Analysis Overview
Threat Level: Known bad
The file https://github.com/commandoblue25/commandoblue25 was found to be: Known bad.
Malicious Activity Summary
RedLine payload
RedLine
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Enumerates system info in registry
Modifies system certificate store
NTFS ADS
Opens file in notepad (likely ransom note)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-10 14:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-10 14:50
Reported
2024-04-10 15:21
Platform
win11-20240319-en
Max time kernel
1688s
Max time network
1700s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 332 set thread context of 3700 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1028 set thread context of 868 | N/A | C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3148 set thread context of 1548 | N/A | C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3176 set thread context of 1416 | N/A | C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1148 set thread context of 3916 | N/A | C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572342843250210" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Applications\7zFM.exe | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Applications\7zFM.exe\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Applications | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1233663403-1277323514-675434005-1000\{36A578A8-9660-470A-BE6C-A09B108ADC44} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 50003100000000007358ebab1000372d5a6970003c0009000400efbe7358ebab8a586f762e000000659d020000001c0000000000000000000000000000005e3ef30037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Applications\7zFM.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000007358c1b0110050524f4752417e310000740009000400efbec55259618a586a762e0000003f0000000000010000000000000000004a000000000022802a01500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1233663403-1277323514-675434005-1000\{A6B8618A-0D4C-4B2A-B2D6-0EF6BB12D489} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Applications\7zFM.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings | C:\Windows\System32\WScript.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-700.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\link.txt:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOCEFD1E52\Readme.txt:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Github_Multi_Launcher_win32_win64.7z:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/commandoblue25/commandoblue25
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x88,0x10c,0x7ffe53609758,0x7ffe53609768,0x7ffe53609778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3772 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4728 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5492 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5856 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1584 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5828 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2524 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1584 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3244 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4460 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4628 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:2
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\58f16d1cac0c43158dbc9e05f153be85 /t 1028 /p 868
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f94a6819976640f3ad909dbc5d681fb7 /t 4620 /p 3020
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Github_Multi_Launcher_win32_win64.7z"
C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Github_Multi_Launcher_win32_win64.7z"
C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe
"C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe
"C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe
"C:\Users\Admin\Downloads\scamm\Github_Multi_Launcher_win32_win64.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2308 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=364 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6116 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2328 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=884 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5704 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3224 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\link.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4540 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5788 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=1596 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1868,i,18035222961550892992,8473755849357388245,131072 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Unlock_Tool.zip\Defender_Settings.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Unlock_Tool.zip\Unlock_Tool_3.4.rar"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Unlock_Tool.zip\Password.txt
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp2_Unlock_Tool.zip\Unlock_Tool_3.4.rar"
C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe
"C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOCEFD1E52\Readme.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffe535d3cb8,0x7ffe535d3cc8,0x7ffe535d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6408483819169175344,8765551856070673479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6196 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 67.199.248.10:443 | bit.ly | tcp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.178.3:443 | id.google.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 104.21.82.180:443 | directorryversionyju.shop | tcp |
| US | 172.67.182.200:443 | birdpenallitysydw.shop | tcp |
| US | 104.21.63.97:443 | cinemaclinicttanwk.shop | tcp |
| US | 172.67.166.48:443 | disagreemenywyws.shop | tcp |
| US | 8.8.8.8:53 | 97.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | speedparticipatewo.shop | udp |
| US | 104.21.86.190:443 | speedparticipatewo.shop | tcp |
| US | 8.8.8.8:53 | fixturewordbakewos.shop | udp |
| US | 104.21.61.180:443 | fixturewordbakewos.shop | tcp |
| US | 8.8.8.8:53 | colorprioritytubbew.shop | udp |
| US | 104.21.94.186:443 | colorprioritytubbew.shop | tcp |
| US | 8.8.8.8:53 | 48.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.61.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abuselinenaidwjuew.shop | udp |
| US | 172.67.205.134:443 | abuselinenaidwjuew.shop | tcp |
| US | 8.8.8.8:53 | methodgreenglassdatw.shop | udp |
| US | 172.67.221.254:443 | methodgreenglassdatw.shop | tcp |
| US | 8.8.8.8:53 | 186.94.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.221.67.172.in-addr.arpa | udp |
| US | 104.21.82.180:443 | directorryversionyju.shop | tcp |
| US | 172.67.182.200:443 | birdpenallitysydw.shop | tcp |
| US | 104.21.63.97:443 | cinemaclinicttanwk.shop | tcp |
| US | 172.67.166.48:443 | disagreemenywyws.shop | tcp |
| US | 104.21.86.190:443 | speedparticipatewo.shop | tcp |
| US | 104.21.61.180:443 | fixturewordbakewos.shop | tcp |
| US | 104.21.94.186:443 | colorprioritytubbew.shop | tcp |
| US | 172.67.205.134:443 | abuselinenaidwjuew.shop | tcp |
| US | 172.67.221.254:443 | methodgreenglassdatw.shop | tcp |
| US | 104.21.82.180:443 | directorryversionyju.shop | tcp |
| US | 172.67.182.200:443 | birdpenallitysydw.shop | tcp |
| US | 104.21.63.97:443 | cinemaclinicttanwk.shop | tcp |
| US | 172.67.166.48:443 | disagreemenywyws.shop | tcp |
| US | 104.21.86.190:443 | speedparticipatewo.shop | tcp |
| US | 104.21.61.180:443 | fixturewordbakewos.shop | tcp |
| US | 104.21.94.186:443 | colorprioritytubbew.shop | tcp |
| US | 172.67.205.134:443 | abuselinenaidwjuew.shop | tcp |
| US | 172.67.221.254:443 | methodgreenglassdatw.shop | tcp |
| US | 104.21.82.180:443 | directorryversionyju.shop | tcp |
| US | 172.67.182.200:443 | birdpenallitysydw.shop | tcp |
| US | 104.21.63.97:443 | cinemaclinicttanwk.shop | tcp |
| US | 172.67.166.48:443 | disagreemenywyws.shop | tcp |
| US | 104.21.86.190:443 | speedparticipatewo.shop | tcp |
| US | 104.21.61.180:443 | fixturewordbakewos.shop | tcp |
| US | 104.21.94.186:443 | colorprioritytubbew.shop | tcp |
| US | 172.67.205.134:443 | abuselinenaidwjuew.shop | tcp |
| US | 172.67.221.254:443 | methodgreenglassdatw.shop | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.187.193:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.187.193:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.187.193:443 | drive.usercontent.google.com | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| GB | 162.125.64.15:443 | uc693988e42f97db9cb390305c05.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 34.31.226.230:37144 | tcp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.160:443 | th.bing.com | tcp |
| NL | 23.62.61.160:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| BZ | 190.115.31.179:443 | fitgirl-repacks.site | tcp |
| BZ | 190.115.31.179:443 | fitgirl-repacks.site | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 179.31.115.190.in-addr.arpa | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| RU | 62.109.19.95:443 | i7.imageban.ru | tcp |
| RU | 62.109.19.95:443 | i7.imageban.ru | tcp |
| RU | 92.63.103.84:443 | i1.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 62.109.5.15:443 | i5.imageban.ru | tcp |
| RU | 62.109.5.15:443 | i5.imageban.ru | tcp |
| RU | 62.109.5.15:443 | i5.imageban.ru | tcp |
| RU | 92.63.103.84:443 | i1.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| RU | 82.146.61.17:443 | i3.imageban.ru | tcp |
| RU | 82.146.61.17:443 | i3.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| RU | 82.146.61.17:443 | i3.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| US | 8.8.8.8:53 | torrent-stats.info | udp |
| US | 8.8.8.8:53 | s01.riotpixels.net | udp |
| US | 8.8.8.8:53 | 95.19.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.103.63.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.5.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.31.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.61.146.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.87.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.117.230.37.in-addr.arpa | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 167.254.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.30.21.104.in-addr.arpa | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | fitgirl-repacks-site.disqus.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 199.232.192.134:443 | fitgirl-repacks-site.disqus.com | tcp |
| US | 199.232.192.134:443 | fitgirl-repacks-site.disqus.com | tcp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| GB | 18.244.140.59:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| GB | 18.244.140.59:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | a.disquscdn.com | udp |
| US | 199.232.194.49:443 | a.disquscdn.com | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | 49.194.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 54.227.133.51:443 | realtime.services.disqus.com | tcp |
| US | 8.8.8.8:53 | 51.133.227.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4900_CQNVJAJEQLRLZGGO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b57e8210fb43f7111743ee6a4174a4e9 |
| SHA1 | 9e30d853de2ff6c9affb86eb16b7c94fe040d8be |
| SHA256 | 3d8f3e60398f8664bd596c5863ad9b8df4c2887cdfa8c47691cbf603df2449ce |
| SHA512 | 43ade8e97b05d4243e2701e85cf1d76173103a6d47bb72f95e550bbdaaad5573728976c057808a88feb2a165c7082e92522cc420ed89d1678b18f8d996650123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8af7754bb9ab43229ce1ea0a3c56a007 |
| SHA1 | 50b31ccefaaaf1666bfe34adf0c435f22c479707 |
| SHA256 | 56f5c943fcc48bc7f0727750f248a2e6865d3d48b28697fab9b566941633c64b |
| SHA512 | 8bb1040ca802289d91e68fb52f583f947817e1a00c2c699167f87f663925690ef980292afe86c58ac123ebe356bb19634af3703736cb5913ec4e0dbf74e0db0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df51f0adda18d0d3f05878b624a5d0d7 |
| SHA1 | 7948d1d6abcf3a2498d4789b7fa3071b81b47e6d |
| SHA256 | af5c9694ec2ec3ec3fcb2c0bc1b76b2d1a8e7b0736157b08de7ba28825cf98c2 |
| SHA512 | 9a5b6c4c738866641fe5d6d4b007596f258480d90680e8c1c12328f55a68982fd30588ad7cbabc95a3734369e3602cca760c4519e0cf7b27a3c84ac511ddff2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 02e5d795a194bc5e4999a98f4a60ffcb |
| SHA1 | a18632ea9ffe435f16fb54e762b424bcf1d2541f |
| SHA256 | a7976e6b1965eb44d907bff19626061f45d337923ebdfc01b6cfce1c10c11855 |
| SHA512 | d8b26181ce2c7b5dd8daf93e5c3a4730349120fc9cff8f0de8da2c86efec8679a05f38c4cc4e69f05b1161992ce87568be718127cbbd92f52f066e189af8c7de |
C:\Users\Admin\Downloads\Github_Multi_Launcher_win32_win64.7z:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5801a1.TMP
| MD5 | 77b0fe4f1e7864e5e9346bf3837a69ce |
| SHA1 | 10fa0dc7735a50344e9fc62b90879b10477653af |
| SHA256 | 2617d11d4a9c872b19cde9361036b881d6cc91490316bb0a04c65fb744a19f5e |
| SHA512 | 75c1c53bdb856b211c52fe1d1a6cd8f79016c6e9b4c50d77b73fefbf1cf6ff67b9a9019e8aa9f96b34352399bbf346a42bdfc9572e6ee516eef74ac97dc60103 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | fb6e95d7dcbf95f598fa92443041ab2f |
| SHA1 | b6279344de23eb5e8ec9687d8c70c07a4b121746 |
| SHA256 | f8de905b7307223c628301ae01ad5f0f78e153c36b32ff2f8cfc66150964bc30 |
| SHA512 | f7841a0e97638002c86e3d1523b4c804716df25a2260fc463806a400f90a9967a6c8e81188a38581a24e6f0a25f5f7dd08bc2d13c7c12a14ee7bad4ee607c602 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 421e77e480ea8e081f9f9f40a1acd6d4 |
| SHA1 | ec7d124eac6878b9961b98039e75346088b16c4e |
| SHA256 | 0705695dd9b8eedd2252249cd9f57e9c0d7ba540324130dad87df5b48074c9f1 |
| SHA512 | eadb2c34ddeb6ec2c0027cfffdd5de6b3172968ae7ce215c345c616d94b54817cb680ad761a1df8be4561e07864bef26ed89383531c59b7cafb8a46699a91917 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26914f4b-efce-4f12-a846-4b0cf422680f.tmp
| MD5 | 24b7046cb0981799cefe02964f9b5ba1 |
| SHA1 | 528ca4bb322e19fbd5496eb311006374ad67e2b0 |
| SHA256 | 1b97beed9e32f621ef5f92197d52457b1784f29792c539b5dac370489cb4cb68 |
| SHA512 | 3320fbd8d2dd90ca549615e76c0c81b730bd3fb5dd6db2f1742c9398d09c4e6e0d3aae14a6e159bdc9efc4a0d26c3ca16216f5127690e7afd2270769a2185835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5a0c6f86622dad03767d33fe57d7fffd |
| SHA1 | 53e966e041f560ffac7e1a93585abf190d455ee3 |
| SHA256 | 1f26f276a59d171ae2b4ba3ea46c6f6341464cc0ae2a1492d1e725e285c42c74 |
| SHA512 | 5ce2de170879d7f15bf153d968a749f66a41df5f33e3628fda048a72dcd8e06002d56477edbc236b58a2f39cc0a02efa3513cff26f387ac7cd2754cf46cae48b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80b0cd4614e1e3e7c9fa5eff74e3ed82 |
| SHA1 | e875afe603b54f67b870258f41348ce5594f74bf |
| SHA256 | 8d8b9d1a54b2d650b1a48efd7f24bcccb4a14a7121ca0335ded7e95ac7277706 |
| SHA512 | 747dc874342fe7672b093d325cddf71c3f6475600a8510014fac759248291ebc424efd22895b78ef309ca8378f022367f5c4c8536a8e48476cf9088084ec54d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f497ce1e61db778be681cde8d0e265ba |
| SHA1 | 56fad7b2f75dc84953afb2eb9016959b8068bf5e |
| SHA256 | 1dcb6c36ded6023dc09718466abea07162e29e47de7138b103d2a768ec1ebfaa |
| SHA512 | b618f6773136e31b9098df5cc73451668d451dfc68d3e8aa3511a8f7d78aaf9102752bc2e0a3be14ad905ee9b1b8ec8ecac90a6ca79739a10a9ebba40d277a52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6ce37644dc4cbe646fd0c079cecb0fc8 |
| SHA1 | 2ab7a92de3a8ecf6162623258a4330167b7c78a9 |
| SHA256 | 28736bc5135f878cb0a5dca414e48252fa13f322deb5897fb61ca5dde1bd18fd |
| SHA512 | e225bcee52048d09139b388dabe87df0fd5371dac9b179e3bc4b7ef142d69c9ce14bf8e2fa2e4758c955210d3ade1d2c3c2f91fea2520262a113093342e2a779 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54d8cbbc87eb980f67a307fc5e834d3a |
| SHA1 | 59c36650f5fbf9bbc04226bc709f34cc4de6099f |
| SHA256 | f927275ed1afc40383c2cc176c644cb2ec516bd6a4af045291131f76d9bbb6de |
| SHA512 | e49f3ca2067670f9ae24a9872f6fe27c97c388fcdd731061d6a08c4954123665165921c3525d239a4eb7a46d5ed06cfeed70b37d35d4948fee39fa556d482680 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 86a85c9ecaeabd6eb79c055e486901f9 |
| SHA1 | 74b813e0d8126c17844cef8418a54c0ae85e8b36 |
| SHA256 | 1a21a20f0767a6af45051a3222cdbcfd9eef78e2254c355c5297506744ee07e3 |
| SHA512 | c2e97e60543ff762540ca09c26d8a5901b8fcaacc7894a17595d56f093be66d7dfaee9a1d9cb4aa3b953acb2332432e48f689a3d545c3d8142d49c4064ba1050 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cb536fadfa920976ec7050802b0af1d8 |
| SHA1 | 648ac38021eee17eb6384c1d49a3935edf462180 |
| SHA256 | a3b5ed402dfb50b11dd14f5af9a10723e930adcea1ff5d13a5ff1976205a8ec9 |
| SHA512 | f2e8ce1d25f8dbffa04e4f15a3ba5d5ae8da4b1519069635601c4609c3df13b6b7c17bb94e57dbb363b2fb21c6562b8a57ac12c502d345a876a4af7fce820de1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bebc324cde7b939516b6fc2a133e5fc0 |
| SHA1 | 126bec1e2e959f3e08d03b8e912c55f948cbb04c |
| SHA256 | c20d8933c3249b05f9b24595f52274f9a4ec9298c90ae0d1f41338c79468ca78 |
| SHA512 | ed66ed43b810d737e9a1e59759ae46975e54b9fcb2381ea36a5c576f8d081e05a1c28fd7107fd12d6b18feba06631b373af7aef2ffd8e591c89335dfbaf6bb19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 60f1079e7c8308ffb908645e0b721d81 |
| SHA1 | c32201c42d8f775c7d670a78bf675bc2818e0977 |
| SHA256 | 229925179d68601c5709b269ea3cea559f0d67098d47412cfcdf34c259f0513d |
| SHA512 | 6d362241e7ea8be8f5019dbaeaba0c08b2a7cd3ba4f7668874c6247dd65e13c782d2b3da6c8fa2cead7e4972839a4007b2ab79e50347bdc768594b04132d0541 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b41122d4-0d17-41b0-b681-8b74e6f0abd1.tmp
| MD5 | f532f25f5dfa1f9bc57314ddb195d099 |
| SHA1 | ee8fae04541c49218d44a147b63f68363714d049 |
| SHA256 | 5d785b678b8645e01e794d89e63dd47d371d50136253cd720104796f67f091da |
| SHA512 | b7f087abc0b103c133bb213a9b2682c3b1979aadda39ea22cd176c87790ca178eae51c0253c57bb35800697b995b31eaa7da295bbe5e583126f70dfb717214a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76d36c411710927f04b71938d2fa161e |
| SHA1 | cbc17deafb21c19193074194dc65e45646409bc1 |
| SHA256 | 9043aa1e15ed19f926485cdb7b9d506a95d031ed75155b34f0fc04efcae9bb6a |
| SHA512 | cb90196705e25fee583506933a9e8c5b7f6a0eca4fd11cfa0c5cbb594710e9e0c1876f34389cd9fcd70b6b7b79f9f72363bf791a65e5720a5fc58ae509761047 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6fb212f38f3784ed7b317381c09bd1f3 |
| SHA1 | 80b2f02c68da8fbfc03499065385f705e25aa43e |
| SHA256 | 9926f6198f293a9a7ec9121b3f6eaf10bed747e056b45b956182b4fb8d5aa67e |
| SHA512 | f9ee4dae4b90755b4203f34f05acd0d4c8047d2ce65b06fceb24fdee610d1fe531bf62ed459f10f04bdcbd65ba51e83559ae199dceba3d562e81dfa6b4c9b319 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c3234b012809f9ff1483c7d76af1acc |
| SHA1 | ad92dcd466a4160a9ebab216587106ab0c7d4aeb |
| SHA256 | 44686cba8810f1b01cd79ae14e4e6ef7d504fe5e68e68daad20adc0bc4870a95 |
| SHA512 | e6cb57f8774b943c1d9266561eff8b63e673d1f057101de9e9a2ecabbb090917b2b86200bdf25b45e2339cbdacb0d4c0edb834fd84ad02135744e0a654b56351 |
C:\Users\Admin\Downloads\winrar-x64-700.exe
| MD5 | 48deabfacb5c8e88b81c7165ed4e3b0b |
| SHA1 | de3dab0e9258f9ff3c93ab6738818c6ec399e6a4 |
| SHA256 | ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24 |
| SHA512 | d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5c350cc027b76415b050e29bc66b3d12 |
| SHA1 | bcabab09792f9458791cfbc34600f05234ad9d0f |
| SHA256 | 5c327dd7ecdfe29a6ba5b265cdb68358758aff92d541328b074222b3727462db |
| SHA512 | 5ed77baebeb666aaca6262c83e878a3c7735856edae04484259e1ab1df5c0a7272d04dae7bf0bff6c3ccb81f390b1df40158ad3f19406bf757a78dac841912c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24a990af5d306ac12dcfb0395930385c |
| SHA1 | 34ac43f916329605671ccf09278f4caffc7d60ce |
| SHA256 | cc3580b1c0b9d8629ab2f2d4296c37d4eebc03f58f5adaf7a27813b74d3c21e8 |
| SHA512 | 1ace244a6bed54fc4c6b6e428b3170fbd820c1d9da01fd9ea42f150a82438877562067f053082914d8fa0e4530ad83005935d5e97fb8fcbd4c270e6a1b5abc74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | df0acbbfc9897a3b7d53e7a2345b33a6 |
| SHA1 | cd4d74aa39a97e3c0545bee09ac1638644200aff |
| SHA256 | c79deb85307e86f3b60d921e0a61504830263a363e78bc123912df9d32205ac4 |
| SHA512 | cdac57469cbe2573ea6e570ecf3c6f4c58a95a064955fa7e098fee261c98cb059bdde89dd066c02229bfa1b62a0543a30a9402e1ef63bb159e8ee3785686c326 |
C:\Users\Admin\Downloads\Github_Multi_Launcher_win32_win64.7z
| MD5 | b91cd0d270180bd384a14072d416d63b |
| SHA1 | 0b37a26af240b72ab7c44a95c22ea71e0feb1e9d |
| SHA256 | 468c0432746756c7f91798d050133af5f6474303eaf840aaf78cd3adf5f6a362 |
| SHA512 | cbaa8642a9df5b555c9368a701eb19b539a2c9b1e2a082560a5299544d3da3b9740830cadee7973b456925304edad69a9a19c5f21d47bcdcc829bc5a6d544209 |
C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe
| MD5 | 48083c6e44f4e52e9d56d6ddc5528a38 |
| SHA1 | 97c34cae14ed0a89ad9cd1d0736a74bc8fa6c139 |
| SHA256 | 47cfc9d16a4fbd657f9e226e23a5aa442a6665dfd49358798d330b4e82210b05 |
| SHA512 | 972a6f1dd9e8a3c1b74929d61b8492079c7a60fc7424bd24a197f6611187656f6f97588f393db6f021f1ced618f7a2403fe3bf47293e052bf12b48cba4c4821e |
C:\Users\Admin\AppData\Local\Temp\7zO4EB8D06D\Github_Multi_Launcher_win32_win64.exe:Zone.Identifier
| MD5 | 66612635b4765731309c0e89633b904b |
| SHA1 | c5d5ebd427aacde869a7b3405290f2af37956bac |
| SHA256 | 32c20afdb11b15c9098712ef0ea971d2313bad6adadef63669433ec19088d771 |
| SHA512 | d5fbcad9f23f802800919ab2fc2d2e6b7c21b0ff39ff523dbc662de0135b92adff91fcaa11ec25831fd0e7c856c6aa2de297777dfd9147bc66e5a3fd8430d123 |
memory/332-495-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/332-496-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/332-497-0x00000000051C0000-0x00000000051D0000-memory.dmp
memory/332-499-0x0000000004F80000-0x0000000004F81000-memory.dmp
memory/3700-501-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3700-504-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3700-508-0x0000000000400000-0x000000000044B000-memory.dmp
memory/332-507-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/332-506-0x0000000002B20000-0x0000000004B20000-memory.dmp
memory/3700-509-0x0000000000400000-0x000000000044B000-memory.dmp
memory/332-514-0x0000000002B20000-0x0000000004B20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 33c5029b5b815b74b7785d4ff895b4f5 |
| SHA1 | a700f0a50f7d8c4cd9d63b9b3317584e01f0b251 |
| SHA256 | e374e091ee7d9f6eb43e5f1864708b1479b78cfc03b498e051a2e1533e82c12d |
| SHA512 | 257529f7fefc49f70fef9e46b2e868323e81aba02b5d90483aa08bbfac020e0a0a398ca9caa30a21a678eb533021dd9e47ac27f15e9ed7169dbf7f1d216d5673 |
C:\Users\Admin\AppData\Local\Temp\7zE43E5BE1F\license\backupkey.dll
| MD5 | 4d5e157915e455cc18b2c3cbd0f8ce88 |
| SHA1 | 7b33623c290ab2c26db25d7fdeebc9c1c710faa8 |
| SHA256 | 514bb83e65b9124e1b3a99fd69b3f3d1bf1767a5351ad16286839bb305d1256e |
| SHA512 | f7c27529a6d73bc2dbc9b699fe1283d30788f2f3a6546375c7144d789933503814350342fc9e8fa3b1f8c43b5563540658be35946aeae2c86b3034d941f5cfc1 |
C:\Users\Admin\AppData\Local\Temp\7zE43E5BE1F\license\genkey.dll
| MD5 | 91bbf94eb4493d7da15f237143c720cd |
| SHA1 | 711940e07b1de1813aaba31e2507aaa89503f1fe |
| SHA256 | 4be9f9449603808bebcaded59bc562fd82425c95c3907d624ab91231316ab6d3 |
| SHA512 | f4514c73e7bcaf414e2ab131faad7fae4a2e812de8e653017beb5b4c81187949d070173b63386fae0faed39fcfc155eeba15ee6c88c73ef331043cf5c6aa87f9 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Github_Multi_Launcher_win32_win64.exe.log
| MD5 | 1294de804ea5400409324a82fdc7ec59 |
| SHA1 | 9a39506bc6cadf99c1f2129265b610c69d1518f7 |
| SHA256 | 494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0 |
| SHA512 | 033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1 |
memory/1028-595-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/1028-597-0x0000000002E30000-0x0000000002E31000-memory.dmp
memory/1028-598-0x00000000056F0000-0x0000000005700000-memory.dmp
memory/1028-603-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/868-605-0x0000000000400000-0x000000000044B000-memory.dmp
memory/1028-604-0x0000000002FE0000-0x0000000004FE0000-memory.dmp
memory/3148-608-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/3148-611-0x0000000004D10000-0x0000000004D20000-memory.dmp
memory/3148-610-0x0000000004BC0000-0x0000000004BC1000-memory.dmp
memory/3148-616-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/3148-617-0x00000000026C0000-0x00000000046C0000-memory.dmp
memory/1548-618-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3176-622-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/3176-623-0x0000000004A10000-0x0000000004A20000-memory.dmp
memory/3176-625-0x0000000002320000-0x0000000002321000-memory.dmp
memory/3176-628-0x00000000742F0000-0x0000000074AA1000-memory.dmp
memory/3176-630-0x00000000024A0000-0x00000000044A0000-memory.dmp
memory/1416-631-0x0000000000400000-0x000000000044B000-memory.dmp
memory/1028-632-0x0000000002FE0000-0x0000000004FE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 8dba3a7f7563e15129098c42fb8d2c0f |
| SHA1 | 8e0b1f94aa3116a0c5e1ac45296dab6a964fc53a |
| SHA256 | 0c363ac674a4d139741f5635bbecd7efa0753a98583543bfb09434cafe5562ea |
| SHA512 | caaf62936ffef40d14b653658c89861ae2cd391f9bdc950699454f4ba91ed8068ec75b354e4e52a87a7c62b08c06ec99e3441ba85e8b8ca330f6e6c61d58db87 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 96e6c9d9439142ba49800f8f4c7b08aa |
| SHA1 | 50560c0228287b8611f868d3b5611198a36d71d8 |
| SHA256 | 76b0a562fe26539af4fe1ca0574bf9f9f202048053adf03b89f16185dc4f461d |
| SHA512 | e43b6be32eea4abb369cce1b0bf83f2770cda0b0e50c58b726421aa8011714b9df6a20536eb731e1dfdeec5b791b08b2587344d6d2306f4ffdb42420b61d9014 |
memory/3148-695-0x00000000026C0000-0x00000000046C0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0006ace72fd5fc1145f0e727852b9159 |
| SHA1 | 73af840bf90e9448a7f11ae8f95403b25a302992 |
| SHA256 | 22670d218824e4e99a4a84c99d0b81b17a7b0ca0a4119ddd2d5f824cf033aa90 |
| SHA512 | 1d3fefcf828b9eb475f7a1021dda5b3f6a6b5e5015582c4359d0575ebe1d58c4261529a07502359f7d559db053279a69ed269680f9630042edea20f7655996aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5fd5c7.TMP
| MD5 | aaab146f64541f11d857080d0cde6fc0 |
| SHA1 | 37f15db75ee6f90cde8c1f644d67d5aa32d6a0b9 |
| SHA256 | c0cc6d8efda0a0bc6065354e372ca44d2400dfabfe526099e8690f47e65cfc39 |
| SHA512 | f696a633021e9157cc48b0826dea49204fb846c002107ff992352642e58837096ebc07f7becffe1abd7d2e2eff8fbea45ce47d0eadf8760c334f99a357402de1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7d3e36e59af81b071fe2f5c46c069555 |
| SHA1 | 6ff8d934607c3cc1aece3dd0c13b236746e9f59f |
| SHA256 | db7901cc1c5a4376615302f4cfb27925edf66db90c7afe1a8c3a57924dbce521 |
| SHA512 | 13de9030cacf1522a85cedfb5b9f07a3e4475f4a4157df7c4e91c24710fc67adc500902c313ceec9c8af2d44e685b8d5a08fe51332d7c3de68c41c7b304d21bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66addcaead708f92abd848fa21fd80eb |
| SHA1 | b49020076193dc8d888ac9e6276f16a48dfaa866 |
| SHA256 | 5af609a1d69282322d0f4c7d08c2066cbb3a227f8a01836091bc1bd17d5dbe92 |
| SHA512 | c1df06f81f22814b398e07da76134d4189ec10e0b70867b1222a64df5ced8cce76ea12b5062d594a8396a78885c27eb6ae9596af92a057a2d76f6b4a1c2353e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c9af6a8d7479165b808caadd7e29b4af |
| SHA1 | 53d7d93babf189ea6ed38001a3e7212616721c63 |
| SHA256 | 3809be25a3d8cfbf3e9bfa31e032654f7f0d7b9b3bd394aed315f41284186eae |
| SHA512 | fc3fb84d1ba3ab078b80dc4952e65d66c5c201a72cf231301dc0dd927b485a5301c5887939b3172c54d519afbbe57492f678bbf39c377e595c3bd9b0432fc50f |
memory/3176-795-0x00000000024A0000-0x00000000044A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | eebb0d560798acfc7c3862169789f11d |
| SHA1 | 7b8082abfb5f2d3ad039c59fc968a834eae64a2e |
| SHA256 | 8ae04026cdbfec38e43abb2d93072024b4a632db30cd7ddfa237636f363e807c |
| SHA512 | 404400c00ec5d3f504873e457311ad5b79583479b85e262b01153380c479c83d64c1a757f111bf4bf3af0f260222cb73cb09f9d971ed8eda75e30a0e5887cf67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | f20eace1dcc5de12ee97bb1d09112a7b |
| SHA1 | fd243180a1d8bb0c76671fa25add8cc4dfd6523d |
| SHA256 | 628d9807bfeb9ec92c5cec43aa76a9dce9a643f9cd3a6bdb03dca2f4427f10b3 |
| SHA512 | f69533bbb77b96567d0380ea965aba7240f638c8e201517772be93f80ef6cffab5fbe4660e9a66471b89de532fe2880f8b30321a8b275c9058986f52c55d2d18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | e3b7c1f55a368984a5ba8cba843ed6b7 |
| SHA1 | 3362755d9f77b6eb0801ea9b3301a24ee63fb22d |
| SHA256 | 7bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5 |
| SHA512 | 64b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 913859d3f6e74026b3ab3e6e4cd697e7 |
| SHA1 | 68fdeb1eb730516c324c6740ff9dcb91283010b7 |
| SHA256 | cf0aa717612589833da5616a55b01326cda088a535e39a3a230e607113655b75 |
| SHA512 | 19a7827d99b193b783749e41835b27dfd02b80805e4c4099658224f1d8f1c6b9231cb014747175183ec1a869ab43ded641f86631daa38b0805dace69b6d72689 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bc729e45222ef108a9e3f12d5f2f22ab |
| SHA1 | 223477577e17b940a70e0fc1644b8da2c0524e7f |
| SHA256 | a544a5bb0f383d1070ea4929b6f04e5e66a6f194220c635d8a85320961809bc6 |
| SHA512 | e1275d0da79fc537b7574e06da6656a7a669db194c97d4f4906363a8f9f2d48229152e653c3803e4dbb622679c1381da59f3604e14ff55cd3431f543e94a2630 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 045937268a2acced894a9996af39f816 |
| SHA1 | dfbdbd744565fdc5722a2e5a96a55c881b659ed4 |
| SHA256 | cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf |
| SHA512 | 71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 73f44ac36d5bb41007854c36e26fc93c |
| SHA1 | dc515fd04b1b8b53f0058db435b50f58489c46bb |
| SHA256 | 11d666de1dad1d15f4cdb6224d5c06b9f43da6ac52def31f3e154a11d7ba6533 |
| SHA512 | 337dd6d16d2c92d5115d9108f6a92e2ec9a47679e4c231e1d7d5a7a6d05c99a220842a92740ce6542d3d1cd1ab37aa15956b6ad0d57915ab78794eefb1ed3e7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | cc2f6286a70216923b7632225114b075 |
| SHA1 | d268dbf0bec29137b682dae8653680415c353378 |
| SHA256 | 929cf2ba341dd65d792c63e86faebf7f7f34813e63d8ab285d00907af42d2c11 |
| SHA512 | ec151589ef23b6055b35ae07126cf5e1cf6e3d3c0920073e6ca17b505499277b43ebedf475a102befedced781c2164e40b4b9d97f7ffd6212b584e63863ce434 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8657f3d9686a94a64f320157cd018528 |
| SHA1 | 35399872ffa350cf0229517cf39ba311025608b6 |
| SHA256 | 4cff7f59d55be63bafa4907719b1a1c2f72a572dc00f8d4121212a9912e15d08 |
| SHA512 | ab5deea5849d41e569b9fab7e17dc5e6c8c7107233ffd57449c413b3ff6a139e69074d7330ddb48743f0eeb1d225cfb763490b3528474616b14f0b196a539934 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc888999aa15293cedf15b25818548d3 |
| SHA1 | 84f9df8d20f24df0ebd69649bba181adaeb3fa0c |
| SHA256 | 7b6515979fb6af68ac2c3c05502091dbad70ba3cdb9e90a044e5dbb901c1f631 |
| SHA512 | f9d484f347a2aac2c84026a8e9787ee3e0f2ba213a581796b3e0a1206f26bd864755ca7d44a90d854f760e9fac1fce2b4a0b27a0591ecc53fc546f047bc267c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 82317935aae93f1fbdf00c2cd6144d63 |
| SHA1 | 4581a9e791c94bb656c31086bc1b45b456800204 |
| SHA256 | a1e3dcd05f03082038f01fbafb4ac2c7f43e03d2e203e9d689d48418e9269a98 |
| SHA512 | 6bc4d74188b10a953a4d821747272fbbf8a9ead69d769feac650a2c8abbc0546b7cc832cb3df6d15688ff2301025888d7e9a27566076385e177bafe7f4ba70a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | efe81e4daef615b00dbe73ce495ca572 |
| SHA1 | efa6284b26573a32770851c3ccfc54de3d6642d2 |
| SHA256 | 8a2115d91ed4df1f74c0bff1d7800c6c776fed3addf7e6ce4637a1bd0c9f81be |
| SHA512 | a561f8475dc2ec744dad499bfdb45b5c113a216d93c3873321e9fbbf22dfdde932af4dedd5819f4f4e0c8bd614efb77e68825561aaf05ec69c19df6eb7271b06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
| MD5 | a9b2e24eafd93725e06f9e0830f2cba9 |
| SHA1 | 682398b167f10a150e2cf49f0695c2e3aa71f36a |
| SHA256 | c179b4581d9a6aab72e19c03b206a76006277f72f18b677705ec5ba0a8d5c336 |
| SHA512 | 3522a5cd1f25ea2bbeb5154addf9f16f7e602564150e01b900d69ddbfaa8e7f1ab7b47e18472151eeebb2438c915ed3ee2e292129e97748163761a81cb9443ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6ea5c274e7c08309fdb75befec444879 |
| SHA1 | e6fb821cbf6ffa7656f06f63ee3f8d31c4076890 |
| SHA256 | c1ca578166d8d2d5e2fb9ac80627f80c3ff0a7c6f2fbaff9542cc40d06b8370d |
| SHA512 | de98a35ade50d88da35ae547406e59839aab437ad7eedacf0ebbd99a3096b4219f701edb7175485be50624d15eed78d0d30e2e8a4f0d2096fb8874ee09ed12e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a3ba0805cb56e39aa0928f5a46b110f1 |
| SHA1 | 7917fb598f6dac18ef17990839d9718e9816ef0e |
| SHA256 | c913493fd4dc18b91b9c13b6b30ddd8458bebac6f192f98a37a1d4edadc8572f |
| SHA512 | 241a4f0ed0f95ae3cb5a65eda78904b49562396fb10ec514d1c1245f7e6e7479d9ad70b07c50dc0ae27f00a63e1f2a1a601ecc6dc227ad3c0bec4f100cc24e63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 785e283b434981cbbfb535f6d30d76eb |
| SHA1 | c0574bed6f426284712497d3403b5a44534331b4 |
| SHA256 | 77c787728aa3a0005271bf6e3c837d1f9ebbba8767bffc68c49760b239feee2e |
| SHA512 | 2eddfca760047a5533e95a6fedfa4902dbc8aacb84f5d18e582c6510cc6f34594dd519754cfa6fed5b0b657dad78e6e8f7c6c18622b361f43a3f70d03ecccaa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23c238c501e2bd256f6ff7b21327b412 |
| SHA1 | ecc7611b6da6a46212ab25fa1e8677e7984bf292 |
| SHA256 | 6ad502f97e937e2b4d897a27b260d316bde3fd73c45f6a80f94b5cddd45ed6fb |
| SHA512 | 94d81a0f4f734febda098a545a941c657d7514358d95c6c3b30042d742ebef893acb134fd791f9dedce83e92309e015bf1133c75a8c627f5a4dac3a85046b415 |
C:\Users\Admin\Downloads\link.txt
| MD5 | 88c14709a5acb7bf96f86ad5e89c57c0 |
| SHA1 | 01aed0dd04f7f70f29ea3bcb11efcfaa6d997d5b |
| SHA256 | 6b205c2459a887bf6e90a5e3bbffc4d1c3d9913458152d2910243aba3c5920bb |
| SHA512 | 861b0d819ae981ca0484c8faabf6cb82b410b8d3ac6bcd0af9221c1d1a39be0e221fd01f53e82e993a9771e16dbcb982673809623d75f1840151c1f388635d3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f5c679dd122a812a29a72cc8f847eb44 |
| SHA1 | 868e786d64ca980751c50314e49c02d1be09044f |
| SHA256 | 32d2c0ec552d6179797393770cdc33ae79714ca7b1fe6a57efc16a2ccb06d341 |
| SHA512 | 8983e65455fdd38f5ee64fdc618dd033555cbe462aaa4e7fd99d43b5c6e11eb7dfafce6bdf9f611c8c45e9229c9e665eba6856db7c055fed6be0c8fdce6ffe49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 07aed71557ba5e7e67c1e955093cd200 |
| SHA1 | added99a1d4ca742e536e351309d6302f5823773 |
| SHA256 | 767e38bf8d440a0d42aae3a041704ce63bf307cb34f54a72f5a6c6f1d5239c69 |
| SHA512 | f0128ee66899cb0bd68af64fc3aa660c11cc2d49c4744655590e430273bcfdacc8786e78ae860d936866e15b9099049ff4be8bea803da14141825d8b519a95ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1e881435bea61713554650c30ef4680c |
| SHA1 | f97ee45a7c7918e13298068052b79f77e4b394fd |
| SHA256 | c076fac2f2a5c5edddc7124b453c40a2e49cc6a03bb0356edba8605ef4847ba7 |
| SHA512 | dcc6282abb97711afedadc17031ce6413e699618743348f6988550dcb5a927e7992a8fcec1835857e8b85582a97c72c5036d99bb1f5c58876adec09f7921176d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e9db262211cbe32cc2f5dc134693d5f |
| SHA1 | e2989eeb6df4eaf828d2e4f4218767f9b7f2c74c |
| SHA256 | 12fd708ef83e732cb43af768e7b63bfb2382eb26a87181474a0bb328d1494b36 |
| SHA512 | 7491f2c7440ee9c50ec2e1f49e337ea5c85817773160894abbb450d648b86e9fb2db8dd6d97b195d8070fb1c5ce3295587684c72e20d54045c220ce220b094c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5675ddd76d7b9b944cc942b2d972bafa |
| SHA1 | 9b12fbf1b3eb3aae7ddc6d22db43b966e092d2e7 |
| SHA256 | 4af0672085b89cd8fa9e3e3984f3649b586a66a514d4a10dd7d2b86f0f900fcf |
| SHA512 | 7ee713e7bb48dc2ddab0909e7b0cf7a099142a2ea64f45431250955b41df60dbe784170faee7ebc0093845f87d1c852033f747815fd9dd05b62c8d617205d0f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 93edce51b403ccb03e9b6f3b50e3df5c |
| SHA1 | 45b4a7cbd696acb75cc8e1750b622235de07fcd1 |
| SHA256 | 3e39a268279a1ecc24cd4463d746922f38ce44cf276f94f809176377f605d513 |
| SHA512 | be84bab2755628f482786d10ee345ef073d5d140c4ee48700c4c9807a606a16fcead2a05d65193dd13cf869576ed3b21583f98085e2a1665a16d593a4afd9a0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 39f5095a1e4b3f377b39f80848588272 |
| SHA1 | 87cc857e77d2f623972dc3f00a4569c99c26350e |
| SHA256 | 1a0ef02eb491a7f77c532b1f5a069ff1a1da98aad0d14f94126234642ef7bb81 |
| SHA512 | 388cb0a674ef5f0741589b37a7f08430c79e6ee11d59ac290244d478a58c5af1daef720ab6bec270b40432f95962049a4e39e41e84b5b634bff299807204b84d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1d86fbf2515feefdcc5717c6623d601 |
| SHA1 | f3b3b3434ef664d235e7a28ed9d83bb855a72264 |
| SHA256 | d0e049ce2a75b5b49018f7316252fcb47fc022bca880d95e12109a752c174436 |
| SHA512 | 2be9f38ea7bea02d3ec49260d9e677fb86d9b3d47d988513a9cbabb3f173386634001db343c4fba7e7cf90b993d19459eebdaff8ab09e7ace07c8aba76a7da98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d42cc6f9c04a30bb82b6b0111f950cf9 |
| SHA1 | d682ff27fc8daee9e45dd0cd91cb30cb508881dc |
| SHA256 | 6f3cf9307290310a8da80f74e58c75905269b0c833417b8bcc475daa6b1506ac |
| SHA512 | bcdeb4cbe1cc3a390e75bfb988e38737639a979c7538fe8f309f7ea0a40e924c707a9e623aa7bb8755efb95192647541b25bc109b65234ed8e68d99b54e1a978 |
C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe
| MD5 | aeaf54c2095b21b5ab2c595718ca242d |
| SHA1 | ef97609ba660db5983b1d13d2b035b7d5290dc37 |
| SHA256 | 2fa976027ff20e6237d42bae0301bda755dba8a4ac519ffb59ca1684c82ca9c7 |
| SHA512 | 2a6ac0c651a181c03931626e7af48931bd8ccc57ccccad5b1ddca3672dcb418736e99f2d99ca28256f14357306a9f9d2dd2a9bff557be1309f77f5883dba7b51 |
C:\Users\Admin\AppData\Local\Temp\7zOCEF0C202\Unlock_Tool_3.4.exe:Zone.Identifier
| MD5 | 2000f61ca12ad57ca7f2c9d80561a857 |
| SHA1 | 17e22c20b121ceb855921ba699fb304b09d77b7a |
| SHA256 | 230db51a0920325900994b8fe39e69d9cff9f7c6b73671a9ba69f8819f8a31d8 |
| SHA512 | 2872388d3930acc34cf5804059787960eccba403a87d2f269d15df435dfa5240fabfda2fe643b15f40ba0608b343f779d15a04cf985120a58699da623773f369 |
memory/1148-1393-0x0000000000BA0000-0x0000000000C04000-memory.dmp
memory/1148-1395-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/1148-1398-0x0000000005780000-0x0000000005790000-memory.dmp
memory/1148-1397-0x0000000002F40000-0x0000000002F41000-memory.dmp
memory/3916-1399-0x0000000000400000-0x0000000000452000-memory.dmp
memory/1148-1402-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3916-1403-0x0000000005540000-0x0000000005AE6000-memory.dmp
memory/1148-1405-0x00000000030E0000-0x00000000050E0000-memory.dmp
memory/3916-1404-0x0000000005030000-0x00000000050C2000-memory.dmp
memory/3916-1406-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/3916-1407-0x0000000005190000-0x00000000051A0000-memory.dmp
memory/3916-1408-0x0000000005010000-0x000000000501A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tmp2787.tmp
| MD5 | 1420d30f964eac2c85b2ccfe968eebce |
| SHA1 | bdf9a6876578a3e38079c4f8cf5d6c79687ad750 |
| SHA256 | f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9 |
| SHA512 | 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8 |
memory/3916-1423-0x0000000005C70000-0x0000000005CE6000-memory.dmp
memory/3916-1424-0x00000000062E0000-0x00000000062FE000-memory.dmp
memory/3916-1427-0x0000000006C70000-0x0000000007288000-memory.dmp
memory/3916-1428-0x0000000008430000-0x000000000853A000-memory.dmp
memory/3916-1429-0x0000000006BA0000-0x0000000006BB2000-memory.dmp
memory/3916-1430-0x0000000006C00000-0x0000000006C3C000-memory.dmp
memory/3916-1431-0x00000000064B0000-0x00000000064FC000-memory.dmp
memory/3916-1439-0x0000000005190000-0x00000000051A0000-memory.dmp
memory/3916-1438-0x0000000006700000-0x0000000006766000-memory.dmp
memory/3916-1440-0x0000000009CA0000-0x0000000009CF0000-memory.dmp
memory/3916-1441-0x0000000009EC0000-0x000000000A082000-memory.dmp
memory/3916-1442-0x000000000A5C0000-0x000000000AAEC000-memory.dmp
memory/3916-1446-0x0000000074580000-0x0000000074D31000-memory.dmp
memory/1148-1447-0x00000000030E0000-0x00000000050E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e521eb4a4c2bbe4898150cf066ee0cb0 |
| SHA1 | c2b311b8b78c677b55a356b8274197fdcbae8ab5 |
| SHA256 | 1f947cf3be3f525e3039b9c363bb7d7bc0dd2b70da434149e0f0cbbc5d13dbe3 |
| SHA512 | 59e1b52a41dad2e7f36e0343e330b00bc33a7ba88f616928fd2b6cc526cac6effed76b006cb8a23ff45e85be27647114c7a8376ef3ba53d38ccb9ed4de9a5ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4113e45804b7888f88ae2a78482d0951 |
| SHA1 | 4c59bba45c65ba65aa920cbd4eb0d7ccf517a220 |
| SHA256 | 174195025b51f69ece21274cd7a97fff9f3d9a4bf57185ff3b1297bf2da6d1db |
| SHA512 | 16355c4c575a162396cf2ca377f586b3659a70e8c1708cad66b74bb3ef66cbf9ed33d9376730325d95420e5f4f558b2bdb6b5b7595b8b822eb6d2449a83c3f95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f025e47fb209c7db434e7333c4d2048 |
| SHA1 | 646e4f3143f7c3613201c1cab4e1928f1c2a8c37 |
| SHA256 | 1d52cbb42fa9a4d7ef84cacd1ae47f13e9ea89c405289b9675e4acbabe6cc9a0 |
| SHA512 | f5720d703e14e25d1944971775ffcd4e8cfd2b7c63d9f079843cf4ce4d87e4ad41cb14d17dfbabffd9fd3dcac4066527bc940800487244102110b7f25522a9e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42c93ff95bf2675c5435c34365aa4953 |
| SHA1 | 4079c334a404ee17660243170f8af91e23de01ab |
| SHA256 | cdd40434b9df42e53d14484810c1836ce4d3310fd4433bb91ac2fc861d3cdf7e |
| SHA512 | 4b02a684ae37d4d38087470d5f6f67ca4dc330f6110e016305a7e54899a756a85d839a65eec82f1c6a6f6c18da6124292160d369012325e7f8addf60101cef26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a6e182c8afd1c8d87b1f7c6f6b02b0b |
| SHA1 | 436b19a14c839acb593ac606470fcfd3b9c008e2 |
| SHA256 | 034bb885db0cc562dd02e5aa9db695a024600256d6a4485f2c6243d7b4fcf3eb |
| SHA512 | 0b5ccb5441ea99ff5bbc7549436bf80b9f4d96cbc973af3e917d741622809c9cbb427e1704f5bf124a2a0fa6864d912a066bb17229e77f2bcafd45283240c86a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 977b1e198947ec34e6b700e04661822a |
| SHA1 | 9890f7f6e9d08703ef0afc5a1ecca0b066008e12 |
| SHA256 | 1d3feb43d8b7cbb874eedbeb993d56c565da6263461f6b3af2fd5e2c9257e2b8 |
| SHA512 | c7af16c0cfe29a876db38186cdf3b492f39b4126c16c4040a7f3b420b36050129aeb7c85aec2bff7e91370b20637ea97aded2beebb3488033f4f005804372268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 159987a01cbc3f49033e5ef09f1f4ab1 |
| SHA1 | c2c48f9f5dc53d482e049704f7d486b5dc879d4b |
| SHA256 | 54b4b7d591c78d1deb8999f817cbe0e7ad9e42565d60c05a330918d28ff2ba7f |
| SHA512 | 440a23f4a14a1750b3dc44e5f7b307b3d44ac3c8b712724149d076928c96f0ab8d0d79243f0478b794144510b53c9c4a1a94ea0cd3896225af2635c8f0bdc22f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe631ea9.TMP
| MD5 | d2dc12cc98b3f9ee2c4606036945254a |
| SHA1 | f6bd91d663f41daea4ca34a967574e663b756e94 |
| SHA256 | c1f99f2e7288b8135e72d0b788c8d8d899c0c842372a7e83bc052aa237d83836 |
| SHA512 | a8e5da494d7be393a66955f94063d24596d6d2add007d1501ebe0a8bc59368d331af11152c7e925ba36b6d28e006c302a8682aeefc8e4d383812f0c5cea26e18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 0fc830d06ac3635b8f24773df1b87b2c |
| SHA1 | b9d82949f40c63ccae4395650095430bc6863cae |
| SHA256 | f996cb602fc30f7dd054c83ba995833ba398706946eab563a2d987b859fe383d |
| SHA512 | a2d7f3473cc6cc43465c2bb01c85da64dbd367868e79a76b58f2b8756fb656675ee61ab460cd023959251cef7f8cf2acdfc233b5a2137c7c08347f8175b86a72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 458b0e52553b6718714bac9ea17a0c04 |
| SHA1 | 2ae9acb353a215e83fdc9545ba69322d88c7f05e |
| SHA256 | 4607ade577e9bca84c24c79db78b6c94c88491557cd9d442956193df44242991 |
| SHA512 | 9863bd43f9c1702a4b927da29dfb3322615481da6b3193801187ba63ea0027297c7f6454a533f9bd98d5c75cfdd705a41290d6d1f559cd1cb05289b08743a2db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 471976e3dfa39b84025657d641f42cb9 |
| SHA1 | d79d1b5f328728e628f6bc065e440cc7e835703d |
| SHA256 | 1546ec37467a76b4b3a8a9714f2d66b98d91a014cebc0df1fef4fda0329912e7 |
| SHA512 | c4275ab8c412f79acb422fcf8e02469117d528b8672102f95a46eea2d992f51ad7c4b3f95715c344351191e71374af93b0f210b567d352a9ae879271b1515f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | 7935707a64566dedf3a156cb29f6c7f8 |
| SHA1 | 5b2d2f276d5325b7d28de0b01601f82140ad2f64 |
| SHA256 | 66d6de7c560116a1aa3335ea65b2cff97f1297fedd2e6af1bbe70ebc613dbe3d |
| SHA512 | 18991c88c5e54d69bd0efa6fefbfe906350adc1de8067f09a6a527e13d914bd7a19ef1c395fd3172a2f4b7638d83c32b5561a98ccf4c8fe7f33c79f8f47a35bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f31a0c6fdbcccfebbc6ea667d06d6248 |
| SHA1 | 42c4192fb1730ca8935b9707c2379cefd5d72bb1 |
| SHA256 | c99ec584c83c6e18cf3dee739015083055f71d699ccd55779c28aad6c99571f8 |
| SHA512 | 159227319a65accdad59f42e07756ecf897312624850fcbc2081bb0e818c0d9150c4926ff10a8bc229f1d7d6a0a8d007204165aefaef438e3e6d21b9320dc184 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4727ec0ceade73322e8586b3e242ebd |
| SHA1 | f68dfec915983e91e309bbba6191fac87a09c3ad |
| SHA256 | a69882a84c84865770606974a290b736ee2a8a5873fc224bbc0aa44ab1ed0112 |
| SHA512 | 12e21cdc431fe2d61ea08bcf0ef8142aa4dbea52e87f1b8df89bbd1a50279e848e4c8e629774515263e6741618aec8c93c7be3865922e0af07cd7f5f5e156fdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c6fc04ef6dae086ed12e8fdc4eb2874 |
| SHA1 | f2cc1e6ab1d0981ed0e36d6c13560be6caff44aa |
| SHA256 | b0903e303bc3ce1d43be904eb1d1d33222800cbb83d38cd71647e897be4078df |
| SHA512 | 87649b5b0260dced1d658fa7a46e4fc08b25cc50e798393b6078c2fb4646a478caece3051800b6c572cbe69b4c4c6705fbbdeec65917e13be55e4b9b0905d9db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 797452ebe05d592efb13502a43cf48eb |
| SHA1 | 9b2558649859f5fbf733a9e88e94cacb7a6fd320 |
| SHA256 | 1716f470ceb2ab4971a85979af9a8ebb8f42151dcbd402ae65a57c66dc1fb7ce |
| SHA512 | 82c894c88e69604cb976914424eb28bf30e933d5af4df84a5805e6394b997ceeaac560e4b643d8802d63e1f6378f00346319be46ab0b1f9e512bd537124af0b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3465458308805691c332ff136a0eda4 |
| SHA1 | 324aacb9e3654e3eab4c835c52de3ea38681c673 |
| SHA256 | b3a4cf9fc82a55f71195841f2b324a2baa824da7fe880b22f12dbab97c40f662 |
| SHA512 | be638d843aa602cadb2cebc1e246fa11092b436844ce6551b2ecd3a32939e9f8a03982a66329e5ee270834e1fb697bd54ecee949283682b7eb59ea3d44bec07f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 659c07011eb4028a4018d71d4ff8b450 |
| SHA1 | fe74cde83866304e35c70aa94fa30b3214e86e37 |
| SHA256 | 9135dd132e6e5db706f48a4acc519ebc5bbe6c596c3f07b467d2081e9ed71523 |
| SHA512 | dc186478e86dc6ce59d979fb233e7d825d560e20e726230cc22816bf4bc849b2302295fbd72b4d485098935a28a71ea1aa0fea6aecfface3ffb42a5a58d061ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a140ec95ea4d862eb1bf2a3b69916704 |
| SHA1 | 07ed93da5bab68f06e29c31cbc07da1f867ffb72 |
| SHA256 | 8a4dccc01fcc11ca78dd6e413b65a8aefacc832408de93ac18067db49a523804 |
| SHA512 | 957bbe335ff8285a65586db9532ce3e81a28693da362663f73a1956671de67d2baa808c1d1e8e7e0b77c0e37e1f387e6e857fc1b9e0d5148da58b09880d4fa99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5e141cb5fa642af1e49e70376a831b0f |
| SHA1 | 2751ae0223437feb5739966ff329b8a9ff388fdf |
| SHA256 | cf273c805ef2fbbad5a35deea81661bae7273a1c6bb94a3c73e781f2601e67cc |
| SHA512 | 8923e94a93a7eb3a7cbb3ff91d43c6b686fbaeecf063c4bceb2c5b3268943741819762c9a66fb7847e81b132f02598f8e308b50be186526f5ddc2fafb53d18af |