Analysis Overview
SHA256
2b6810e2a8d1cf3cabb13fefea116a453d6701e11452a1327f80c14ef67c3ea5
Threat Level: Known bad
The file . was found to be: Known bad.
Malicious Activity Summary
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Downloads MZ/PE file
.NET Reactor proctector
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-27 01:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-27 01:22
Reported
2024-03-27 01:32
Platform
win10v2004-20240226-en
Max time kernel
569s
Max time network
566s
Command Line
Signatures
Rhadamanthys
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 868 created 2236 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
| PID 2828 created 2236 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4476 set thread context of 4968 | N/A | C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 4832 set thread context of 4320 | N/A | C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 2936 set thread context of 4992 | N/A | C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 4272 set thread context of 868 | N/A | C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe | C:\Windows\SysWOW64\cmd.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Spectra\System.Security.Permissions.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.ComponentModel.Primitives.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Resources.Reader.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\zh-Hant\WindowsFormsIntegration.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.HttpListener.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\vcruntime140_cor3.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\cs\Microsoft.VisualBasic.Forms.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\pl\System.Windows.Controls.Ribbon.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Threading.Channels.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\UIAutomationClientSideProviders.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\UIAutomationTypes.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\Microsoft.VisualBasic.Core.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Design.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\tr\System.Xaml.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ja\System.Windows.Controls.Ribbon.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\pl\WindowsBase.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ru\System.Windows.Forms.Design.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\D3DCompiler_47_cor3.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.NetworkInformation.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Web.HttpUtility.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\cs\System.Windows.Forms.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ja\UIAutomationProvider.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Diagnostics.TraceSource.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Security.Principal.Windows.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Threading.Tasks.Extensions.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.ServicePoint.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ja\System.Windows.Forms.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Diagnostics.EventLog.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Dynamic.Runtime.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.Mail.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ja\System.Xaml.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Drawing.Primitives.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.Sockets.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Security.Cryptography.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Windows.Extensions.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\pt-BR\UIAutomationTypes.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Diagnostics.Tools.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\zh-Hant\System.Windows.Input.Manipulations.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ru\Microsoft.VisualBasic.Forms.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\de\PresentationFramework.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\es\UIAutomationProvider.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\fr\ReachFramework.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ko\WindowsFormsIntegration.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Diagnostics.Debug.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Diagnostics.FileVersionInfo.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Runtime.Intrinsics.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Runtime.Numerics.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\ru\PresentationFramework.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\zh-Hant\UIAutomationClient.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Data.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.IO.UnmanagedMemoryStream.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.IO.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\createdump.exe | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\cs\System.Xaml.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Reflection.Emit.Lightweight.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Runtime.Serialization.Formatters.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\it\System.Xaml.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\tr\PresentationUI.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Collections.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Console.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.Quic.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\zh-Hans\System.Xaml.resources.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Management.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| File created | C:\Program Files (x86)\Spectra\System.Net.WebSockets.dll | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\explorer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559761781084336" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000f835c9f5bc68da0183da64f7bc68da01776998f8bc68da0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Spectra Setup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Spectra\Spectra.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss2.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Spectra\Spectra.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffe87b79758,0x7ffe87b79768,0x7ffe87b79778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2796 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1016 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2872 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4996 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Users\Admin\Downloads\Spectra Setup.exe
"C:\Users\Admin\Downloads\Spectra Setup.exe"
C:\Program Files (x86)\Spectra\Spectra.exe
"C:\Program Files (x86)\Spectra\Spectra.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss1.exe
"C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss1.exe"
C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe
"C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5640 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss2.exe
"C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss2.exe"
C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe
"C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5896 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6116 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3360 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5528 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5924 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Program Files (x86)\Spectra\Spectra.exe
"C:\Program Files (x86)\Spectra\Spectra.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss1.exe
"C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss1.exe"
C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe
"C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss2.exe
"C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss2.exe"
C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe
"C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spectra.social | udp |
| US | 172.67.210.71:443 | spectra.social | tcp |
| US | 172.67.210.71:443 | spectra.social | tcp |
| US | 172.67.210.71:443 | spectra.social | udp |
| US | 8.8.8.8:53 | 71.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| NL | 162.125.65.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | uc79859b43afe085de06714898c4.dl.dropboxusercontent.com | udp |
| NL | 162.125.65.15:443 | uc79859b43afe085de06714898c4.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 18.65.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.65.125.162.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | showpiecekennelmating.com | udp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 8.8.8.8:53 | 33.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| NL | 89.105.223.142:80 | 89.105.223.142 | tcp |
| US | 8.8.8.8:53 | 142.223.105.89.in-addr.arpa | udp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | tcp |
| GB | 142.250.187.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.35:443 | recaptcha.net | tcp |
| GB | 142.250.200.35:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 16.234.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| NL | 89.105.223.142:80 | 89.105.223.142 | tcp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| DE | 195.201.57.90:443 | ipwho.is | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
| US | 104.21.21.33:443 | showpiecekennelmating.com | tcp |
Files
\??\pipe\crashpad_4856_MWLFPITXUTVIZKAY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 20a477dc79c351593407a4b351e44077 |
| SHA1 | 16d7ed80497d1b162c555f817d6b420c0761851c |
| SHA256 | f95c8b3995c2bc8ec671cd45421c36b50a757fb8b7e28eee797b33b40c19ac50 |
| SHA512 | 2ed3a098746cd65685d016f44d60ae1ffd47e92c4b3eca9dbf966d8002810a87aab6fb50e57c53084f5cc74b56fbdb4a9257ca67b19cd34ea63f6abc2dedb6f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 890c8c4e0a34f0d09bb2e8687ba04f94 |
| SHA1 | cb6a18e473e65e61ab46d03577c15c56c1706dac |
| SHA256 | 5ce36dab53e7dd81c865276ec50cc873aaaeaaf115131b997c80aae820cf212b |
| SHA512 | 2474b01f05f4730fdc040fe708267e864fcee62b386f7e988120ed56f6d5a77a9f91c40fe8b71235ec69c0593936a9a615ba0447b1c9884e4cf197ce83dc0401 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a2e1d7baa3688f72582c4d4f6ea1d01 |
| SHA1 | 3cc21ad308fd81a006b4272c4821ab6407372990 |
| SHA256 | 447a9e3965c6e84b07a0f2fedd85a0370c04a15e825adb9a212a5ca4c9b0fb9b |
| SHA512 | 2d0ac5052c4b1e2c08101bc85ea6d45cd66e46f41fba63257cbab5071110623b59c11c71ed6fb1f08ee6299ee8dc85a719c629c25f06d93e2752f8a2c07525dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2cf20aac3bc737def5cd0a16beec676c |
| SHA1 | 574c121c910c6a9b96d411ec4c851fce1a93d01b |
| SHA256 | 57280371634404898803f543e01509d4b2f45efaca521379a1bfbee667035583 |
| SHA512 | 38c89ddd03d2ed26c16ee41e01684c1cb3b196a06408f278a4b1cd40214d1c030aab2216478a4e281fbc587c162c0eabd36e41ba08037f4ca31ef7394f6b101a |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | edf8cd0f83edb98c217751849541f136 |
| SHA1 | 59c6987c1c47325463178c11e57d43ee14a1500d |
| SHA256 | b2edc828e5503e7a5f810a2f2ab139943eabf597fee11b16e952df52b8f19211 |
| SHA512 | d463db3104f8ef29824047709e4c300c27375457279b252d3934b7ef349a30a122677b7333a4fbb7825693272e5fde56f203d54cb374940a094c197717e4fd0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 94519876f75ceb86b564cc92252b1623 |
| SHA1 | 5563b80e0ea27577ad6328cff64cd303fc2aa098 |
| SHA256 | 6c670ebbd7af0857c8a3ebe30a3f91736ca8f25154ac754c0e2d11517a0ae6f3 |
| SHA512 | 6a6921164eea6c0ed81cc06d057afe81e3f01e65952769ef1333ceabee0655d44c667e9c0bce958d2d742afefed94509c545f7952400c6ae646322f857977c25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 36356ebb31e4396bbcf370f5023e3d29 |
| SHA1 | 5f54ceb31e8ae717bc2a651437921ac45a254ba4 |
| SHA256 | 3a003813979de52b89bf8f29628f0ffaf901991e80a6048dea0d21c10c86f4d5 |
| SHA512 | 68eb3b86d4762850b1a03ae7ca1fc9a62f6f7a077007f6a4f0e7d59c2efce5173482f628c143727a5034075afa75a03be8edd23394f219df3dc809fe479a1b82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7d489c0b39da2a2ba8d2d6b5cea6dac |
| SHA1 | a628c2440f3f1091cad06171d84580419cdcb754 |
| SHA256 | 299c104e482d239250ca73f4f924bd8dd18e00b8396f1438b509e4b552562f2c |
| SHA512 | 3e3979a92c1833229e93154f84e6066801433b7a58e497b79b07e50439a95afedae2bf4e56ff6b7c7a33a00cc44950962045e0097477339c365cf4d4e2ec2f6c |
C:\Users\Admin\Downloads\Spectra Setup.exe
| MD5 | fc70d38f98f81a7bf4f246094867c532 |
| SHA1 | e80c8d55b28a7444a8b054d61a6807bcd8f5aec0 |
| SHA256 | 0504e906a3602a2776bbbd5f8047d8323ec653ba265bbbf49f89475647aae92f |
| SHA512 | eb559a1d11263423fdca7d66a50a03d9bda5409dce3feea120bef67dc523ba09a193f9d0d4e9dc479a6047d953022bd915fab2759ff93c3cb1ce6d9273128ced |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d57d5352c065c28678c82602553f183 |
| SHA1 | 0db6ce093adc4cfcfcdd48444bca763bfe44f29f |
| SHA256 | 5f4b70fbe8e4de211f0cce7e61fec7123fd9983b9c423f9e0be0df9ee6a1e6c5 |
| SHA512 | fd0d9c9d6a29b9a48b3fa77c12ca85551fcea81de9648b5af3007ec159468e8f2560be1b14106cbfe5723eeeb14f55200969d91d723725e7af4f98b95f8955d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c3e8342c535b1484208e3a9e1a2d992f |
| SHA1 | 408728227fcc7bca2059f27123dfa42c11ec3941 |
| SHA256 | 9b5ce9e5edb2d8879776eaec635900b320fc288f79825d4933bdfa13f8675ee9 |
| SHA512 | 56f4ba7e0807dce1e2d10949a80c66bec6af7193255d329068915ed5e17c0bd9239a190637a56f189bbba5fc698e6383fd79e4ffc259885f31c7ee2494f4aabc |
C:\Users\Admin\Downloads\Spectra Setup.exe
| MD5 | 519c4cf14d51f3982df0b8d2dd32f9e7 |
| SHA1 | 569e54ef469ceb63f6833940f075a854378a4031 |
| SHA256 | 440a0ec8de07c625b8d1c90cb033dfcec8ec8692ad8bee86b9f029b34e4e8402 |
| SHA512 | a29676c32d0378574e30f827a30785b5e3e60b517bfbc89758720104eee91616bdd8389a12bb0bdd764e59fd6b57f4c952d3ae25cce5461ba0928d4c64348eb4 |
C:\Users\Admin\Downloads\Spectra Setup.exe
| MD5 | 69f471519c8a62b9cc5101562f00620c |
| SHA1 | 9dde0443abbe994fe8330664ae05705f843a1770 |
| SHA256 | 24592f2b86978748b4e355cf3b99423147550e5dd3e0fb45c1a7d39b24b210b3 |
| SHA512 | a6cd0eca0849dfcf0102ae332fc1b1e2740a58c2d613595a6ebcb059da0355a3ce2f722b87a5bb178ecca5e04004163fd47f45c45b13894c98c8a8d096d74de4 |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\LangDLL.dll
| MD5 | 50016010fb0d8db2bc4cd258ceb43be5 |
| SHA1 | 44ba95ee12e69da72478cf358c93533a9c7a01dc |
| SHA256 | 32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e |
| SHA512 | ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c805fbb7165c16cfcceccd93adc3a5b2 |
| SHA1 | 5e00f29dbd0e9da86b7b843e50542e153ec41b36 |
| SHA256 | 51866916766c4b644a1bc2eed0852365566cf2c43664dfcc4e2de939a2f2229d |
| SHA512 | 65e9f068e4987c675109e0704fc4b072a8b809a36ad518f771ab7864d5336b66493285e41ca2c4c2491bc545bcaab02ec45a2b16acad003ea20c18d8606c9673 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c225ef0c3bd966f6bdc07ed190fb1303 |
| SHA1 | b33406a3fdb1d108267f33460ac85c99ca062099 |
| SHA256 | 175dd830660c307fb22164aed26a5ed6be8b59797a5879d825914a0edd808c6b |
| SHA512 | fa217aabff7e6f00fbbee3ad9bdd6459b694d99d34b5464d0e82fb410c761909b8d09d79ca2c18d33eea3d27679c6eaafadba1c13096799bd7d9f1faa948a428 |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\InstallOptions.dll
| MD5 | d095b082b7c5ba4665d40d9c5042af6d |
| SHA1 | 2220277304af105ca6c56219f56f04e894b28d27 |
| SHA256 | b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c |
| SHA512 | 61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9 |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini
| MD5 | cd08d291cf5299ea66dae57443369437 |
| SHA1 | 3ba2ace375b44b43c6bc99fc1b1a240d29ebe9d6 |
| SHA256 | 32084353906e009631138443bbdfcfafe969b2c295fd7cb2fd7684073ad37fa9 |
| SHA512 | ddbb3e1abdc7292199c96238b48300e745b99d406e3f86f9c656d87f17fda96ef1d8e997a658a70ba65d13243cb9dc8dad2bbb71c85d8d8fa4dfdc626664070d |
C:\Program Files (x86)\Spectra\Spectra.exe
| MD5 | fe679c33a1a35b4d79a14b75a06da59d |
| SHA1 | b53ce38b720ffda213df09e5dcdf287009b8f0e1 |
| SHA256 | 012d34f11ff4d603d5eae49b676d88eba49553deaeb9542df3fe8fe1a20f6d69 |
| SHA512 | 2f4fabd17c6b6ef7542ff5bc79d726400e96ca3aef878ff5dc65ccd6ae8058f703084fa5969931a985fb8e0acedf19b37473967fc7f79130931147e9a09b4396 |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini
| MD5 | 670e141de5ce1c4ae33b95d746a66677 |
| SHA1 | ec5b5cd547bf3cb5dbaf59226923e80a89331c18 |
| SHA256 | a03276a7c12bb6ae0663c75c4c3e3431978984b93365780ff2b59633d1f8f04d |
| SHA512 | 112cd9d6c21e21d87b0be89f6591282a2f1510feb515eb114223355ff1ac401c27e39fba1aae598560c25abefaf43559f60c7a9ee3a1416671663c13921087d1 |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini
| MD5 | 4b2052a65d9c1f481ed8a02f94b9b02a |
| SHA1 | 6e93fee6c3f4802b68ce715f3ef45d6f5d4d5b58 |
| SHA256 | 24501d77233739d14d4a19fe2415ba66dc83a2d23eac87909168b0684f8ade2d |
| SHA512 | df1efd2bdd91803f859e4bb08a5a10b9fae838dca4f8b19815727b1236d06cecd07b4d1d0a06900e45a126cda7bc4842ef4d655094345bdb900bf3543de3b1b4 |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\System.dll
| MD5 | 4add245d4ba34b04f213409bfe504c07 |
| SHA1 | ef756d6581d70e87d58cc4982e3f4d18e0ea5b09 |
| SHA256 | 9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706 |
| SHA512 | 1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d |
C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini
| MD5 | c8c46d4f09d55a507ea61c92e1ffaf5f |
| SHA1 | 2131ae1950cebe7345de4b2c3d8fa0bef6f6225b |
| SHA256 | 5a1b91a972de754af4ea8b1ff2f9347e636db5d431e7256173101b21d883ed92 |
| SHA512 | f78cb974177be34a65a417d8514a6beb8beb0195e481895cf9196a141690bf7d175b4f96e4650574d453e83bd586544abf6897e059f03fe89913cde93d628b80 |
C:\Program Files (x86)\Spectra\coreclr.dll
| MD5 | 239f306a97f05e4391c42c66efb427f2 |
| SHA1 | b5e93f4a945c7c10b8554ea7257011922495e6ba |
| SHA256 | 449aa70f10b26cc6f04b573079969e35042149d808db36f0488c9bb8c4128fea |
| SHA512 | 12c9ee11801f2f44b16dde70119397cbd50f71c3cf288d5ae6a8bc4558727fc370a455940a470869e8fdac57eb8bf67be6536f1cb23cd65c296a0f67bf7f17a1 |
C:\Program Files (x86)\Spectra\hostpolicy.dll
| MD5 | a7e9ed205cf16318d90734d184f220d0 |
| SHA1 | 10de2d33e05728e409e254441e864590b77e9637 |
| SHA256 | 02c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62 |
| SHA512 | 3ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052 |
C:\Program Files (x86)\Spectra\System.Runtime.dll
| MD5 | 53501b2f33c210123a1a08a977d16b25 |
| SHA1 | 354e358d7cf2a655e80c4e4a645733c3db0e7e4d |
| SHA256 | 1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100 |
| SHA512 | 9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796 |
C:\Program Files (x86)\Spectra\Spectra.dll
| MD5 | 3abf08e33ffee29ba7ac01803d985873 |
| SHA1 | f82ef4bb44501f6223b764d9acb06b6642d160a6 |
| SHA256 | 878d0027c5a5919dd968d07cc3c74bf98c8ce64523adf384e3a4fe417c1c2f23 |
| SHA512 | 50b43135471a2455aa48bb355dbffb97958faea96ffe2bb15d678f9e46eef15522291649e1f52eabf7e0eccd8d4a75708aa6f907d6f820a805a4d726a8ca15fa |
C:\Program Files (x86)\Spectra\clrjit.dll
| MD5 | 8b81a3f0521b10e9de59507fe8efd685 |
| SHA1 | 0516ff331e09fbd88817d265ff9dd0b647f31acb |
| SHA256 | 0759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb |
| SHA512 | ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176 |
C:\Program Files (x86)\Spectra\System.Private.CoreLib.dll
| MD5 | 750d9c5d8421bb9ca733b27c26f91e72 |
| SHA1 | 9e920e54e9a662235a12a91db270b5235ef634d2 |
| SHA256 | 6741a132e84e51b5cae785eb5c20388891b5fb3ca046e9e3868a168a5da4275c |
| SHA512 | d6fee5bca6a5e07785e57441746d42e7d2a763c650ff93a221f4814e6cb4d3e997a8098eb29b084846055118fd79780933c2624207f4f07ec5523ffb647924bd |
C:\Program Files (x86)\Spectra\System.Private.CoreLib.dll
| MD5 | 16474dfa5b6dec70bdcaddedc9509eaa |
| SHA1 | f1319bd7a6de93389c7548cdb109da1af9be91e8 |
| SHA256 | 467aa7b4bcef5983b36fe7e146ea558f228f3bc8f4059ac038689d01902a0cb7 |
| SHA512 | ee7b67b4653ff211e49af8589c40f7e2b05694fa7b6e683381e739a0625e47c327133d9628e9c7366164fdc33e1ee9ba7fc82b5bb5343712afe70f85faf4942b |
C:\Program Files (x86)\Spectra\coreclr.dll
| MD5 | d2087a10badcac44bfd20698e7435376 |
| SHA1 | eeb0c90ab039321553732528ca262b6d0554ebf1 |
| SHA256 | c326644c07f35323d1ff2eeb95cd1b19deeee14076e1ff9d874dc8eefaf5d8d6 |
| SHA512 | 2e3e52545ca1a1e5712d9b779f8e5a00429c8fd61f6c72cacefdd7bccf848791fe8f300e12a4f53398b59c2b6baa00d7450b81e9edede04100cc04b9dfb45c8c |
C:\Program Files (x86)\Spectra\hostfxr.dll
| MD5 | 16532d13721ba4eac3ca60c29eefb16d |
| SHA1 | f058d96f8e93b5291c07afdc1d891a8cc3edc9a0 |
| SHA256 | 5aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303 |
| SHA512 | 9da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100 |
C:\Program Files (x86)\Spectra\System.Collections.Concurrent.dll
| MD5 | 38d21e067d7673194a84cced59066ac8 |
| SHA1 | e64362176f714b23603f3a67f1e741f12e35a832 |
| SHA256 | 483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47 |
| SHA512 | 3fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf |
C:\Program Files (x86)\Spectra\System.IO.FileSystem.dll
| MD5 | 35e27f4c681085a4b096826ee8ea4f53 |
| SHA1 | cf3ea4304e5558c8fdd4422e4d72509cd91ea719 |
| SHA256 | 7bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad |
| SHA512 | 1f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9 |
C:\Program Files (x86)\Spectra\System.Runtime.InteropServices.dll
| MD5 | 49c86e36b713e2b7daeb7547cede45fb |
| SHA1 | 75fe38864362226d2cce32b2c25432b1fd18ba37 |
| SHA256 | 756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d |
| SHA512 | a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9 |
C:\Program Files (x86)\Spectra\System.Memory.dll
| MD5 | 7e999da530c21a292cec8a642127b8c8 |
| SHA1 | 6585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f |
| SHA256 | 3af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4 |
| SHA512 | a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451 |
C:\Program Files (x86)\Spectra\System.Private.Xml.Linq.dll
| MD5 | 60ed8b2bffc748d6a2a1fed8fa923368 |
| SHA1 | be411429b9a649a495124558c5e5d95a83525d58 |
| SHA256 | 0b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90 |
| SHA512 | b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8 |
C:\Program Files (x86)\Spectra\System.Threading.Thread.dll
| MD5 | 72d839e793c4f3200d4c5a6d4aa28d20 |
| SHA1 | fbc25dd97b031a6faddd7e33bc500719e8eead19 |
| SHA256 | 84c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd |
| SHA512 | a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d |
C:\Program Files (x86)\Spectra\System.Windows.Forms.dll
| MD5 | 134e6cb0d7bbbe215814be8d7b46afda |
| SHA1 | b6d6fc64a99934a4681b3c355669a66124743591 |
| SHA256 | 9a97f33bc1920c67b9bcd034929d34810d3abf972b5b6a739084de2fc581445d |
| SHA512 | 2186edd1ebeae528e6a892744e5138b34764ce9563d3a97091e1f673327f5c4e07264f76452f257382339f6c018786d972d438608f81a90dc9882d6c80975966 |
C:\Program Files (x86)\Spectra\System.Windows.Forms.dll
| MD5 | 3925b7c542d64ef8326f2de91503f7b9 |
| SHA1 | ebde7978e2a150ed3f72cb73af1f95f11b98cf76 |
| SHA256 | 5cd94fd20133c0f6e038607c538c1be8d798ffbc3ef21aa6353fa1c0f1272026 |
| SHA512 | 10531a1211fdf129d40b95f2a2f612b51feb22d80ae2fea6b6f47c7b71bd5f46b36213da35cd1a91668a0fbc46b18ef2c7502603da0aebbfb841d40e5eff5d08 |
C:\Program Files (x86)\Spectra\System.Windows.Forms.dll
| MD5 | ea4148061230f87461662a8f894f13f5 |
| SHA1 | 3d9a9d7a4bbb4c2f3496dd38b06ee735107c2911 |
| SHA256 | d9e0e2d8d6fc8471564653f31cfdac647e1ef0a37e206dd27a025777887d5647 |
| SHA512 | fb91181c94622119cdaec937e58296ea7ff0c9851ed10f5acba6c5cab30300630760c57167f14c1b49c7de6d6e7a28c08f601ae087d8c091d4eae054f23771eb |
C:\Program Files (x86)\Spectra\System.Threading.dll
| MD5 | 32aa6e809d0ddb57806c6c23b584440e |
| SHA1 | 6bd651b9456f88a28f7054af475031afe52b7b64 |
| SHA256 | e8d1f5c422ee0ba3b235b22028ab92dc77c1ff9774edc0b940cad7224a30ba7d |
| SHA512 | fe43b3d6ed5c37d59a44636d3c7522a88d83e6ec074bf69d3cbb6e5454fdd8f0523ea10fdf6fd452cbd0e2fc159cf9d03dfad6b30e80e400e7f1773b5a2e8632 |
C:\Program Files (x86)\Spectra\System.Private.Xml.dll
| MD5 | f278aca611ae35c6a181caacc318f501 |
| SHA1 | 69a214db7195f7f6e968421768dfded84c64279a |
| SHA256 | 5fc8d9295437fbe8b499c468ee05a523668730d75ea60b4c6b994d473c07f407 |
| SHA512 | 344a172b59fd0e6538d42b90d220b8d3d83b36b6c6f12d21248b6c9569e28f6e21a8b3384caa9c89ac5d677613c058e64bc3da031d634ac8cb5fd19b38b8dd83 |
C:\Program Files (x86)\Spectra\System.Private.Xml.dll
| MD5 | 3f34de03a4e070f0084306cba45df288 |
| SHA1 | 64254505f0e658a3ab9828d3274241b352a5b074 |
| SHA256 | 2c7dd13dfbacf76f0d7ee208f9955fc0542166abf13e357f56bb874c36b9f0d2 |
| SHA512 | 0039402b2f03279a78426914982739b280ace13b853b62d0c44f83b855c8e41b8ece47356459c0c9c6f00fff4066cc30e2c9dbea16df784cfeb5cf318d872b56 |
C:\Program Files (x86)\Spectra\System.Security.Cryptography.Algorithms.dll
| MD5 | 8f3b379221c31a9c5a39e31e136d0fda |
| SHA1 | e57e8efe5609b27e8c180a04a16fbe1a82f5557d |
| SHA256 | c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388 |
| SHA512 | 377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9 |
C:\Program Files (x86)\Spectra\System.Collections.dll
| MD5 | 92063926c04f2e4bf5b5fde16542831d |
| SHA1 | e7be34eaff2d3d8796911d21f1fdbb93bf231dec |
| SHA256 | 9193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541 |
| SHA512 | e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f |
C:\Program Files (x86)\Spectra\mscorrc.dll
| MD5 | 53e03d5e3bffa02fbc7fb1420ac8e858 |
| SHA1 | 36c44c9ff39815aa167f341c286c5cd1514f771f |
| SHA256 | 23a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960 |
| SHA512 | f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170 |
C:\Program Files (x86)\Spectra\System.Security.Cryptography.Csp.dll
| MD5 | c7f55dbc6f5090194c5907054779e982 |
| SHA1 | efa17e697b8cfd607c728608a3926eda7cd88238 |
| SHA256 | 16bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a |
| SHA512 | ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355 |
C:\Program Files (x86)\Spectra\System.Security.Cryptography.dll
| MD5 | 75f18d3666eb009dd86fab998bb98710 |
| SHA1 | b273f135e289d528c0cfffad5613a272437b1f77 |
| SHA256 | 4582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e |
| SHA512 | 9e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5 |
C:\Program Files (x86)\Spectra\System.Security.Cryptography.Primitives.dll
| MD5 | 777ac34f9d89c6e4753b7a7b3be4ca29 |
| SHA1 | 27e4bd1bfd7c9d9b0b19f3d6008582b44c156443 |
| SHA256 | 6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622 |
| SHA512 | a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 776b1d78fbec80c34542979d69759fa2 |
| SHA1 | d3d30570cc976cc46a13ae9e9e69ca6a07e0207d |
| SHA256 | 40249677e67b93814aa3c2e2027ea2beffc79d290a0ee0240ac0fc603f036d57 |
| SHA512 | 9f33adbd5e60fba0663df06e0de2322dd2c2276028cfb1fc5f2f427a0b6c60825c91fe136e756c0c20831f780dae45159070d54e5bbcecfb9c067abf57075d33 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xxti54pe.pxn.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/996-1222-0x000001B2E1C60000-0x000001B2E1C82000-memory.dmp
memory/996-1232-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/996-1233-0x000001B2E1CC0000-0x000001B2E1CD0000-memory.dmp
memory/996-1234-0x000001B2E1CC0000-0x000001B2E1CD0000-memory.dmp
memory/996-1237-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/4956-1238-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/4956-1239-0x00000248E4C10000-0x00000248E4C20000-memory.dmp
memory/4956-1240-0x00000248E4C10000-0x00000248E4C20000-memory.dmp
memory/3324-1250-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/3324-1251-0x000001A3FADB0000-0x000001A3FADC0000-memory.dmp
memory/4956-1262-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/4056-1263-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/4056-1264-0x0000029A2CB00000-0x0000029A2CB10000-memory.dmp
memory/4056-1265-0x0000029A2CB00000-0x0000029A2CB10000-memory.dmp
memory/3324-1276-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/4056-1277-0x0000029A2CB00000-0x0000029A2CB10000-memory.dmp
memory/4056-1279-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp
memory/2620-1283-0x0000000000E90000-0x0000000000E91000-memory.dmp
memory/2620-1289-0x0000000000400000-0x0000000000CDE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\f4dbd5b
| MD5 | 823fdaed9760539b7c6fdac69930b58c |
| SHA1 | d8dfa6a0ddaf2fb005e6aafd8475e572a5b5119c |
| SHA256 | 3ceb212dbef41afc3e51a4f9ccc392fcb6680646f6f89c1f8c9e89916d790b04 |
| SHA512 | 963c4dc315ea5714d58904b6fb9d2e38e0c8c65bb6fef7c59df6b6e55d6671e9337c95d1552a2d283031381c4ac28e9baa12bc632a36108078f69d082c5352e0 |
memory/2620-1295-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/2620-1296-0x00007FFE96390000-0x00007FFE96585000-memory.dmp
memory/2620-1298-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/2620-1306-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/4808-1307-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
memory/4476-1322-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
memory/4476-1323-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
memory/2620-1324-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/4476-1326-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
memory/4968-1328-0x00007FFE96390000-0x00007FFE96585000-memory.dmp
memory/4968-1329-0x0000000075830000-0x00000000759AB000-memory.dmp
memory/4968-1330-0x0000000075830000-0x00000000759AB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4c0d6376affb1a3087074e6c23239219 |
| SHA1 | 41ba75e311c6c9226fd9ce49d99a6f245539b5d2 |
| SHA256 | 31b9167ae6c5f059b0e284b6e7aa50d5efb0c9aebeb85117c2b4cfd0b9536e35 |
| SHA512 | fe6a6a7662c85331b6af039bf652e57f2424a95227af0ff7f2a4fbeb7da3cb2c92d3ab213fa0c9a1b7a81a6e301e482a171a382327d9ccf732de16baac332fa7 |
memory/4968-1341-0x0000000075830000-0x00000000759AB000-memory.dmp
memory/4864-1342-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/4864-1343-0x00007FFE96390000-0x00007FFE96585000-memory.dmp
memory/4864-1344-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/4864-1347-0x0000000000310000-0x0000000000743000-memory.dmp
memory/4864-1348-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/4864-1349-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/4864-1350-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/4864-1392-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/3368-1400-0x0000000000400000-0x00000000007EC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\74467fe6
| MD5 | c5763a23343b7c8af20869d2d9a63cdf |
| SHA1 | 0c22ca524d74642379e3c060153b90f94528a594 |
| SHA256 | bf4694ee7dba4c3a55350d2455c1e55eeea515717797bd62de5b0929c0ce1e06 |
| SHA512 | 4927d58306e847bc735e1fe3453502e1d85fa7bd70c5b297ee8388b6f321c27fbda7e1279a0cc2250eb8ab2353ce11a94ed175fc1cda17e2c144dbfe5458792f |
memory/3368-1406-0x0000000073B80000-0x0000000073CFB000-memory.dmp
memory/3368-1407-0x00007FFE96390000-0x00007FFE96585000-memory.dmp
memory/3368-1409-0x0000000073B80000-0x0000000073CFB000-memory.dmp
memory/4864-1420-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/3368-1424-0x0000000073B80000-0x0000000073CFB000-memory.dmp
memory/3856-1425-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
memory/4832-1434-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
memory/4832-1435-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 82f6fae52968eac921ca34c9bf41e8f7 |
| SHA1 | b84764ba2529ddc6091aede0bf2fd1cc2db2de1e |
| SHA256 | 6ab216b1591cc3fc511067a9e200a7569da53ea9aad0cc8e6ab52557d6e8000a |
| SHA512 | f8e8b9b05cc0c0588a01c97dd3ad2dd13b8db1501d766394ca5e356fc769569bf0ec9f879d74158437fb080565f6c0d712ff134a12a4c74d21c187e0ccbc5c30 |
memory/4864-1451-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/4864-1462-0x0000000000A50000-0x0000000000C8C000-memory.dmp
memory/3368-1463-0x0000000073B80000-0x0000000073CFB000-memory.dmp
memory/4832-1464-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a8eeff18f87d67171bb1f3d261432b98 |
| SHA1 | a493796f44cd2208c92b1882fcd61de14ee3fb25 |
| SHA256 | d9134c3180b79f6f5dc95ddc93ff7042a7e28d3b198253565857edf41cd5309f |
| SHA512 | 15f86a95a1a92c0c7d249a519568a87b3c5236b5abbcaea36598ac5c81a536ac411830bfd3d98486d683e74f77c812e5fbac6ce0101565ed60331d7b12fe5bd0 |
memory/4320-1473-0x00007FFE96390000-0x00007FFE96585000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4047c9c7425d70561f060d08592ad48a |
| SHA1 | 1a2d393a42d28d1eb09c76cedf1567c0eafc6922 |
| SHA256 | f3e99270cdaef54bbbfc59616053b2edd1bcb8d89e25f2444f6edc83a21bff4e |
| SHA512 | f6e3aa87b5f15d25d41df369f401001a233f185fdde0d09e8b2a587575eebb4c3c4ab9642237b1c771553f69fa845ed3655f4a2103718618ef761afcef2df264 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0433d0bea6ef7f70b342fb6df05ad727 |
| SHA1 | 461f2847fe3426c8b0c7ef3cca5851ecad78f645 |
| SHA256 | d2748ae594664fe06f6dc5ab1c81e91e2cfc041685cc595174c8c9ab9abea316 |
| SHA512 | 2fcf729f0e11b841af489a04d3d2b2c913dc07bbde70e91392e8b1920b666fca4fbccb6ffb8c73d96769c2d9d959a0da8edc0287afeb2be84e8d3525e485cd25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45cf30587b6e6e920bb84224a3988a48 |
| SHA1 | c89d500ef0add13257b3aa2de2038c4bde0cddbb |
| SHA256 | 75a83dabeed6a8f8b30329a0db3d76363abc931c66230e44128d0db812b6e32f |
| SHA512 | 847168655f994e8c8a0bec2bbe0336e7f33cd486d997125d83e36c952a748da92a55616584ade76066397545090c11ee208edb174cc2d9c4bd4cd70f65ba1f8b |
memory/868-1514-0x0000000000A50000-0x0000000000ABF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 564d0ee7e1b6ba95e0b7e62a9c681509 |
| SHA1 | 92161c86cbbf856e9616b3efe35b6bf2f506fd64 |
| SHA256 | d4aede400154a22569a38634e919053ca18de5b027f34f940e906366857e5e9e |
| SHA512 | 77b791b1d9d1e9ae59528de0c031c08600aa71e2865aa8c6014761146d7d8099f2de0477d448d050caf86d5a36bb907a61701896633fb0c44e457ec0f6229ca9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a
| MD5 | 5e28e72b443ded036a4cf369d0dda3bf |
| SHA1 | 0500de4480a54243b12d096745c6ba04c9479e66 |
| SHA256 | 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e |
| SHA512 | 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b |
memory/868-1590-0x00007FFE96390000-0x00007FFE96585000-memory.dmp
memory/868-1591-0x0000000004090000-0x0000000004490000-memory.dmp
memory/868-1592-0x0000000000A50000-0x0000000000ABF000-memory.dmp
memory/868-1593-0x0000000004090000-0x0000000004490000-memory.dmp
memory/868-1595-0x0000000004090000-0x0000000004490000-memory.dmp
memory/868-1597-0x0000000075B00000-0x0000000075D15000-memory.dmp
memory/3348-1602-0x00000000029B0000-0x0000000002DB0000-memory.dmp
memory/3348-1605-0x00000000029B0000-0x0000000002DB0000-memory.dmp
memory/3348-1607-0x00000000029B0000-0x0000000002DB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9ae82f27148097d4528234041fe426a |
| SHA1 | 4e55ef770a5039d2aeac6c8b6e8b72ecc60df7ce |
| SHA256 | 5f19c6e567311a11cb78c19bd09cd9944488ce88a11d8ad659446184449a6196 |
| SHA512 | b50840bc734da3b1fe8b34f3f06621b88e9d48789763e1c48c4e37329a6bf26269aefcd64672620c256e7e39d4f6c2bac419141d8c9569b31e6a0e4f793fa84e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1502540674e9d8bfb5842ae65187edda |
| SHA1 | 1e1abdc47db5443b7f49f2652a69fd14062ed7a6 |
| SHA256 | 56a726abc6af483c0ff275825767aa7c33b0fe7f51c5265bc31889d915b521ee |
| SHA512 | 7ab41a24f5ad620123093cf733da26b92e4fcae1fa8f48dac070ca5374dba04f8f5d850d7dee74c4b6cfcbeb9a9f8972f573725d0eb3fbb61eaeb641ee4df9d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b813da5ef1ae3aca90146722185b8a93 |
| SHA1 | 27bf6fd714217c85e6e62dc46c5257c8fbdc7846 |
| SHA256 | 5bdc871b949943a10130756be5daea27916c4a1f5069642e167572cdeacebfab |
| SHA512 | 57d7a65105343717a28bc61c47b5e270b1f9de93a93919ccd19f81e2e1d1eb34201e4fdd3f7549ba710f0c92fb2c39abf49e6e57cc7ae129e76d17905e182bd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d281c.TMP
| MD5 | 3d8d2238e4b227e1cfbad1fa67135165 |
| SHA1 | d080cf29319ced779b0b8ef35a644fa0390f625d |
| SHA256 | e1c9db7df2af67da97389f945f26b3b0ebdf738423576237a6f24e40c6e21293 |
| SHA512 | ee5f7b089416861c8144fbefd203be54bbe8cb897305ff904f1e602dc058e016de842f6aa94ac119629488d5be00f04aab45676fa996afc5b6f53f3f40e85a44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 79b49c18b1eb98df35805954c0fc0d76 |
| SHA1 | f74435193d9a76fbf8142d845ce72183a93923e4 |
| SHA256 | 778ba7cd94a27652b7ee7c56a17aa0120fceb4c224872bfcc19f5af225e4f642 |
| SHA512 | 20638c5ebd9969be09ef91681043c2a580918dc55de19806aff6fe30a8ada728198debaf43202e06d5dd586fb3a3a41f9e195e67f87c6a9dbfdc260a48896a42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a05944e1c36fa637d18a6b73f3c69f6f |
| SHA1 | d881b91a62de88b5bcb9117320feba2c91c5c704 |
| SHA256 | e94d63ee0436af82db55797392267336b04bedfb6a41f6f4af8f7ea737d7a9d8 |
| SHA512 | ccf8da08ec494fbe65c671213757e26560a7a38adc0d526b258e44d92e5c3ab3b3a9692a6258d1a4b926d2ac082789f805b3d5ead11474927e60ca797485773f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e
| MD5 | 96c83700af5dda6827cbe791bea24266 |
| SHA1 | 8b167691c1312428fae47955d9a8d951b4b94eff |
| SHA256 | dac23b653bcb18d2f1f804619d0a5b9b9daba2ed211b6bddd0eb95b5045cf4c7 |
| SHA512 | 23bc3e9ca5db5ca1375ed5ebb0bad2918b3d3fb51a5d5c7e970e761b450bffed6fe9f004ed657d8ef867673891c4845b8336b65896893650812fb632da0567aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | c03d17334f5893307e1bd615a9a80709 |
| SHA1 | 295433c2390b1747c028e9d7437d01e7c0177173 |
| SHA256 | 84bc0cd121ea8948b4efcc0da356387d2f5ba4e323ac1c33334729aa5d48f148 |
| SHA512 | 22a76804b042ec1bd3ccfcb5852ef5d990f2f0610c3d0a6bcdd55a942cbb2dcb8945d6c13787ca8155d6abe9413b2048be7781d87a9d965ba4364220a07a630c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070
| MD5 | 50406bfbcbbc3a7caf728a600e45bb24 |
| SHA1 | 69990b4a171fbc27ac3709cfec5c469c29d9ae73 |
| SHA256 | e038c09fa6a101b575737b3e6bd7431a2656b47a911d90eb7968be34531633a7 |
| SHA512 | ce8bbb16648bf634bba1564c40fea9bc68008070f7b211b2a432b7f44d15b729edfa4fc41d41fbca73a98236889eda43f081fd576c8f27bc995d05f3f7f265c3 |
memory/2896-1780-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/2896-1781-0x000001BB7B020000-0x000001BB7B030000-memory.dmp
memory/2896-1782-0x000001BB7B020000-0x000001BB7B030000-memory.dmp
memory/2896-1784-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/572-1785-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/572-1786-0x0000016BCC1D0000-0x0000016BCC1E0000-memory.dmp
memory/572-1787-0x0000016BCC1D0000-0x0000016BCC1E0000-memory.dmp
memory/572-1798-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/4144-1799-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/4144-1801-0x00000179F8E90000-0x00000179F8EA0000-memory.dmp
memory/4144-1800-0x00000179F8E90000-0x00000179F8EA0000-memory.dmp
memory/4144-1812-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/4372-1822-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/4372-1823-0x00000223F39B0000-0x00000223F39C0000-memory.dmp
memory/4372-1824-0x00000223F39B0000-0x00000223F39C0000-memory.dmp
memory/4372-1826-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp
memory/4800-1842-0x0000000002AE0000-0x0000000002AE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
| MD5 | c047ae13fc1e25bc494b17ca10aa179e |
| SHA1 | e293c7815c0eb8fbc44d60a3e9b27bd91b44b522 |
| SHA256 | 6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf |
| SHA512 | 0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c |
memory/4800-1859-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/4800-1863-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/2936-1871-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp
memory/4800-1874-0x00000000748C0000-0x0000000074A3B000-memory.dmp
memory/2936-1877-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp
memory/3080-1881-0x0000000000F70000-0x00000000011AC000-memory.dmp
memory/3080-1885-0x0000000000310000-0x0000000000743000-memory.dmp
memory/3080-1886-0x0000000000F70000-0x00000000011AC000-memory.dmp
memory/3080-1888-0x0000000000F70000-0x00000000011AC000-memory.dmp
memory/3512-1908-0x00000000752E0000-0x000000007545B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
| MD5 | 37668418edb0f30c6f38d08c5ef319b7 |
| SHA1 | 72d173273dfc9a5cf0661ece8e6d90c602679ba2 |
| SHA256 | 4a7930a7130fe7c3c9822d90517e873e3e477c9a6978d096f740dc5b03770365 |
| SHA512 | 9c5c0c3a095824c51c349487c2366e4dcd1f3602082627296ac06569b72e28ef1d976f8b3ef8df30a81d4483c3220cbb6ee429f7ad4633d8692b9bf3f4104fd9 |
memory/3512-1920-0x00000000752E0000-0x000000007545B000-memory.dmp
memory/4272-1931-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp
memory/3512-1933-0x00000000752E0000-0x000000007545B000-memory.dmp
memory/4272-1936-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp