a19fb0917622f5d51ebd04b5f9f |
| SHA512 | 039b217cd3a1eea2cfc66d02425c7f6c6d324a80fab37e4c33413f9e8fcf7fa06f7951a03c22a1e718b4d50c88117c1cd7d1785b1561ecfc82d3c9347fa600bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d93a15492dadb9d957a22fe835fc6a8d |
| SHA1 | e3c8725cac5850de98bead8a9e4d9840fbf101af |
| SHA256 | 5a9d8ef6627e4c0eab3da597471a7db717eac3f67cf4d19aa49f5186de31be0f |
| SHA512 | 3fda198e11bf035b1b9cb45ddfbdaa79e116e72f552fbe3bfa498f5e5f1bb7f80b0e61befb7140f7ef4a4f6d35236b200deefecef77c1188de988af244700054 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ca912321d192483e2914d978c9330c10 |
| SHA1 | ddade4a824061887ae4d86cff3c3692336a49144 |
| SHA256 | dc384c5bfb5bd262c472a4a634f770207f8af2373875fdad4c90211ddd3b2396 |
| SHA512 | 09cd9a19c598afdc8b734dc8362fdfb4989ad2903ef8cb66a67ca1f0887f83f92e0125ee47e897cb73f01f2465002607e5931599476387b84fdbf920313185a6 |
C:\Users\Admin\Downloads\8lderxdvhq.rar.crdownload
| MD5 | e8333c100d5d6a164e83586f06bb80a2 |
| SHA1 | fa26e0776d505484e18750027325961eb1dcc756 |
| SHA256 | 01d1591122bacd0885e2ea687b44ce3839f38cc2a05d40c04b17ec1f86510a0e |
| SHA512 | 9cd60a441a2bacb5516a1065284c93f51f20028e6da28f91398da04e2c97c969e9cd2cb949494836c2f9ce5537246328cc154c886c04b8e1346100b9ddd0fffe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e06eeb003c92fc72cc3d95edae03053a |
| SHA1 | 7f8ec16d9026289680c66477fee68252e3d9f7b0 |
| SHA256 | d60142b84c53b254d759b54b47d94dd723bdc992181a3ddeba33764502c5394e |
| SHA512 | 6815e85722cd206012018c1fd02d72c28556f70bc799feb5c615c7cb18a1d88c342f3ae6d4a025f5a6653adcd4fe8feb356fed54e3eb40a573e2a303aab4a003 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5925ed.TMP
| MD5 | 96d6da122ad931d0345d60e382b1bade |
| SHA1 | 0695729e406595599b7dc54a735853ca7a3f3071 |
| SHA256 | c2fe1f6836672bc62e1c0379e4e270aa1c3ff143370bc9385ff6e7f3e418a8bd |
| SHA512 | 7e129fcaf0b61569efeffb7dd979557fdb1272980509f0e66b144d94c6eecabd3abdd9f5fe5c8ead6d99f392da40fe54e1ea381995ce75d5ccffc9aac2b2a0df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61d6e3c3ab6fb2a2abdadd5c371ce7a0 |
| SHA1 | cfc6950e83ededa5c5e3623ff6a3692b595d34ef |
| SHA256 | 1c66f26a6afeef97cca1384de6015e101a25b38adda195f6afc9252a09a4a5e3 |
| SHA512 | a0928f0d3455625c48991c6864299afe10eddc55e01c682c9ce2cc2ada9225308b0326933d55687c87d55a24c2be443e4fc4f041ffb7c8ebdbcc26298a0dd487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9227e1822640d14323df112ac9fdcec |
| SHA1 | b4f7e3e01e9033e07e617ca680727cc0806cfcdc |
| SHA256 | d1cd0ac71d1eb1dc491fee966e9ddf9a488725382c91230c9ad7ebb382ec8984 |
| SHA512 | 7d0f87ad1e673ca0550d43744bc4407b6b500d6e619b4255109b1877567aefcaa0ea85dfe1c4e6617f60838b6592dc2a948a2717355dfe08ee9387dec9e2c01d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 671c4e40bc0d74fb31456a7f142cae7a |
| SHA1 | 6ff42beb96f349e3b4c6bc3b35a2bd9421ce727d |
| SHA256 | 0852b45a53de7313e000bb9b1b747003687b5030b77a18cffb1fa5f766da428d |
| SHA512 | 0e5bd2e504e024f831ac53973bec974217f579504515d3ecbb01036e00228608655ab90b36fc4764e091b666b3a27c4e65775df51fb3c3f4a2717b316af9ff15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5a2fca2a97b5f9aacd1c1c89ec66daae |
| SHA1 | f62cd64165a5bfe9884d739af984a374ecf3d1e1 |
| SHA256 | f961c7a4b5a5dcd1af74b146d619163ec5475d31f0b48f8ac5ab0894594caeb0 |
| SHA512 | a1b3a771118048b710282b3eb88c2d89d8d452145464340b730cf05025303f44e83147116201cc7de67e1c9acf3dbfbe9ba93d957f216307955e714233874a46 |
C:\Users\Admin\AppData\Local\Temp\7zO865243F9\LaunchBFH.exe
| MD5 | d3c1c1a07fc43292e7e29e57c752d4c5 |
| SHA1 | 378c2bf9ece8f5db60f56fda569d24c413d64b55 |
| SHA256 | 80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684 |
| SHA512 | d16e8e1da988314de0a130d67fe9f8eacd4c49084ed8e122ad11b2a8e0401fc1e1d1bd48f1cacd9742a447719390d93b5c1d32ef366502553a162740f3978adb |
memory/4200-772-0x0000000004970000-0x00000000049B9000-memory.dmp
memory/4200-773-0x0000000004810000-0x0000000004850000-memory.dmp
memory/4200-774-0x0000000004810000-0x0000000004850000-memory.dmp
memory/4200-775-0x0000000004810000-0x0000000004850000-memory.dmp
memory/4200-776-0x0000000004810000-0x0000000004850000-memory.dmp
memory/4200-777-0x0000000004810000-0x0000000004850000-memory.dmp
memory/4200-778-0x0000000004810000-0x0000000004850000-memory.dmp
memory/3064-793-0x0000000004A30000-0x0000000004A79000-memory.dmp
memory/3064-794-0x00000000048D0000-0x00000000048D1000-memory.dmp
memory/3064-795-0x00000000048D0000-0x00000000048D1000-memory.dmp
memory/3064-796-0x00000000048D0000-0x0000000004910000-memory.dmp
memory/3064-797-0x00000000048D0000-0x0000000004910000-memory.dmp
memory/3064-798-0x00000000048D0000-0x0000000004910000-memory.dmp
memory/3064-799-0x0000000004A30000-0x0000000004A79000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9e64d455bfeec747bf53d23fdfc2474d |
| SHA1 | b63d4e3325c6e91b9137b372db0ddf2db3eac3b2 |
| SHA256 | 1fab19f023b57aa75a5efbe5b6c2b9aae83a925ef615f870d11893a0a09f5434 |
| SHA512 | 6c47e0868d8dd94b2dc7870f9132a7a12fc521099d937fc86b8bd9c090faf887f813423adfb9bd83d5cca85a399139160ded55fbb8178d1f94259d5e6e4c7b52 |
C:\Users\Admin\Downloads\8lderxdvhq\LauncherBFH.rar
| MD5 | 1c32d28672f5570a6c1336811d3461bb |
| SHA1 | 25ac7448a6c7ce8dc6749e2e835de3421199e68a |
| SHA256 | a7d6b726603709237e4903bc4846fb8eebc7cce5a24e3c4b86ce99677f4896fb |
| SHA512 | 246d5b870d57964c520d041c0e8eff4ec5a49de8569bc80a3ad575fa6518b6f50acfa5c2dca15bc147b0a2209dfaf0c8630630a3583d876f06aeb8754bfef919 |
memory/5028-882-0x0000000000220000-0x0000000000269000-memory.dmp
memory/5028-883-0x0000000004880000-0x00000000048C0000-memory.dmp
memory/5028-884-0x0000000004880000-0x00000000048C0000-memory.dmp
memory/5028-886-0x0000000004880000-0x00000000048C0000-memory.dmp
memory/5028-887-0x0000000004880000-0x00000000048C0000-memory.dmp
memory/5028-885-0x0000000004880000-0x00000000048C0000-memory.dmp
memory/3532-894-0x0000000004AE0000-0x0000000004B20000-memory.dmp
memory/3532-893-0x0000000004C30000-0x0000000004C79000-memory.dmp
memory/3532-895-0x0000000004AE0000-0x0000000004B20000-memory.dmp
memory/3532-896-0x0000000004AE0000-0x0000000004B20000-memory.dmp
memory/3532-897-0x0000000004AE0000-0x0000000004B20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8455dcb5abc348726f66fd24371fc30d |
| SHA1 | e1284701e7ab158b048042015175d9ed263fa646 |
| SHA256 | 32f47f53585ea1506d336a8c5506eeff9621154775bd4e4509dbc5088a0aef38 |
| SHA512 | 8ff12be944ce0c1249edb413720e3f2547fe63dcc5344194a939679399205ef04c2ea4796681730bf145f3ee1b9adf3e5724fcc8a034b8250643cf962a21ce88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d21c07456988d863e4d498d0cff81316 |
| SHA1 | e85cad5b7a7fce0ffa078fea30e6c7c2f71f2858 |
| SHA256 | 746c6c895af155c5b1b12af32606f188205b2fc19a02eecb4f175d0e64b84284 |
| SHA512 | b9da47dde886e131dd31db576a81f72966f2b2e57eeecafa69c98dfd9c0534d62d960462113871c6ad2fee819ad6e45a83253692abdf1341c9cd27f083eaa394 |
memory/1600-937-0x0000000000220000-0x0000000000269000-memory.dmp
memory/1600-938-0x0000000004F00000-0x0000000004F01000-memory.dmp
memory/1600-939-0x0000000004F00000-0x0000000004F40000-memory.dmp
memory/1600-940-0x0000000004F00000-0x0000000004F40000-memory.dmp
memory/1600-941-0x0000000004F00000-0x0000000004F40000-memory.dmp
memory/1600-942-0x0000000000220000-0x0000000000269000-memory.dmp
memory/3204-946-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-945-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-947-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-951-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-952-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-953-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-954-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-955-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-956-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
memory/3204-957-0x00000226CD7F0000-0x00000226CD7F1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | b16d057a887f903cf48aafcc00b26b19 |
| SHA1 | a73578aeddf4bfdca89bc2116eeb9c7b0d895093 |
| SHA256 | 9a1776225f72c1146c77ab4f66fdc2512a93bbd65b755af26760d2ac816c39fa |
| SHA512 | 220dfde0a263aef20740cae519eec4b2c82bedeb0f466311f9222879a11d3eb043b363bd0e98613c5130b628e84864ad3f7c66ca77e047efb436b05d13290074 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f1a160405d5da012021c31277b7c64e3 |
| SHA1 | 49a67f0f3f2254ec0e05a8eefe01057d54717f17 |
| SHA256 | 7f436abc389e63b7cd08910a7f13f367cb932ac39a57b1fb90c101efe292f52d |
| SHA512 | e5ac25618d90b6254f72b13d48a275cde58689a1476f038e915edf3fb0bd0842c13dd05620693f033b50fe0e68e766270d90e7156515e7cf20809d4cdbd0211f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | adcd80893a78d28744039b8dd100e3c0 |
| SHA1 | 2d66c4e0c3f676e91a958e45847c8720156403a7 |
| SHA256 | c36b35c8bb7f40ee2b9a60e950fc4758226f66551fabbb8a1b14f3a8156f886b |
| SHA512 | 5db739389b613d029b937f80cc8a6c78d3a7e631a09989a7b449bf7b6fda6068de5d62676b2c73ffb9f28ca11612435f0399b8608d05e594316f1b64d13ce506 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f1fe8195c3d10de8189d2da9c18e77f8 |
| SHA1 | 6454c13634629862ee8a9943a83ee8cc34b7b2ff |
| SHA256 | 4a67b88aecdb4013c1b0cc1b1e58f5dbac1ffe5b088becc314ac5f1bad9c8c8f |
| SHA512 | ec488af798ca8f4a092d15478e8197905eba2b76b0b988abc3abea60f50e8e9ccf8ae59e1abdb9786296b2c3269b3d11daf9c91bd66b4e0c6a223e21774fb8fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2becbe3e95afed74587546403724f0f5 |
| SHA1 | 7dafc237f3ab215b305f98d6c797580127e2d670 |
| SHA256 | 01e398c316838e44495c4feb0020fc9e542f88e5142a00d10f83babc30e2ed27 |
| SHA512 | 342e18299cc5f111cddcb34ca1fadc9e0a88d877e949dae3d833631c7d463e46edf7ddb228228907540f4ac3b7c3305980d6c508f4fbf154e7d671923f3aca48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 573b570be65aa53968e0751d8f261ce0 |
| SHA1 | 316655a07dbc71c05fda52386286ab505d401c19 |
| SHA256 | 82bfaf8a6f54210c02717164e5bd696accc5bca02108f0562fc237e9f545ac1e |
| SHA512 | 43ca46b73421ba11546aea150995a90f1b8359d3e408c15dfe9e716d8e3a9ec22f5e8a743bfa701359a315c386345e0dc8c84662136a43db25384de8d27546c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 89ac907a187f5ae65c03ba506c64c266 |
| SHA1 | 3fac18b84cd85d2637fd751fb905f6df10947130 |
| SHA256 | bb33c3139bd55beb34ea11e8a584c7f42268871a3b776739f8d74818e450eb60 |
| SHA512 | 8ade018167b40ae074d957124825e5a22ef461cd6b4930dfb0557c02ff07156e9cb71eb8e9edc0ffb926d04e96909caac83c22c8173894992ab3ec03c0f0e513 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | 3151d288db2ebf2cdeceadbf9802592f |
| SHA1 | d116b1588f36b90dbc30adc9f23923cca3f2f9df |
| SHA256 | 41d97fff19c888e615cc7016e72e4870efb5de6dc72a654ff9b174c9a61459ca |
| SHA512 | 2b579ebc1a9c2dbbc159edd389218dd4673100ec19918c9187778e4ec7b4797847c0745c886721d442032188a846e7cef3e3011754f8db22365f22df94c5b88a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
| MD5 | 53492e437f5932702629915c888ad2dc |
| SHA1 | 4422593387e34c5019ecc47728d16f809b6e00f0 |
| SHA256 | 6a1ad666b1c449afd93bf369fed2534a3372abdf13f7c6f5a4a3830afaccbfca |
| SHA512 | 9dbd4ccd6efdad105fb4136f3c3956aa406bd9a340f640229e68208cd210e6c72c2e00ddbbf8a213a76707b8c3144a2b0a1c3e7e232915bd87dfdc2cf06823bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5d2e838f29320b81a421e0d972c827b3 |
| SHA1 | 1841380673e783cdf617724159026257db51c865 |
| SHA256 | 89411113391bb93c9efdde408b19af00400239db76cb52b9fadaa1d5d3f8587c |
| SHA512 | 1c34ccb9326fe752d9fb4e9c1dd38985e53cccc9785859ecf891ca54b63d7f6591e3879403291be09ada9d7131a41de976e49ea5af3bbf600f67f2e73ada4908 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ba6f0396a8d6f34a1db44ec85f38d62 |
| SHA1 | 34d44678233a950bd297fbfcd5cf2af9d39d1dc6 |
| SHA256 | 52b2f7349f924767fdc8ecaacf9d6434906ecc063941207a3126a3e2936dd062 |
| SHA512 | 73ebc6e17d4c6e920a53fe46fb57b63f0b819909dc9b8a8935ab9ff43b2758553130c3cc16f011eed91520b64cdd45c809cba31d71b396f482c413e661fb224e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c1b1be8f2c542b70aedeb473fa808d16 |
| SHA1 | e9a1445ed166b76893e058a7e6f6d4d61560cb0d |
| SHA256 | 678f229792976eb8af3f09ab0820ff59c58ca33e5c6af8bdfa6ac1034851d837 |
| SHA512 | 54266176281ed21d2406393823a5537db934e71d393b40cf61177db4226e2a2ff278edaa420d5044816e7fe3407f6c88fb49aff668cb883cf5a496417c3b2518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 51bbb2dc9cacca18f2f48e5c15734251 |
| SHA1 | 79ac613e13e665a8e484851a41e2aee925ee7f86 |
| SHA256 | 92b7c37f19cdc69061753bd42bef9a64c186138040fc045476a1a04d90e037d1 |
| SHA512 | d7267215f653c95c380c74384c25030cdeb53d56980b5bcd21bd8f0f3b9929d6f90a5460419554e5e360cbc78f3e738cb3e272a1c018318ab05beea9199e8ea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0a62ef3d2aacd04204120d760a00dd3e |
| SHA1 | 23aba28b75416b1522b34c266c9ef66a7acbe947 |
| SHA256 | 17c62028497bb5b56e3e7f561a849f4b4395aca93fb6f129b3f3741d7087284d |
| SHA512 | 64228d56d085660ef80b85a618210e44a02210e2c18e7c07e653285fa5b7514a185a54d8ff2037c7c6ad7240ece4c904192ebcb21793cbd8fd552ec4ae625073 |