Malware Analysis Report

2024-11-13 16:14

Sample ID 240413-psbcmade64
Target dctroll.txt
SHA256 49dde0850864be9fab68a21d89d2bea3bd681663c5fe04edd9b8b7f8f69011e9
Tags
agilenet evasion ransomware trojan spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

49dde0850864be9fab68a21d89d2bea3bd681663c5fe04edd9b8b7f8f69011e9

Threat Level: Known bad

The file dctroll.txt was found to be: Known bad.

Malicious Activity Summary

agilenet evasion ransomware trojan spyware stealer upx

UAC bypass

Downloads MZ/PE file

Disables Task Manager via registry modification

Reads user/profile data of web browsers

Obfuscated with Agile.Net obfuscator

Checks computer location settings

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Looks up external IP address via web service

Sets desktop wallpaper using registry

Drops file in Program Files directory

Enumerates physical storage devices

System policy modification

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Kills process with taskkill

Suspicious use of WriteProcessMemory

Opens file in notepad (likely ransom note)

NTFS ADS

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-13 12:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-13 12:35

Reported

2024-04-13 12:46

Platform

win10-20240404-en

Max time kernel

609s

Max time network

628s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dctroll.txt

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\A064.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C2C1.tmp\eulascr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\A064.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C2C1.tmp\eulascr.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\Desktop\Wallpaper C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133574857174445412" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2060 wrote to memory of 364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2060 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dctroll.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc772f9758,0x7ffc772f9768,0x7ffc772f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7105d7688,0x7ff7105d7698,0x7ff7105d76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3604 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3032 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2964 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=892 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A064.tmp\A065.tmp\A076.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\A064.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\A064.tmp\eulascr.exe"

C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C2C1.tmp\C2C2.tmp\C2C3.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\C2C1.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\C2C1.tmp\eulascr.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 --field-trial-handle=1764,i,14384009239192206612,8101021269366279234,131072 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_windows-malware-master.zip\windows-malware-master\ILOVEYOU\LOVE-LETTER-FOR-YOU.TXT.vbs"

C:\Users\Admin\AppData\Local\Temp\Temp1_windows-malware-master.zip\windows-malware-master\SpySheriff\Install.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_windows-malware-master.zip\windows-malware-master\SpySheriff\Install.exe"

C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe

"C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\000\000.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' set FullName='UR NEXT'

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' rename 'UR NEXT'

C:\Windows\SysWOW64\shutdown.exe

shutdown /f /r /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3af6055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 e2c68.gcp.gvt2.com udp
ZA 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
US 8.8.8.8:53 64.20.35.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.48.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2060_AYJODUCYZFBSKZVC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3e7ce4941085d10798c1a60b531cc9ba
SHA1 6f6f3e7c85a4155d0820d32492309fa8b90d755a
SHA256 04384577b1e28a9173823aa2a0c265bc290fb5b29417ae9d653c9791219bb457
SHA512 c4e16c625c565f6839c8da17772d01cc5025d616d8c3f738b5ad4b4c5fed9d61101793e3d0d46280d6adf3c8867ba002b34ea4a8aaf5771a0228b4e3f3b30f9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f2542671e7a3ec545ee0e6ef00c7853
SHA1 a027a14c26cfa520b727195a082d2d436f980439
SHA256 3f9e80ebcdbfad6fc56da18f19db2b8decb9bef999aa72c9259a5e651d2fab7c
SHA512 b39fedc48e5eb575ccdc8f38f203f91d7a487cafc42fc82c27832c584b4bd01973163faf8c09122af33c3780c0ca92d535a99cddf095ca5af67a5230f5054494

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3cbf0076de7989ff55a6f4a413ab80c
SHA1 e8b413563cf144af5ccbb1ee0fb823c93887ae63
SHA256 ce941977ccb0ef8ca1a0d59e83df6e6d4d55b17491021e3052407ddf6341ea6f
SHA512 a5c116b1e2e539241b209abe6102d100be4fdff64b80e7a289786034d1adb575b79f30b281666cfb665cbf5c60961852018b4cbaaa80327432cc644809da2495

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d54f9.TMP

MD5 dafafb68f6b092ace6c605fa3b470882
SHA1 b3e4e0457d84bf64c6244cb6c15a9240bf6e0c49
SHA256 fd4167e02dbdffdfd5531fbb31fc188d7dcdaeb16637acda89c9b58fb3991e86
SHA512 7b3728a9450ba7987a176089933a990ee581db57cc0e0e93f54fcb5b4818f1f6b67cc1016f92dc54e872bd5f08ee8888b48a0fcbe5c086df1bba3f51833c58ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d58163dcc189719a9830ae0473360d59
SHA1 9d7f1b8d053b1b30c4e970242bb1bc37bad0525f
SHA256 e55c4a35917ddf2accb41409c2d684baf78901fa6beb0e3fa91c7850c70bcde2
SHA512 6a0a7444495a7859ef79044a5a22bd02149cd339a46a9e46a3d403c731007af48d876c67bf483a5eb35e7382c0ee71c9f810b3b2c0c0d9eefb0cf72cc7c9bc3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72f7f87f2beddce5352cdc4dff40a1b0
SHA1 10678b5d8c104d28f7ae177f93d6a98a853cd6fc
SHA256 dc3fdab00ebdbe9620b4df45777069cb2cfb403cccdd4380a37bd143eb47aced
SHA512 fd1d50447ab0597ca1cfd2b656bbb5c1e4bad9fdb8ebf6249c7a54bb140541b673ef1a53902a0577e5fa4da280be4edac0b930ca11027bca4c677a8cf5743ed6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f57a75c9aabfc544cc41df57b099d9a5
SHA1 7b214d5d2decb14b42ed97302e7687c12a05116e
SHA256 2c587e96b662cb47fb5fc68b3a1c7444885213df3e6d4522b57693222ee51692
SHA512 3a8227680123d255434a4dd976251642b7871179b5d40bade58df0cedb495785c0f342e03d900c03cc094987e7a52e4efb7503d508cef70af4ab2fca6b6b24c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f311269ec39db908f5b028397cb00bc
SHA1 d48777394773ab7329f6bf56f7ad9f58c72c69c4
SHA256 074bab3b6df2aa9644b566a941cffb4bcc7c1cdf680dfab614dc693273dd90cc
SHA512 d3ba252874bd6e147899328e0a1094bce54669d6f51b25cf25b0719e9b1ddf953872f849c24beeb4cba2652b5c985cc36c5eb2ffcfad165707aae41c834b2743

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbaf5941fa748795dd9f9dd35e40cd4d
SHA1 665fba373ef684cd5dddf015cd083f09256c5e13
SHA256 2cd9783098f2495f10247dd1b20d08b0ff0c75b1b738be782fad4116c9a9d7ff
SHA512 70df01a131842612338ea9bdbb97baff09ca09272c2e6b959d0a0838c4734f4877865430bc1a526340668827c0d551cef81707db59222bdc597f6eaaa3ec5d51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2c01b830-e9cc-416d-b2e5-45d443ebba09.tmp

MD5 dbc7183893dcd8e95fff285d61e28224
SHA1 d266229fb4262bbe097873acbace4714d004fb8e
SHA256 d77d8d818000ccb0ab97bd833911db29c366df73d3d8051dae973e52eebc5eb5
SHA512 aeee5438bc05c14e78e12282d90dc472a00756875fd6e75296ff319e885a3163e016c3b56ff3ae0d1249f54e4f535f4f303b4e828c22205e323c579e77dd0dd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b9bceec9974687a48cae0397d8549d6d
SHA1 c12b03e3e7b447fb0aec0d785c25e72ebecfdc9d
SHA256 2f5a50df612aa1fbb791c16c7a89a8bf5d94d3f037836fc110fdc7142242eb86
SHA512 3bd5080a73a334263b332007c605c0145de5815f169983c0ebe9a91a412a423a67238d41d58ebc7b6f69c1ebc608000f9cc131e0c35e557a43f17db951e774b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e45b2.TMP

MD5 7070ba0ffe553317686ad0499981910a
SHA1 a9727d06ce9311e93794b085053e5ae8c3efa4fb
SHA256 85b36bf6e7fc6bb9123b23556a352d2b02bc3bffdee70d02221b346549c04b76
SHA512 5b3492e5029e21a40857e8bcbec8a32c46601bf0f70a8da986d32fdb41d0b4deb957532ee385c6d4d626bcf2c2c1188d808b4813b0d6f5db46d401a847c52f48

C:\Users\Admin\AppData\Local\Temp\A064.tmp\A065.tmp\A076.vbs

MD5 3b8696ecbb737aad2a763c4eaf62c247
SHA1 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5
SHA256 ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569
SHA512 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb

C:\Users\Admin\AppData\Local\Temp\A064.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

memory/1760-372-0x0000000000B60000-0x0000000000B8A000-memory.dmp

\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/1760-379-0x00007FFC65240000-0x00007FFC6536C000-memory.dmp

memory/1760-380-0x00007FFC64480000-0x00007FFC64E6C000-memory.dmp

memory/1760-381-0x0000000001360000-0x0000000001370000-memory.dmp

memory/1760-382-0x0000000001360000-0x0000000001370000-memory.dmp

memory/1760-383-0x000000001DC50000-0x000000001DE12000-memory.dmp

memory/1760-384-0x000000001E350000-0x000000001E876000-memory.dmp

memory/1760-386-0x00007FFC64480000-0x00007FFC64E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log

MD5 0d24376e070853aeb373fb4efcd9c886
SHA1 5ed08b221c85e2cfcb883f06d9c7151ff81621b9
SHA256 582035d3b58f4c14d8951b45ee83a8843b93bb41c8a77fbc5a092ca116366fc7
SHA512 8d02310103958963d2e9a08b39e31048731fc385c0a66598ae4b35cc3131124092443601473e0632361eb3dcf8aa260c5e4a5b8ffc08a112970dc4619506cede

memory/4180-399-0x00007FFC64480000-0x00007FFC64E6C000-memory.dmp

memory/4180-398-0x00007FFC65240000-0x00007FFC6536C000-memory.dmp

memory/4180-400-0x0000000001150000-0x0000000001160000-memory.dmp

memory/4180-401-0x0000000001150000-0x0000000001160000-memory.dmp

memory/4180-405-0x00007FFC64480000-0x00007FFC64E6C000-memory.dmp

memory/3324-406-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3324-407-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3324-408-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2b5e4afb8f871e862e1dd37b51fd9c0f
SHA1 1e956cb2231a0a384ec370d165e0f570bcb0baf4
SHA256 c169f9781cb7ec8a86139c7229ff1084297dbcfff3acedbbd8d62852c8458dbe
SHA512 93499466c475d8734bbe2846d1580dcf9f7ebf09a8f45e0cd337eb18157b3c877a3ddcdd076d230853513fe63af1b496c43fd87739a55561d1bae7efc64f5e86

memory/4616-418-0x0000000074040000-0x000000007472E000-memory.dmp

memory/4616-419-0x0000000000370000-0x0000000000A1E000-memory.dmp

memory/4616-420-0x0000000005930000-0x0000000005E2E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\windl.bat

MD5 a9401e260d9856d1134692759d636e92
SHA1 4141d3c60173741e14f36dfe41588bb2716d2867
SHA256 b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA512 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/4616-438-0x000000000BB70000-0x000000000BBA8000-memory.dmp

memory/4616-441-0x000000000BB60000-0x000000000BB70000-memory.dmp

memory/4616-443-0x000000000BB60000-0x000000000BB70000-memory.dmp

memory/4616-442-0x000000000BB60000-0x000000000BB70000-memory.dmp

memory/4616-445-0x000000000BB60000-0x000000000BB70000-memory.dmp

memory/4616-446-0x000000000BB60000-0x000000000BB70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rniw.exe

MD5 9232120b6ff11d48a90069b25aa30abc
SHA1 97bb45f4076083fca037eee15d001fd284e53e47
SHA256 70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512 b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

memory/4616-450-0x000000000BC20000-0x000000000BC30000-memory.dmp

memory/4616-452-0x000000000BC20000-0x000000000BC30000-memory.dmp

memory/4616-454-0x000000000BB60000-0x000000000BB70000-memory.dmp

memory/4616-457-0x000000000BB60000-0x000000000BB70000-memory.dmp

memory/4616-456-0x000000000BC20000-0x000000000BC30000-memory.dmp

memory/4616-458-0x000000000BC20000-0x000000000BC30000-memory.dmp

memory/4616-453-0x000000000BB60000-0x000000000BB70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 1eb268279c8be97c6e9f4d6ddea29899
SHA1 b92e5e2e0ee1c4aff19f1af4538b140803ea9c2f
SHA256 1387de3ee53e9674926e34a553701c204a8e3b2bb759c6f305f5d17dfcc38f70
SHA512 8d290c3d5368e34399986241bbebd2490bc2ff427d2292b15b9723ad2e23fca2b2976a8b6ea764a6a9e1faafcdb433beda2415c7d3e8413f5333523a712e2c3f

C:\Users\Admin\AppData\Local\Temp\text.txt

MD5 9037ebf0a18a1c17537832bc73739109
SHA1 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA256 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA512 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

C:\Users\Admin\AppData\Local\Temp\one.rtf

MD5 6fbd6ce25307749d6e0a66ebbc0264e7
SHA1 faee71e2eac4c03b96aabecde91336a6510fff60
SHA256 e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA512 35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

memory/4616-1277-0x0000000074040000-0x000000007472E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8f4e072f92e88bc3b4cbb5039eb5283
SHA1 29e1b8d2609ea468572c64b952ffd0aca2d6371b
SHA256 9be187c96ec4f08ff64c736e2cd9502d4ccc5248534e7c21ce1acd4ba9d5bbf9
SHA512 a2821baf319a0269605f89146dc1a166538fee1a8faccbee6eb4c6679134f236b6fd6b336a98ba6cf4d813047d78f19f2e58ba067df24524da7f03f8b2177ec9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4995f3226a2a5d9286ca6237b5b1800c
SHA1 7d8a0622b9abceab57728a3880f4ffef380da5ef
SHA256 7af7e12f1a9b35ae7a6533eb69a094b1651a43b10f91a5be1b8d64c9eb62a8a0
SHA512 0748318745e837e29352141b3e381dbf5a55647f430e678cdd74047c949da1e44b5f4875be668200192fd2624fc38952159f406adb3929952e77eb328769b7a9

memory/4616-1306-0x0000000074040000-0x000000007472E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-13 12:35

Reported

2024-04-13 13:05

Platform

win10v2004-20240412-en

Max time kernel

1799s

Max time network

1785s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dctroll.txt

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ExLoader_Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ExLoader_Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ExLoader_Installer.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\OperaGXSetup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\audio\fortnite_hover.wav C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\crab.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\zlib.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\logo.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\ghost.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-console-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\playback.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\refresh.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\date-calendar.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\gear.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\auto-delete.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\api-ms-win-crt-runtime-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\schoolday.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\close.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\libglesv2.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\audio\steam_hover.wav C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\loveday.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\images\cloud.png C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-synch-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\tastyfoodday.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\warcraft.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\description-blank.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\tick.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\christmas-tree.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\shrimp.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unverified.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\christmas-tree.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\store.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\calendar.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trash.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-processenvironment-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-util-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-crt-process-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\halo.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\halloween.ico C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\geo.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\swords.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\audio\csgo_hover.wav C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\fun.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\sort-ascending-reflected.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-sysinfo-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\fonts\materialicons-regular.otf C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\anime.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\keyboard-properties.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-crt-process-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-eventing-provider-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\heart.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unsafe-shield.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-fibers-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-processthreads-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\neuronet.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\plus.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\images\fabric_third.png C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\installer_logo.ico C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\pause.svg C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-interlocked-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\vcruntime140d.dll C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\victoryday.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\summer.ico C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trash-can.svg C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-file-l2-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133574854268205459" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4636 wrote to memory of 5108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 5108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 4164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 4164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4636 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dctroll.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa48d3ab58,0x7ffa48d3ab68,0x7ffa48d3ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4604 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4152 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5044 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3120 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2824 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3308 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3028 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3524 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4148 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5084 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4808 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5320 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4708 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4784 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5848 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\Downloads\OperaGXSetup.exe

C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.86 --initial-client-data=0x30c,0x310,0x314,0x2e8,0x318,0x755a626c,0x755a6278,0x755a6284

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2652 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5808 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:8

C:\Users\Admin\Downloads\ExLoader_Installer.exe

"C:\Users\Admin\Downloads\ExLoader_Installer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4256 --field-trial-handle=1872,i,342246756140965622,13788330095831784708,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ExLoader_Installer.exe

"C:\Users\Admin\Downloads\ExLoader_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"

C:\Users\Admin\Downloads\ExLoader_Installer.exe

"C:\Users\Admin\Downloads\ExLoader_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\ExLoader_Installer.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"

C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\ExLoader_Installer.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 en.exloader.net udp
GB 172.217.169.14:443 www.youtube.com tcp
US 172.67.210.30:443 en.exloader.net tcp
US 172.67.210.30:443 en.exloader.net tcp
GB 216.58.212.246:443 i.ytimg.com udp
US 172.67.210.30:443 en.exloader.net udp
US 8.8.8.8:53 data.exloader.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 mc.yandex.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rdce.me udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 172.67.165.195:443 rdce.me tcp
US 172.67.165.195:443 rdce.me tcp
US 172.67.165.195:443 rdce.me udp
US 8.8.8.8:53 www.iplocate.io udp
US 104.26.10.85:443 www.iplocate.io tcp
US 8.8.8.8:53 195.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 api.hostip.info udp
US 104.21.1.110:443 api.hostip.info tcp
US 8.8.8.8:53 110.1.21.104.in-addr.arpa udp
US 8.8.8.8:53 sgkaa.com udp
DE 185.26.99.58:443 sgkaa.com tcp
DE 185.26.99.58:443 sgkaa.com tcp
US 8.8.8.8:53 www.getgx.net udp
US 34.195.4.83:443 www.getgx.net tcp
US 8.8.8.8:53 58.99.26.185.in-addr.arpa udp
US 8.8.8.8:53 83.4.195.34.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
DE 18.195.175.1:443 www.opera.com tcp
DE 18.195.175.1:443 www.opera.com tcp
US 8.8.8.8:53 1.175.195.18.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.200.46:443 www.googleoptimize.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.66.68.104.in-addr.arpa udp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
DE 185.26.99.58:443 sgkaa.com tcp
DE 185.26.99.58:443 sgkaa.com tcp
DE 18.195.175.1:443 www.opera.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 net.geo.opera.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 2.17.251.25:443 snap.licdn.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 18.172.89.28:443 static.hotjar.com tcp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 25.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 28.89.172.18.in-addr.arpa udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 alb.reddit.com udp
GB 163.70.151.21:443 connect.facebook.net udp
US 151.101.1.140:443 alb.reddit.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 script.hotjar.com udp
GB 54.230.10.12:443 script.hotjar.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.180.2:443 ade.googlesyndication.com tcp
GB 142.250.180.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 12.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 bat.bing.com udp
DE 18.195.175.1:443 www.opera.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 11199305.fls.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 172.217.169.38:443 11199305.fls.doubleclick.net tcp
US 216.239.38.181:443 analytics.google.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 172.217.169.38:443 11199305.fls.doubleclick.net udp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.111:443 features.opera-api2.com tcp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 config.gx.games udp
US 104.18.8.172:443 config.gx.games tcp
US 8.8.8.8:53 172.8.18.104.in-addr.arpa udp
US 104.21.16.53:443 data.exloader.net udp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.122:443 download.opera.com tcp
US 8.8.8.8:53 53.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 122.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.48.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
US 192.178.48.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 e2c16.gcp.gvt2.com udp
GB 142.250.200.14:443 google.com udp
DE 34.89.141.94:443 e2c16.gcp.gvt2.com tcp
US 8.8.8.8:53 94.141.89.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 meteum.ai udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 meteum.ai udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
NL 23.62.61.113:443 www.bing.com tcp
RU 213.180.193.146:443 meteum.ai tcp
NL 23.62.61.152:443 www.bing.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
RU 213.180.193.146:443 meteum.ai tcp
RU 213.180.193.146:443 meteum.ai tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 146.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 data.exloader.net udp
US 8.8.8.8:53 data.exloader.net udp
US 172.67.210.30:443 data.exloader.net tcp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
GB 142.250.178.4:443 www.google.com tcp
RU 213.180.193.146:443 meteum.ai tcp
IE 212.82.100.137:443 search.yahoo.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.56:443 www.bing.com tcp
RU 213.180.193.146:443 meteum.ai tcp
RU 213.180.193.146:80 meteum.ai tcp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 172.67.210.30:443 data.exloader.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 192.178.48.227:443 beacons.gvt2.com udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 api.ipify.org udp
US 192.178.48.227:443 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

\??\pipe\crashpad_4636_BPOFUSECYRCYZZUZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a0065b9148f54bd7ecf2ad1516d3bb9c
SHA1 8d39957001a54571ee13dad3bdc1a48963279730
SHA256 a5193016eb8a6b2ad4b440f63e81e888ffcfc3258afe50b7eb62ff3522153f1a
SHA512 e9aacc4d3b246d3669348784f932436c16c61c70225eea292bc62bd5e8224247aab4db4f5aec3aa4cfe2dc3f3867d7a498c8a5cb79fb4a4eb57ff4086ee376b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2fba165e344070273bfdce99ec1d6a2
SHA1 0c179903d8099b671d5a07d0e5c77690a3639400
SHA256 8d0fd033358ce3303869fb6c857a8b078f52d9aae2beb2e87e16b3b7384d589b
SHA512 cbd4fdff561cc0efc2c1f78424f41425cf132c07faa5af9b62e797c54e22b087903889ec935477662730b423ddf4cc439d4b16042701011a7bd0ef2328a72182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 922ffd80a3309bcc077137383d4720c4
SHA1 16c70d7b7a9a049f16579d6bdc3d0aa54a132275
SHA256 dc547c2cc6f8c6923054cf8f6ff0017f6fd47c78a976bc356c078a81ac1466f8
SHA512 41497ae66556d7f7e49aa3dfca1c29761ccc00aba25d617805a7403f343577bc96b6d24453d8d299bcc5185fe0c56ba0df7cebdc87b374afe73d9e43dd7ea743

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b26620437ea62ce9ea1de7d56ba4485a
SHA1 ee2c243106bbd07467a16694ac53d56fbf07ed71
SHA256 fdd554f3d91343b8f7f11fcc86831a1d4290d4709b79ff5de3728e8dcdffb876
SHA512 a34065ccaf2bd11ae939e369489094d162f1b42035570d0a27553019762556ebf36a5fb8ac30ea012d24d1089fe991a7fa6a93c10841251b696b42ccf491e3b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a0b2ccc80fb74af7faa4e666c474c84
SHA1 a92caf8f47fd9425f5834cc1615c3f8ab920ac82
SHA256 41ffb4c6fe083cbc70aef960e805f136d7b5a8236d9b7f54e92f59084be087a2
SHA512 00ab58cdf2c9a960d74960e668965a9d784ab49c04e56fe0ef69cfc07b987357503f008be1b3db185aff27ba249b56ed59d25c66223ea32423da7dc064b2d39e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d4811e186cf8f50ace52b1f65e289509
SHA1 18c8b3d01fc033361431b5ca7048239e6ddca60b
SHA256 43818fa03f395ebb977d7f1f8737a8e9f5144284f605e15e34f97b8e358a9ee1
SHA512 e836f4a857840e8128cee15046fb9fd31d6ace82b39e1112c5414e000d48b372c7075426ce5399f9b26e33e896ee71a5b960994a61045c016deb2ef3ca497ca9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d3349a596ca7d54f25209a2acff38639
SHA1 5d390f8e582cdd9f77c8d14a827ffa6eb6b2b873
SHA256 5fcffc57984f121d4451482e528ba1bae52d163d430406b5596bd93087364578
SHA512 276f120ff58fe047beb880fc82277308d79b0ce05ad423a520a474afa7d017fb1de03ba33699135c881f292d5df1b4a78ee2da4be95f217215860aae34bf12e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 cb58bc5a62cd2ca12b3e6bee1fe1ddf1
SHA1 7431ba045e550560f975e8b76c70776ce91d7138
SHA256 d23826f9dfcbb3d35ca5f085d2890103e9aa8a5d177c1044f03060e50a1195b1
SHA512 b876eba9575b50d2a12730e4000396f55d23ec5a00f8d1a2707670bef68ac8f53d8e9fbd64fd40415b1d08aae9c75ea3d5181fd77b041cdc9de2c880bc3f1d7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ff1c.TMP

MD5 45b6a6eed2417295c1bdcd5c37b2ecaa
SHA1 7ff809d73c906cf6d7ada0a467af484425b1ee34
SHA256 ad370d850d5cd59f7b78cea538522b8978af4f2b0da25a518c8e9a604eac57b9
SHA512 4847a0149cfc9a96d14fda0b92be1517890908b7e667025b06e89604962ff77f1775952fcb85c4b4192cf16f48ea3dcfef22261c41dfe561d5facc631e5679ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 45b9d3fbc7c4a3ce2808b0b1acbcd7d8
SHA1 c1b489d17acdbf38a6985a8645b15657e18d96ed
SHA256 8aaa55266383b450c539ccd9fc4cd78954ffc5e392dca8577f36f71aafee8df1
SHA512 26ddc810d99b16148f2520f72179131b6d9d3a49c2028afda0c1d31ecfaae2534ceaf0b07ddb6acce0d5340f8eb1c3d531c7d9cbc58360ce98c291260909dc29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c01867291ae4bb1daf38696a92d6d31
SHA1 f937f1b2d257d258a1f2a44a1cb2704f33a67ad2
SHA256 ad75ab45c70519f651f442881394f74648ada3edb8f6d28085d1069686447692
SHA512 802a818e2ab876a55030594441f14206e4453e04c18e544d7217e2cf5fcf07e7ec8825ee3165db45eeb8936ac337a73ab5b8c301e4606027865f11958a6718eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fb1901e38b12f9e5fda2c64faedc821
SHA1 4be91d6ce6f2328b46dd947441e0b9a1c0d1f337
SHA256 9338b53ef56b8e1c67a8ff09cb79dc2dfb4634e1cd450a36b074633f972eaffb
SHA512 0c98899e0526fa084cff096eac23f88e97a621bf16808289cd9f7cb6b1f9e87967b13af5aeeb06b099e64d43a44e0893888d28e7239a921df4393b9f21d94606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb2af6b3f31398f2b79fab550081f93e
SHA1 2baa3edf2ecc734c4fe40ec599e89e41371f64d5
SHA256 3339bffed6cb696800a8f2d5875fc4013656b211d97b3cbd39fbffb0c15a825d
SHA512 d2935825003f214f2a30473eb03de1a598d2b302e93111fa624b6bcc15690f86149744f8ae59a3e7870fe187fb9a845271add027a9cb9f11f2915557e8e18716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bee7359a8d9f488ea534bc6ba533fd39
SHA1 977a0959263e9b8a5c831a4a059e90cca56c982f
SHA256 b91af624fa64d45868811e92af8eee249dc0c1882a8bb8e6ab5636a0e1f2cbe8
SHA512 14e9667ee10ffeff36bffcfae446b54305a231802ce4b84a1512f063d05169aed4bfd5309c0c70f40d12489a2581b21e2f92d1a2f554784a5e27830e9511c7fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 84ba09022cd998edd840f1ea0c048bc8
SHA1 57205a000b570a5bf05be96e7c408f3e178f41e7
SHA256 6016e7a3797a8d7671bb1f62d2d74940a2604d9af045f603e677d81ed76e0adf
SHA512 3b966625eeb76ab770d9f068f8a755f8e14e1da8209eed0b6e4128fd698f650ad48430a84ff568aa7d08a61325ade6d8c2ad4de1c4ff8cf31646b6b84ff70930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 c88c736bd983762d3f8505020e7b0e6c
SHA1 3f12eba1675e2505b496f997ad20f370430a65a0
SHA256 c8ac4d2b8c9a2e1200cec16434e987d0b4f49a8290229a198965c7df487c7cff
SHA512 dd82b832171169f45e954f0145558a29eb7192602e8a025980f7e9f17be32f086c2adfcf79bbbf6a416efd1fa27e9c8715f3b106b1cef025384105aae23c5dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\559db61c-7601-4d3b-a6ba-da11f815e1b2.tmp

MD5 b73d4299be5f26a7d437e41d9499d31b
SHA1 93e8ddf09dc1619c688d278b7415fc5ea09fd8ae
SHA256 4224d83e2c91de356205fe5a46501efec8a4105f79da9e0533bc3146eb6d3fa7
SHA512 b58cfc17657074d55ad2a7d4023d221a4d198ca6368f492acab1a16c47aa9ae829fc42d4fb6743db6110904465f1c213621f641c546da3dbb800e2d6056b81e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c35b91217eef7d4ba0f2f65aab8a79de
SHA1 7fbaa56b2e651f9eadf0f0bde6782d107970d7d7
SHA256 718947e01f7158b9a0dc1850c3fb572700eb27590a0f2fde3d7f11069ce40b1c
SHA512 396e7ce143fd5e192eaeff3880e94c99f042eb75bd1951c587d06b5d5488dd8a9e4a135e1321e8308556ab5b1827223cbd3df5d43a32cd03a407e8463ceb3b33

C:\Users\Admin\Downloads\OperaGXSetup.exe

MD5 31511244b16e859bbda5d34a5970e8e3
SHA1 3b89b45f83b0d9b669bac3fb040e72a1bba55c82
SHA256 67705f84b885c47ac028fe353c463da668ec5f9a1207d1c792363f266f71fb51
SHA512 05f5fe69cd2d2fea4f3fdc0c91a71c5c2122a8414d4cdf35863219895beb39bac44e8b7f0897677eeb9df83b9a420d08ed2e927601dd3660da2446e7c4c6f655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fbdae75c8c508c7efd05332dfc386aeb
SHA1 8cde178b767f4b3ba04be6293be51d07a5aa75b9
SHA256 108268895ca2b53693f91df35bad18876b60b51265fa5e35a92a026c974868d6
SHA512 83ca13862c08074ce8fa0338a448bdc6789d6f8e57ebb59b30e1861817d58304386edda8c0de0f0375b8e84556fa96fbf5dcee77a56e6be9aee873fe83652ac9

memory/4172-565-0x00000000001B0000-0x0000000000770000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9559a824285c43c73e0da876ac06f20c
SHA1 8c82b3f8afc3fa0e245a3d6720cb5f554346e497
SHA256 d75bd6deecaa51c035a6b5ff6d0c42f5215c709c20184798b0e143e76ca5661d
SHA512 364fbc51c97dbc653e1a053b7d4ffe4f311ed5880ad509b0386cb3bee31c4c98c4f11fa5f6e0bd0cfc56e3f140707df67fe71ed4dd79fa4893d068d64ee48461

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404131238176184172.dll

MD5 7c4c89e7a2b29a8fc7c24fd158761f5f
SHA1 f05bddcb3df1811d104939192510d7afce5bf9b1
SHA256 b2b0b0372fea8c706860f531099234dd2e90a5648adba0e540cb1eeba6ea0d99
SHA512 135bea3366b56f78d78d71969f8ae09fca130339e8989480c29b9970e35c9ed81bccb0a26e68fa572d254d2434f10c28e200baf2044248378724fd471483cd0c

memory/4156-596-0x0000000000BF0000-0x00000000011B0000-memory.dmp

memory/4156-597-0x0000000000BF0000-0x00000000011B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91128ff1e71292b6c8fb4d2cd5e14e8a
SHA1 c658c6d94688493574b5955976a1f420aa27b91f
SHA256 bca713c87735cc2cafb6bbf43d8fadb1ae1b8e27d8dc4e710f030a03519c213d
SHA512 0f94816a5a08d74536f9f6e65ce8d6de0ec027e9c5085e07c131a2643201f8edb8fe61b3a360672eb8353bf2b6e769085cb72055f399e55a91a574cd3f5e0c3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5cdf8531c8a6323693a705c6aee39e9f
SHA1 0d5e9ff7cef57b9cb2b8124741a4048e4595578b
SHA256 7b59ce264389f86d54ad3267e8bc2f40ba013e003e8f5d2cc3c456cdee4ef699
SHA512 2e1ca6354255c9f457e6b75c39808a3cbdd2a09ef52067ef5de6ec685bad32c9c53f249c8128313ae7ec0cfb8f4bfd1a2f060cd440eb521d2665b3f63cd966a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9c002623bd5cf9bb861d7e9f83ad8e1
SHA1 37c89b83bc36a8cc278ddebdff240b79cb84227a
SHA256 7aa3364831f1c24c12fed85a933a3d0f82863860658d66c45611c4a37acc364e
SHA512 bfdac2ed5ffcd52aeaac3b5a99e6f93bc20aeccb272ee0abe233f797972b9ae733d957313e72c817c55cc920904a30b55747d53ff613f8399e2813d3e2a8f6a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1df5458bd584cc53be3d86522362e9fb
SHA1 e44da297be4aa1373a8b828c06fa34481ab52d36
SHA256 30b5b6404f41aa1642a10e7b2e8e2fee4b5aa1006f137ea888e59c30d3d9337b
SHA512 87ef8104b23c0c235db389272b48977da5024cfa209fbc07bf3823068fa4ad8af2d867330261f80168fc31e55b0f1931aae450ed606633c9c5958aeff6cba813

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 36aec448e62538cb47882093fa815238
SHA1 d115bc605774a3de3cb50d40f2abf206487209a2
SHA256 6c7fcc1035a65712e59e993ddd8422eb15eaec9e238521d65ac214cd194e3b0c
SHA512 d17bacbb1157461866dadb644f36f5091d1d07e73cf0416ad4717e41cb2d988c35c355e0708d2aec174aaab71c09958467d631d92803785a80d357d2ea05e092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3109f27c0058e77036b94649fe31f37
SHA1 0c312312354649803eb62898d9cb753d124007d3
SHA256 ce46be12b18b14b989887daa7a830377059364529101622f02962bafdafc0385
SHA512 5e0c121090addde630d77769e746153f259ebe35dedbc51614b0bb1a980ac5d94364bb706add8f18ef68e1cc9dbea8eb7875b37604182bb37888dd737394039f

C:\Users\Admin\Downloads\Unconfirmed 879175.crdownload

MD5 650a1cce61876f1a3739e398c720893f
SHA1 377998a6fb0d5ff55cec8a015cd7c7cf10f555d3
SHA256 8ed9a032b5f21c4b12bb76dd191e08af6943083c0619fdb07a8e2fff2c2bae03
SHA512 495306321bafc3d85bce9978423828e24d0e71a82d08833cc2b566af5f78a550e72d1962890bc5fb252ef44f103b8fbc6ad90490607d797ea6376ae37e0a7f20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2de3c7aded560ff2855ff987046dd75f
SHA1 35c819c3274863894d3d73944bba856a43b8c72f
SHA256 67dde762087fcadf991a7022fef0fdd175dbdbbc87f144bc6e71e663e7f127a2
SHA512 277217d6ee25a4f2ce3958e7692a10f30fe0a601d670195cbf7d8307be91a426bd834f1ff5aeccc52766a963436c36cdadb624b5bf9209bfb6ae36d94bb6076a

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202404131238201\opera_package

MD5 51925d4ccf835cfc01fc4128e16aae03
SHA1 2e29709468adb5399c91da7c65c2999ff1e136e9
SHA256 4bc959418d2a311e7fe50db799145d65382a7697230f9d343f3ae23f6526a91d
SHA512 a23cd3e8ddb059c898ccde02e3fb56f9767d989b96c207594d9a437964fd35a4f3ec7c68923ea669f206d3d13f9668b3970e9e6784e92e3a4beef10707267b32

memory/4172-1034-0x00000000001B0000-0x0000000000770000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 75f564e82b7257b770468bc99f68f6e2
SHA1 8bb71beb41f44831806b6a357e512d89e3092719
SHA256 9b430b783a932ec4a4a02dd0437384585c8bff639340d36c67ce5671e9a8f914
SHA512 64d71e482e726da872692301242def27800b2bda660eb7284ca45c21447b9f4fa71ad660af8655b021c1d329e3b85f8055841ce6cbdcac360363bf11e4d6af98

memory/256-1247-0x00000000001B0000-0x0000000000770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

MD5 95fd1f57da049790723c6011a8bcf9d4
SHA1 16a1dfd3dd92cdc8a80cd68aa66622a90d41846f
SHA256 5a9fe17d41938d555a4c3e53cdc38cde79ce54a6aced83ff65eb7628e353c49c
SHA512 da590979b848a7a59dc682fc97f39d6cd6f5defe55222c3e6b4fe0eba9dfae1cb943deedea294691fd9bf8bb03b62627e5961064f9a7d17f9acb4d3c2d744fc4

C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

MD5 eb49c1d33b41eb49dfed58aafa9b9a8f
SHA1 61786eb9f3f996d85a5f5eea4c555093dd0daab6
SHA256 6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e
SHA512 d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

MD5 e9b690fbe5c4b96871214379659dd928
SHA1 c199a4beac341abc218257080b741ada0fadecaf
SHA256 a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8
SHA512 00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

MD5 c3d497b0afef4bd7e09c7559e1c75b05
SHA1 295998a6455cc230da9517408f59569ea4ed7b02
SHA256 1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98
SHA512 d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

MD5 9cc0d19cf87a7ad0eb1064d40042812b
SHA1 81caa7d244a07f79947f7d35c61816f31bb7b147
SHA256 8d40c3ee7110217470a322ce85bbfb5aeda2ec123b057265c4f26da2f679ab1c
SHA512 0bc448545372bf841ffe0a49f5cd3b18e88d0cffe849bedb67bc8c500ede61c9c230aec44d4ff478abe4403ed06d978f0e82ec637f1afd5c80e6aaf40c0d3f1b

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

MD5 9dd98b582f7c7abdb502ce89aa182b58
SHA1 c19a63f37f8628c01fafdf905fe7cdfeaaf114f4
SHA256 f86e82b9475317faeac418a8aba9ea8432cb0253956b30ed92005043d6c3b3fb
SHA512 e5d113a7e9a604a0e89101bb746c31a996806a1f51d9bd111fba30f7673c5b2f439b3b4493454bc9799788d871719a3c11d7a65f594714d1ee6dbfbebf11e9f4

memory/2788-1634-0x0000018E8F570000-0x0000018E8F571000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\AssetManifest.json

MD5 511926b8c0a27515c0a2515152258792
SHA1 d18ee89347171dce996f8d461a88393dbc81d5f9
SHA256 9030e43e61f99677525615aae8832b5fdb61133fb3b748890c18716a23ba1afb
SHA512 bc29b003b674456428ba6e7b6e06d37616975c336f0efd83ac7cca322caf8aeedaa7fa5c6bb5352289ce40d2672eb29a487e1895097f9439604d35f094d696bd

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\AbominationPissed_DE.wav

MD5 b287fcc8278972ff72b8e46b481c4ab7
SHA1 71a91ebbcfb6debe7673a0b59079c5e90cb2ede3
SHA256 c87cb5c9c64b5798769af14563e268080ed82c7c8a1958f6fa1c1b5e7f10d2e2
SHA512 746f5d9232a06b5a415391dcc191902c7ec12465a22551342823da5880a16e9b9cb44da7052638fd0f5a2211ba8b97be6d835f5931bf34eb4fb1b96c6c529c40

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\CSGO_press.wav

MD5 5cf6f422f37b61b16f732e177c4a67ce
SHA1 3e227d262159caefd259921cdb888872ffeb8989
SHA256 880cc2be6f458bf853dba78caf06bd2b97bc4b06fea141599db74e95bbd59528
SHA512 b05219e87e9117195b3fb17a1075f4ef0c126de333618f1b87ef75813f3c6db40647ec53777d101bf1fafec99e275a8e9d048aeab5715b16e0ae2ec2f1293d1a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\Standard_hover.wav

MD5 be6cc8afdd2ca2870982a0933cd9c8b6
SHA1 e3d9f678ecec58223e2d60636cbdcaf1b5d6d01c
SHA256 46d6ccfff99264aac49bf4545b0ceb9cca2a9ee5a60d13b7017161e481440189
SHA512 b58b789db7e6d65be7e5963387f7a8e095a2fd73d43400a6ed3c186babb880e541effa1f6265d4f89b8ebb7ebcff080dca656862cb19a5cdb67a5197c9fe6888

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\Fortnite_press.wav

MD5 17112a672b04374113400b1c3c6a014e
SHA1 5214a72c0527fa73d25ce810f759cba05739b34a
SHA256 e0ecb5e92f1e13de05850d1f3894a54988e5f2c7eeded390f9040d2845aa4404
SHA512 e319aa4852835b3d039dd63db981f197bdce301710a20fe7719b7fcacad152067f5033a846f0b556385b6f84364e66af5edbd4a6f39fa2d751ed0437e314dc6b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\Fortnite_hover.wav

MD5 b66b7d55b6eeb2ff344a1af41e42a27f
SHA1 fa6d73d1a35e6098748997cd8c259b4df00d1f9f
SHA256 3e3abb7e29d38fa4b0261ac78427633e8bf6ddf3708de5a45bbdddc2a9f4aa6b
SHA512 3bbde1d2426cc02fc2f034ff9276a23f2060a385b4fb4f6e17ff1b91b6ce904e807e9151c61b9133de3f5218a4dfdd8d0cdece9c2c165186acb92abe51f4b97d

memory/2788-1649-0x0000018E92FD0000-0x0000018E93DA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\CSGO_hover.wav

MD5 8d6e22bde35607fe3801e02fdb12b022
SHA1 9bfc38b58bca7b17e48a864ca2e0b312c86b146e
SHA256 aaa3f0f824d04ce5e93d1da17873d3aeb3c4d3a8fee25b7006851e4089bfadfc
SHA512 5623151380eb43a2191c639c940473114e47a579dd65970934ade8965ffe76e4b7018fa008e6412db91fcce6bc89aad9e3a4358e824f5caf0021ea58ab19c49b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\AbominationPissed_RU.wav

MD5 5c4c79ff61bc28f30fc6b2a221975b98
SHA1 82bbdd2bf6c5bb2941788c0ea594c0185c6a17b5
SHA256 d5f7ea66bb3bc77de30b0b450b37dbac1dfa2f30b8108fce9ac2752ce9ad2838
SHA512 d2fe68b06c3852111cb03ac6b55cdccc6cf232aed1170eeb4709493e6b1e87a2b8b2c30223e502dacafb3a2d0b07b62a595086336cc42e63b83e8443244b5954

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\AbominationPissed_EN.wav

MD5 04de7b1fd5d0fce157b378ebede59df1
SHA1 97709ff9bef57080569f04f99efec6098cba3bc1
SHA256 3939fcaa3b0efd6d601da475abea862d9f7c078643f1063df51c83609cf47a6f
SHA512 31dcee1e7f1da84853bc8e41c108b1856020ea8da09bf2dd75b2902223f96540e148be9daa2e802358a5d78296ca5c90fa68c8f34f0a52b610f9bad446fff728

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\NOTICES.Z

MD5 d1183040ee4a457686d0ef34978cbd61
SHA1 6077f8cc3d74429a1f73199f33606c72ab8adbb8
SHA256 73c8ef5a21619b700dae5e0776062acb63d04bd5418812e79bbc446fd39e7c8e
SHA512 e1dfce1bb1fce344c8736eb36baa56d2fe5a4b28abd48107d20053620f5e6718c803bcefffa57ed49813cf8458880e3e14f639d7dd01b572a146d8e346aabe2a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\fonts\MaterialIcons-Regular.otf

MD5 e7069dfd19b331be16bed984668fe080
SHA1 fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4
SHA256 d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453
SHA512 27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\FontManifest.json

MD5 fb1230bb41c3c1290008b9e44059dd39
SHA1 66493d0f8a6a112d8376cd296b05c277b111dca1
SHA256 2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292
SHA512 d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Halloween.jpg

MD5 c0c6f2df1e2fadc671c336692128cf0c
SHA1 3865c8a27099040d2abdeaf896fdfecb032924ac
SHA256 e26c1ff60db6b37bd81794b68d2293c4f03eec9a6bdbe425bb9bc8a717d842f0
SHA512 4e49ce74d8d39d7773539eb105e559023c53d23ba1c87493008688f05d6230deb3dd72692922e73f83b8786025f387972af74cc0f9d49319116034c8cbfc0197

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\LoveDay.jpg

MD5 5498653fb773e2fe9f6bba46b7fc2f1f
SHA1 811efcd09132744a0db365de942b306d84b651fb
SHA256 a1bef06e1dc9b472cb3db56828f8fe1f10af642ce0704218244a731b56f7d973
SHA512 71f3db241b23b996cb52c663ad46a4b5056b3baebd91f51dbf2a13c376e5f252fae21ba110247c4518dab1f3fef695c6bd879133f36bef497b3e76df67dd415b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg

MD5 babd1b019be8944f7ef6c64c8194bc8d
SHA1 702a50d3e3a0933db4dc1f37423bca3b5c52acde
SHA256 71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76
SHA512 6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Warcraft.jpg

MD5 0141badd4ae9147a4058fdde8f9c272f
SHA1 d8ced687bdb7be0fb534a62e28d1909b9e615e19
SHA256 f88b682b452ad60cf3803cefe5c5c992db9688d47e550d757fa9c2d2114e72ec
SHA512 3d5a0526c32eb28fcf3ce84d3c9abc446215de98c18599985bbacbba262c9c961566595cd374b69f0a8feae5b4ce4de616f8d411eb7eb71adb44929e6a8a6bcf

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\halloween.ico

MD5 aa4603c868a63e56a5a3505daf9c63ba
SHA1 594dde5f2e3277653a6511e3e805a2da7f7fdd7b
SHA256 af71eb5c9170edbe968ed691a6be636a753e69ee46a82d528eadba33c2ca574a
SHA512 e0c7cc1196801749f790c72c5a75dccc83f2affdc77d74506e2f2079990be7d21368e7b9646f3f739e95691f7b799a16f8ae86a0b4a9c4fad02a96ef53eb2cf9

memory/2788-1746-0x0000018E8F580000-0x0000018E8F581000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\0.svg

MD5 3c82bc5493a92aebc9064551ea8d38ac
SHA1 b1019e3fe4397f7215ed8af2c0914159e986fbb2
SHA256 6046c1e9b8fc8cada4c4e063b031e164163e7c5723afd8c37d7df6c3054e1e7c
SHA512 126c5773e2192629eee40a611997f01c14bf598215d6ed33488b9d934ac41acfa83b99d7f373e0726a459dfee950011a0c24f97fbc600f5f96dfbb16ac7d9bb9

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\bell.svg

MD5 c67aa6948d2882144f34e73a6c1fe85d
SHA1 693d45f290ffeb039a6cbb1161ee2ff6689f5d90
SHA256 cdef11be995dc895a64a4cc3926d3a7bf980fa1a98e2b616c74ae016f9b8f29c
SHA512 6dff102927599b52c82ee8d235bcfc684826185251dfac4142d10cf6a61e7f2dbefbd98826987a75b787460781e3ec5c80842ad8e40dc0b5711b55f034731c12

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\check.svg

MD5 c24f66399270eb0fe85b287b76e1f0cb
SHA1 a152ece0430988acba0f402447d53450cce99c84
SHA256 649efa12e5c21b700afebd35a3a09719358acafc743fe2d44364282677af37d2
SHA512 1abbfa156dc145d8bb845cc7b6b3940f16083046503237ed0fb857f7dfb3fc6b8fff2dea59d6c4c5ea1085eccdb1002e9ceb054f5c574456e171bae71c8c961e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\cookie.svg

MD5 620a242ff032fba0b630a33f751099e2
SHA1 ff5891c241df6b4589a8981dda340c030a8586c7
SHA256 03b331c7a13a6a045bbd4f2b178fd52f898049ec8dc9ed0cae8dcbf61aadb2c9
SHA512 329d6b1f8b33d1e2f50839230cee738556c86a9f5348be40e10c8682b017ed16e68eaa3fd6add4309b592b5eb196c6742d4fdada39802473dafe78165590ef63

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\edit.svg

MD5 f260bbe2edc2e588fb17dcc4e3536d71
SHA1 0285ba80b1422f86fa249d2dd14c1bcfa32eae24
SHA256 fc98144f82f1c62ef49cec7271ec3b453d2cf447c588f83ee128124b1909c093
SHA512 0da3bca97e5079497d6c8253c87410509ee182a19bf7d46839839e6e430052e6f73015fc61159d858ec9a90323f21bfd07e0003bbb43d14866ec0d80562a5b59

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\geo.svg

MD5 fc5c8e8891438e03a31b624e3567f320
SHA1 cebe51b81bfc700897dd8a763792e33f9542864e
SHA256 66087d560643d63380a32ee0de5ea9071c6ec6e1bd05fce12672cb7903cca70a
SHA512 9c51a91778ab83fddc45397df5fda753a6ed2686f6ebd97480249cb734613d7f0cba406287d5febf4da409722ae041df6325337c49a9eacfae2655940ddbd7ae

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\preview.svg

MD5 18d3399d9564dbf1267a729031eb486e
SHA1 e76edae80a639996c582e0668f4c860ad324d9dd
SHA256 4140dbdee21c2e09ace7bd4ff7fc99ad2c657ab8890dcd9e2b6328fd7782d229
SHA512 e5c489ea9fe585502ce7768d88d0bc39aef3fd22ac1efcb3867b80952dac34962eb3309906545092e41c9ff343c981e416468d0ed42f1d864daea9c78387f68f

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\resume.svg

MD5 13a60946dee86d75cadfa035045553f5
SHA1 1cb9013a54e74d6089e441324a668ccca6d39336
SHA256 6d9a7767b9f4f2392c4a6cace2db5b2e3383d02003034f2e2af766d80992239a
SHA512 a7bcefcf3e4466f0db7aa6c25b21ebb4eaa9405dcb78442b174923e14b909c086448da10d620fb20812b9498ab10d249ae6f24e1bc94c3e1ca8bcfdb08bf1851

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\resolved.svg

MD5 327a70dea76ba84d7b9f64bf847c5ebb
SHA1 5a8d03630c1104cb3dff8f183eb8a2d0977e5f43
SHA256 5906e62f7d944df3a562fbac030e4776170dab3104d743ac548847264069e69d
SHA512 300301aafed924296d4b30d69a56df5af35254c0711a828338edbbab6635c1506fa8a84dae00b186a1126b7cf3443796fc1e5f1325f3833cb791a80989b7063a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\reply.svg

MD5 489d8959bd6e4b367a49d45c11ae5b8c
SHA1 7dd388e60378fc29ead40fd5ab04d53d1f533b2b
SHA256 a797584c5947f3382eedffbb197a5b3c58ba9cee336d9f408ebf0deda5f4dcb4
SHA512 a06d55f1838f51ef83838b36c35809c15afbf4926a0ee658e923a500dfc2845fc27d771b40f6707ef49c0bbcd9a8074417ba1b8bac27c3e936b60b80d940cf5c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\refresh.svg

MD5 2d51164b9c9c7bb0412ae0a8ac05c0d1
SHA1 aed6914a64fae4bfcb9dff1c51b08ac821ad8427
SHA256 465afc57e19316b0bbf418d4a6751f3e47ddcb501801bcdd24718b2426e916b5
SHA512 8b78a71a83df38280d8ab8386ca0329fff5523c01369f5dcc0b43e9652b9dad9bb6e089e8da37bbb89b646dec9c465b4de66a2e9769c3cecdd0db2c9191c3dd4

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\pumpkin.svg

MD5 8b35d076e9995dbfd624a91a598f69bd
SHA1 56ad2f7ebc055c9b89294a265d5774dac8f399ec
SHA256 8cd21059d9639ecda475814f4763ef3cc5eb98de239711c6df48397fc1cb30e4
SHA512 a719a47d2f59c29b0a5cefdce7bcb36662c41a725df50d19cc257b49d5f2205a58e1fbd8fa3b4cb995c5aa836d87e00340930b2b9e68fc5cc6a838201dc47766

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\puffer-fish.svg

MD5 0458f7bd5436a435b749091bc4d06dfe
SHA1 47b47c7de6b1629dcc9f898d685752e9686c6917
SHA256 573f4323d5a3475b40270578d785c50f8ecdfcc13fa7575172693969487d5b7c
SHA512 865b641716df05c7b4c844db020402f5152a55e8d941c6e3b6176d6dec974e0e760796cb6c6a92a35a8fedf4a9781700132c6f6a46564a2e658c876f4aaa270e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\plus.svg

MD5 46651bcbae0f577f2f0960afc17793ea
SHA1 02a9f5872eb0e523a032916d50529b905a90f4dc
SHA256 4b63d69e126c58bc6f88e6ba2a1f9861de64bccd0530b19677804a86c5bf4e30
SHA512 2a39f3f937bfb72e042244a82e1bfa43d5a7e99c01d09eabcd31c0e69996090b1164a94853fc158c45fcc795fdc8560834ca9a5d8e9539c3738f58162d8d268e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\plug.svg

MD5 a97ee0dd52799d2ae04b370d3e823d85
SHA1 0f3e9ef3fbd8f3dc15d3c27d3152192c792374a0
SHA256 f72a502f7f4e7d8c7e461f70368aa59a50ece61eb5ed6580ad413754a0c283ec
SHA512 bdca1d644cd835db67aba10b52dae87c44c3df29b680911142028d046c5ac45d67cf4cae4a96fc03b5e5d9a688c530703bb87243881e351a45a8f14c638c0bd4

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\playback.svg

MD5 e65e0dd94c0480f3fa2b4f7e5417253c
SHA1 39e522895f6a6b3dc2348f5810188601044f5768
SHA256 a6b30f55e08b1d779db536f2be5db29aeaf02288e0fb058b72d8f730e3aceaf6
SHA512 9f238205c6ac25910d1f915061d03b820b0ca12805c04ac236b78d38056f66c66551151ac0f2df2e6066288795d6e9ce95b1f183335102bbd512ed4efb64d71f

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\pencil.svg

MD5 623b077f9f70c49804a1aa98055e8824
SHA1 1bf6d3bc7cb05b5bc411fcfb565d44d546f53b93
SHA256 4544ccaa7948e06c2e2d6a36090e0036964277ea555b77280275721713d6a84b
SHA512 f415169710e2ab29b36efe05e7d3b9192020e6be4f75fa16add6607100bb8d1150c8bf102baf358f4c328ef77f5942c62df819f06314329099618f5e1e46cf00

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\pause.svg

MD5 fdb66d8a19ada038576a8d12b73896ee
SHA1 db70ee82f4feead0a00a907222011d31d2a5146a
SHA256 60516433b69b601fa17c37d0df19a419a576ceed19cf1db435478c19a54aa835
SHA512 15abafdb28b1b766f5633381639c9be903d3dcbd830bb40b524a266c5d50b5bf605a0650411fe95ec6b9664f53cf7083bdc915ec4864aafb9b2c96b06a959600

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\optical.svg

MD5 521b1e59ecc7dda35a87b3071facdde7
SHA1 70cfab6a8206916fa5677eb814cebb8dfe0b4c79
SHA256 319b75bbd64aaeed8d1003c9494ed0c918c5062a26bddfdb17e52bcb6c8b1bd6
SHA512 c4a790e2b4eb9bf1e53fba4787f81b2abafb603b76861f6442e7ad179335ace1f9aad089fb49dcf8028fdc3e4c0ca3186a19806cb690cf9447b9855d7aa1a5f0

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\notification.svg

MD5 27918f26b61f943c6e0391ca1aa5730a
SHA1 45cf6a4d0ac8c637443ca3ab037bb172cc732838
SHA256 1255fd2bdadebe9a32f483f517a3e3d493da72cdac145f123102b457e774be02
SHA512 494930a48446dab6b43edbeb0c296ad1e3d27be03fdf677cdf60e224c435e00908005a93d36710abaff797a28bda424fd1a77ea75812201391a350f0ad6f678b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\new-year-star.svg

MD5 f2cf5e2e14ec4da6cbdd21312f9a6f39
SHA1 85dc2b46d1cca55ce1783659e1039aed7068bae1
SHA256 7fabcc811876896dfddabbf443ed98d2b394a612bf2ed7fe4f5b5266d020a79e
SHA512 547c21bf3919a12141f7c3abb9d7a953c0886750036dd4bf0dba41f0da2d38124b7bb9e2e4462f2871c25445f878bdc5bcee5827818459487df89193f3f0bc93

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\neuronet.svg

MD5 01429031b0c03250db6e94fe2a4538ff
SHA1 c2dbb4c3188536a16bdcd1eab4bbdf60f59cab33
SHA256 7f64b8c2778b708af33d6bb1bab984e9071b30101dfd21da3aa72cc92f03b5a6
SHA512 53aed03deb0453edb22e6d6d826e0d027990e585a814636091cd02e12af49bfd643cf31f40e41b91221ea2a1febf14b2c23c36fcdfe57dd12d83e86fd141a124

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\movement.svg

MD5 5e5b6f7b7425a16ffcf20de3228b30ed
SHA1 4eca2ac761f571880f364e6448c6927c23e23aae
SHA256 e24a29997168e87caf4ec85751257d1110628c7e572f2d4d19da57015926dc8a
SHA512 25fabb4d72e6d57bd657215a969b05cf96b8bbc66ac03133fc1fd2e35dd60f7d3b1cd914dd2288db6eb1fc0aebe88985f371e7db502da85883e89d0ef300a1cb

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\moon.svg

MD5 d650ba3b646a7500c066c097c152ad5c
SHA1 9ca2b20fb26d14a31bf4500ea43a3793e5235d4d
SHA256 d992158ee0e3be7bbf737e7066ed092456dcf25a71a8411a95db91a459ee334c
SHA512 049f856e0babb748b565e2fddf51f964b322c73a918d172c415d920ed11bf79d527b369c2557a2626dce3eaafa4fb53ecfdf1769ae0d9ad3593053464ea49676

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\medium.svg

MD5 e89ea449fa1726bedfb4806c6ca00744
SHA1 cd2b1e4b9d6d8bc2f27528d6e26045b6f114e361
SHA256 955595d51702a1279733d4ea63fc5b87ee77085119e467452552d639563a5b34
SHA512 01c1ca13411ab921cc4ce56a8b8baf0a2e6fa44b27899479f774ff1ce3887dd459d3d0621c50a3bce6a537ea2fa22201719c2148eac59a097a9679ae3185dd1e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\mask.svg

MD5 d315cc6cb674881b7de294da55d4de41
SHA1 facdbf4275d06afc56fcb207293320c90a6d0b70
SHA256 7708ebd3e85d0fb889a8b135758f3e920412cc9c5f07e7f200aca69fce9979a8
SHA512 acf027ee4530f2278203c84b9516b0d453f5394f601ce10447af6dd1848abd7b2a0c30377927c3dfb2f0afcb30da0510e8e354c51ce3dd085bcbf978ad9313da

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\mail.svg

MD5 76deaebe0e372eb137a6495b53ff4529
SHA1 81e5482a4840edcf316c0df95df654b4fad98c8d
SHA256 9c728b65c2bd01712f3a35c0bfb1752069b24a286b91c3390a6114b766dccb81
SHA512 a3467346aaa28686a33911b45daf2271400b71319c06642042b0067342d89536539f71641aec3a4c0f26aceaf5dba37d239129e80ac6f1f4e8684870176939b8

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\macros.svg

MD5 39f4849cb0a7c87035fa3ccadee90305
SHA1 c23e60e39f52f379dc2808116c64a21fb472f95a
SHA256 b702a4e53c85a4b5f6011f54929637f94712d943af955328047726d484bda6d5
SHA512 a0649331bd159131b7b31359685776496056979b8026633606280b564a90fd7cecaa3d4b8c9aeac723cef0fd14192cf755518e07f470c534d38bbdaeb2472003

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\logo.svg

MD5 05a0b2956aa20cb8f92f3f09dbfd6ffa
SHA1 292a08937dfff6410ffdf285e6db83171bc5b423
SHA256 bcb60f31e94ba88ec7a788fa08622e728c5859675efee925167771456979bae7
SHA512 8c130a2d125cefd72eda53cb81ea2b809f8ea55d9477c657b2ebb32b53c575053d24310d916b6569db9bef501400ff9a5a61324818ba023536e451a91208934c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\library.svg

MD5 455ae760d442e9f2a8b32a7b3a2f51c4
SHA1 6429a8ebfb90bef7920d0fb3b966e57859e512f0
SHA256 e0f2a585677b9ef7a7ec37f9f16ac24b85a61cb2d7c8ec2ee3b37ebe452d6e81
SHA512 4a5e88e597ecc40ecd00aef5119b5c4e843c32c843a6c6bc037612853930d5d83199af8698f9cb90a3efebfe680dd9c2a23e9688b5334598e24512abc3b5b688

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\keyboard-properties.svg

MD5 48a101da0ce56909b676116daa19b76d
SHA1 e3f35e461c0ab366ad6e36022b617070f1af44ba
SHA256 929908f5f0c6bb4e85f553e5ec9bc3084cdbd3e337dc8958f7de49e15ece4a3d
SHA512 068cfa56fe9dde5b208899534030f066ee810c71c00d54d1fa7bc7c91215f2f30599db000b891ed962fc46f40fd4d93d6bb02118b3440751baa4574c67018781

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\key.svg

MD5 4311d8ae8061bd1537250483a88e0be3
SHA1 df0dc88e9847694cafccc10de4108eb11fb36a58
SHA256 73d7fe462b466f756a7c45ba7c92aca45d8e3b289126cd6e8a174aa94dbda3be
SHA512 08aecb7bf6b6175a79ba131bc77e9c7097aaea8e3c7daef4dcbfbe3b4f0ba1dbe045bc52862cba8e42f9424d89e8dcf0375cc5ff0e2d4a9399257e4e5a2283f0

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\information.svg

MD5 5ddab1fd73e64a1c39aa3b46ea3cdffe
SHA1 3c2231d85c82903d7a9586a4800feae1e7d81e49
SHA256 a84eade62bdd8d40cf36121c13563a31506dbe4fcf34f5cdd09744e892d790b9
SHA512 3b6151a3a4f3f073ac6385c53fc4127edfaa89f55bcd6bfd8688d7ee918d18fd38191e93580af334059f2b2ed9a7a66f30e0c878f4496eae6e6295ee7b518ddc

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\info.svg

MD5 80d0fca405d835779eb438ab19311825
SHA1 d978f67cae2a4eefced3845d839a15a948dc31c4
SHA256 0f5f5ead241bd4d3d0fa3d5ac7488e0b30b34b246c5f992a2635cc8431023562
SHA512 627ec6417f933a1971fe703f01b67ca37aded66ed9c5c7b5c8e87bedd4f47eb59c9e0098a290562b814a81525708f3d8709eb7b2fb549883d590df890cc9f860

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\icecream.svg

MD5 f458ef7ecddb792aa0033c3b0647f131
SHA1 a15f9c6f8d7ee0fe2ccf6325dedf13911942235f
SHA256 544230ee72bc6946b2d984aa2e56d85d6b74c8349eed960629bea3dace3a655e
SHA512 350a8c231d2a53cce6c825e23a40c33d213054adb91f2f767514d5c1248724ce97eb0f37f6c726803eee12cb093cc23ecc5505168fe4bdcbb04b781862edf9f8

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\hot.svg

MD5 9e18e91af28347ba4cad81f90fda8ac0
SHA1 d1c0b9d11f87bb829e4a810b566686ca57e6f920
SHA256 7f146927dd7f900c7596c4326b97ce0e14b0ef49945190ba69d6d3fb78139e7c
SHA512 657be8d0ca0549cb96a4d4f9e5632863f951f55c8403cce217d884ada0303a3a5ec82bce31427ad7e19e6322d285eb6cc55d1d6a30385855563dcc677355ae0f

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\heart.svg

MD5 b363a26e527fb424c79b46f90585e024
SHA1 4cdd7a50348e8a6b066b12807bf85e0f4adb9ad8
SHA256 c57c1ffbae9f02883f1be599cbd4924865ab5ddd209e474cdef9d5b3d830a6a5
SHA512 4113a4833658aac52c88b550ef097f2b2d487a01a5df296e76165f166bcf8ab97ac620537b66ae4563da4fd6edef7d4c5d05c691f60bd7d9fa3267b50a93ff75

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\google.svg

MD5 dbf11538f040a4a6880550bd7cd0e6d9
SHA1 347934640920836a4b4a06323baba6d43163131c
SHA256 b82f35aa61245dc8750ed337c04ee4c31277257124eba2d12e93feb346bb7e49
SHA512 7ff3a3662f5005855890ce4bd3f977826a7b4d3a465f9419e4208669a404a932696a557cf6f0e754c4ead9bac0221e44c4a9f5e5757a5878f85cba2166aa9796

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\ghost.svg

MD5 448d6a6784cca2686406eff076d82ed2
SHA1 099e15e20780871831f6ccc222d9e6dd4c493577
SHA256 4bd0fe7b2130a0db3b3831877c168532f1074ed16a6712823fa27859e482b623
SHA512 e2c6221c3381624f1af9c44354a180d2f3a719ccf0302cb184957ea94c474f4640b5332ca7df8568f6bb8b0f4da066139ce695e4a2202b3d091481bc4273a1e5

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\gear.svg

MD5 ca96b3964daa81fc2a50b57fc92d2b67
SHA1 125b3f80fb8d22de8cd23f8c887995cd87b9ec0b
SHA256 d02abbdcd701f2365d95c421a3ca8bca57975214fcdcfaf930ccf56e7bf7a5dd
SHA512 26f62eeffaa6e0826686bb65214c0db1973b4c06beff50f6b8787f0308c863713e5fa1378c84767f1d834f62cfcfddd8764b0c1c97d697f28879b8ac50ebabc6

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\gamepad.svg

MD5 85c225f64e742876cac2c29da30b3b4f
SHA1 ba32dc395b49838af6a73e0532f219efb9abe006
SHA256 030967a1868bc31029d8dcd8927c5a7afdd0950d931e9a480a6a9ae50a976531
SHA512 012b1684cdc2f978360d9fd454b2364f6a49499fdc51878d57ec4ce0c44c3f4288e3a5937934cbe317f992a32355735e425e91652f666fc8372560599b8b5ae8

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\fun.svg

MD5 3b78e1f998c3fe522a6b310aadc70d0e
SHA1 ed91ed91e2dbd05db82abad3290598ec4a5fc9e8
SHA256 55b26f08f0a64837013d532065996faceab254d88b8c6afb28da14d098f37fec
SHA512 4790d438ab84e54f4dbcbbe37c6a74cb1bb5bae83eeded6611d2106136c1a69149cf9966ce44a588b51fa7f1609bfa59abcf02946959fb083f034d3672a77a48

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\folder.svg

MD5 50cecdece7b4bc925f5d0ee89b23f203
SHA1 dac0f01235ed5abd451b5ecd342686670a51a906
SHA256 be467574fdcd107ce7a0e7f7036a5c97a8073c77caafc3cc414da5335723cce3
SHA512 9ae7491302fcaa7426f944ec0658d05a32bf29601f8613828a2a00f9ebbdc66cd6b7f3d03abc9030e907ea057b623bc075319ccd2546430b92a3904e4cc4ef2b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\flower.svg

MD5 d8a51303f5383003f78efb638b0815d7
SHA1 7d8117076dde48ee1533a0c9f3212b1cf447c86f
SHA256 aeb22ece6e0e479812437b0ac837e871909cf5b52227d37448e5812900545ab5
SHA512 1f0c6c489a9913019d6081963ad232cc4f41313f9aada7c3acd4d4ab3c47ce79391352c5c42c91cc4ec62aa00d5438189b8a644ee6c48c894054eaefdb22f9fe

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\filter.svg

MD5 7399a5e76977d4e5fa975ed4c3eece0c
SHA1 daafb1ac6582204b649057077c13f813484380e3
SHA256 725fa7da636cbb46b3ef28ef318d0b2b7b792e5ceb8c1f298388a3cf3a9622b0
SHA512 9ccc959d0bd5022f6d2e0558ca1777857f989e4b785931c1e561254be020ce5566e65989c03703b871222a7f26b74e145de921dca0ddbc85368a30ed74dd3765

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\file-text.svg

MD5 6d42c3f4cec0710cbf4d5f24a2b57af3
SHA1 18f9bbaa42129320daee00cc0be99b694ff24a62
SHA256 ea86bbd8aa79c4223ec56615b56236ec3b205be8debcace9ecd94be400e100d9
SHA512 4ad043b8c5c31b8ba1a2f9490b44b31b7c364a7ba12b35764c1cf2a35c489ba8c37fcc2bdf3e8258c23c407ba4395b61467ae078da81bb202dd253109f95d9e6

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\favourite-added.svg

MD5 21b9b0c79a05db19911dbfc40a20c05e
SHA1 6396d2c55632266f704ea7f703d889ff4c825674
SHA256 44b3ac4f97496efe50f79cc24aa11b8b027adef8a6e6a5f13aea4de47629b004
SHA512 b5806ea5fafe7ea04b9d59a16e1a7266b161f934b14d681960d31696d7f306b27915d43fdc4752485b5d2601405982a09efc8f4357792ca781ba134fe0b77ddd

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\favourite-add.svg

MD5 e8b7b3d288ab2328b33657f7ba9a3e29
SHA1 04027c95834489c6b09d684ae04267afaa00c7e0
SHA256 f3ef6f54d23542653ba6c054fba6a73ebc6bbea008d3638cee41be07c3866260
SHA512 e2f6951903ff2f4cfab951861946f42fef7018b0e5572c996736d80eb4d7f5b0582d4bf30b9e54730dd7123e9b0cd06930042440d4a3ad2ed84b9611500d69cc

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\farmbot.svg

MD5 ab8c146952cede527469c88858d284cf
SHA1 67448b2a9eea7001c15d6e95aed77bde90f0bc99
SHA256 b26c59accf130486c733486f2c1552c5dd0c5527770c6b5a07443644e9cc469f
SHA512 5e58290ce8173dc6ce82e6dc635f5cd885e8c4dc7ceb1520441d384a020839f571fb1dd540fd57b25da8d9401b3a01a7fe3c73a520f1e8110e2402f2e05f124b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\error-circle.svg

MD5 b3b259b4d2b1972e1bb738ceb0ea1ba5
SHA1 e6e10af900510de03ba1d903768f9214cae85879
SHA256 6871eb850dd06db542efacfdb1cf5b27b9b2fbc8e6154ed0003a0ea4225ff466
SHA512 28841c1b98adbb4144d71c944d2d29a02a96ba5260c294f71cc0734ee7451d74785c6bea59a4874bc4e042c16cc4a88896e400960abc2420d1c55742084ffbdb

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\download.svg

MD5 f50747938c143bc56ea61c5f4adf6a2f
SHA1 10969921312edd9747c453f15236d82176840222
SHA256 bd3207219df645a3f06665f087fb06721e85c4d7999a9edb73831c8998630468
SHA512 d11ef03d00f5e56497b0408b03a4c023f2b5b5f92ad547583379783c6d81fd03a651ceecd26990aa5709458b697e5288af7b1ef2443946bd2aad81f73f900d18

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\download-sharp.svg

MD5 6dc9206bf3c0452995bbd8bfecc1ffbb
SHA1 bbdcd91b2b5cb2b6744a5756fdcc3c4901d1a903
SHA256 2d6de4b0293507d4009384e78a8524427ea8a9bcf8382639a7212497f6360cbb
SHA512 becf931df39fe2f4ff2a03da057c43a9ce83d5f9dfe0604d5949d4887106ed738d846ab7ce5b12d868339cf77236a85d46d3edcfd3957b610eb174252febbaf3

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\doubled-arrow.svg

MD5 ae8035c2e498c755ba7afaf3c6cb5bcf
SHA1 66e03ec9b191d8014252f5f77e9ee0c27e4e4ae1
SHA256 452d056778560a036625f8f5c865c86ec7877eeefcd3288b9ca42ba3a39ae967
SHA512 eb00d53414172ddcf7ea16de36ae71bfe2c17d7f580e4538858ff18ad32f04ce83fea8e9768e36c92f0d2a1e9d5992db40cb583ea913bf62ab6e8eeb810b22e7

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\discord.svg

MD5 ad17bef21884d1e218967e25e0591927
SHA1 dd166b164a4788ac201d86125aaf42750e1e5068
SHA256 4cfd2975d5fab3c39e716684aa203a220a90e9ecbf3a0259ee42e2dccf515032
SHA512 3384da9c3a602c456f1788ed527dcd52a9a303ac6568be0a8ce0fec1fc5899a052fbd45624b57113b28ba1e89549d7e2f818803208693a286959131094bb4062

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\directory.svg

MD5 5cbe7c691d5271ad409e22ab514f81c5
SHA1 b15e9f748d71036e862eeeaeaf7f70ee1b1c204e
SHA256 8d2f0bcfbe633144a227a88f8c3e16848e1569ae34cc998e9361da330cf27e5c
SHA512 285022dbfa69f96ccdff37225e64ce7b79e39b4db7b4c2bbbc4ac8a346d773286b8848a09fb17691b24495e009598362c831d0dc34c3ab8a0c825a5ef8e9a8cf

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\description-blank.svg

MD5 bf2c8a4289c9396bafd0ed3e2638f6cc
SHA1 a03f43665f69efab2c7c2501a55197f27f3922f0
SHA256 d0ffdcfeac8eba5286843ff1c7986787e9f241b4e999bf9d2f497ab69b59299e
SHA512 a5354777c26ea3bdac9271a3849d83d6d89d52b26e6b39b5683a966f5a17d332e4449e378766adf166d8ba30914a61038a162c1fe98f3e65af9b1db7b55be2a1

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\day.svg

MD5 50f48d3dc89a7e9efee695176a4a05a4
SHA1 537e286fa920602678ad99b50cade0b63e4ba60e
SHA256 3a0dc43445129705331d59f44cb1da0df735ecd03afa7854ac6b8d86ca9aaa0e
SHA512 0e5750de343fa6f5f95192a0ac0e9fb5f7c3ae1221d1156bf4ddca00f2abf9016447d992215440ca2ba5adba7ce1114766c27a6695c63210d95b39f3b78a5b81

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\date-calendar.svg

MD5 cec1d858967425f269add29f85c0080d
SHA1 5e52bf28efd7367778183b0f6b6fb7832d7b9d70
SHA256 56844bd764b03446b865f0fa3bedf995ef06063e2306c88f7d289d707e676a6c
SHA512 884f976d49fd7898c66a3a394dea9594e78d88a08d3add65edad365fd6a12d0c9eeed710352471da089c9b629cdf35faa7283acfeb0d9e10baf3ee5603c0442a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\crab.svg

MD5 4b946e45950ca64628f4eecfb2edfb66
SHA1 881fef3e93f22250787bab38635b003b6912048d
SHA256 9fe50503fb15530bdd87bb0ac2cfecea217449d36df6fbc9bde4439d3cdb9bb8
SHA512 dddad2fb47d21f3a6bf6c62878942c45e909af5466266833909d0f80a88f100918e2e31d0f2055bd5aa2f4bc98da88689b9879f298904b1a6f18ca32ff85edf2

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\complain.svg

MD5 b6bb3a6b10c02488ad600fe65829378c
SHA1 88d2e5351cd071d4e7bb8c774eb4f5f2e75dc9af
SHA256 993ef7cb65b7fb77e035421ca68c60438e46bfe7d4a0c6ae875fa20d9d4ec2dd
SHA512 7a9ed7a5d01143f09f271fd868c4aef92405e6e00f3b9ecf709485a767285281640c457c8096ad8a0108070f453fb3e1f965110407881ab492a89beb87e75b27

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\collapse.svg

MD5 ad6092934dc48be9d00331e6f21eb235
SHA1 29cd8e5478e432b386382caf6ac7b3537b108c33
SHA256 2e0eb48ef144b771903a2ee5096ac4305ef43c830d2905f46b0384a07f5f4090
SHA512 38254a977c1a74515ed6184b5ebb3b1b3125db4b713a2de69aee9dc54912a9e869fede36423548e9ebf8cfc66e6711738789ee2c33f6f3af74def779eb7e5afd

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\cloud-off.svg

MD5 e99140f842b471d330fc27cd73817c4c
SHA1 9957147463f586824b65bc7bfb121d33a9523a96
SHA256 0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae
SHA512 f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\close.svg

MD5 7f8d672a2849987b498734dcb90f0c51
SHA1 e53b9319bf964c15099080ac5497ee39f8bab362
SHA256 4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4
SHA512 b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\close-circle.svg

MD5 085364fc515cc02710adee3b224caeb2
SHA1 91309d5263683f1e312a85ee4b44b9d67ace7753
SHA256 08593c7c901ae6e1bbc52be0701c3fa0e9bd5c1e61f61728d3fbac0d900e6da7
SHA512 7b94e0069ca3545c8e1635cd8b6d6b67a0cdd52cba151dae06a88d8f3a2e5ed7bbf971f6cae8fca3ec769f83f07b69fa247bb6be8bcd58a3db9ebef4f2934a1d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\circular-divider.svg

MD5 8012665f9b98ebc8f5f076bb9ec1582c
SHA1 bdc90f66412c891bf712811c1ce92673cbd8d20e
SHA256 ddbf0bda5eeab1b8351486b002b1ae9a4a6e2db8fc6b9e2c25d612628eecc631
SHA512 ec55fc92325d39a46943ebe2c0aa47c082148740caad4f7b719b79de1eb4d2f2baabf6f9f69f0a51e0317ab39166550a84d0ba3e053f2689eb3bd3d929f330dc

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\christmas-tree.svg

MD5 a6c2804b3f3f593a193237f6481b3345
SHA1 c7612fba1c4cc105b696db535c7839182bbc8465
SHA256 14a1c9354a68f93d29ed72cd367707fc20043e1b802be8fd9677030f6f8c61c4
SHA512 b1b3253502ffca9f7189f2b2b2466d73d6adae6f8b77ded1831ec53a073bddf2bbd59a8e73f9c71b6884706f96c2e3d25a217547779e954e0aa69d37ec811251

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\chevron-down.svg

MD5 4d7f71145f9fcc087f0a28db28452992
SHA1 684f8685d1d8afa8dc297c51e9c8e281c594cbd9
SHA256 b1e82d8b9df576b359ad8ac70c6c89911e22f8ca29bdacb19e5802abb01bae86
SHA512 53b44938032d5de7f212a54a0422c13326a1add6aa7c54f78baecf88ca372d7130ba77321a0034493aa80f72ffb1c54cac12d5ffa454585a786e4f8c29638e39

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\check_circle.svg

MD5 0bb388952a9445daaf17fa821e64bcfe
SHA1 adaaf38d0bf04c5ad802384b0e27cf1363e12a91
SHA256 24433540f888e811571292a08fad179b8b81e2630ff535218f79fa407deed895
SHA512 f845f3c2cc9a563001ddc83ef908c4673522c7087ffeaa80860c62ae6b97c804c08f8040f37e22daa31acac818d23e18c02048cf53944228f32a28a40a54f721

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\checkmark.svg

MD5 5d43b638c6162414f4a9e920e61dc49d
SHA1 bba1628a99f0b8f9aff477de12b1360ed10dd47e
SHA256 ce7c824dbcf1848f684d968062a2f09bd833dea19d575fe3790e956132c973ca
SHA512 144fbe786d214f3a3aab0dd2f9edbe17b07e664066da1f5d4d61c2b3f5fec6ede5e6f63dd9377d4605a27dad25b4e9c126040d00ea446bd7dba8b06347f509fc

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\checked.svg

MD5 539d835e7eb96147a9c52529da32bf94
SHA1 02963318607d0556f7ac45c98b2bce140753588f
SHA256 63852cd8260bdc17fce231ec5df84d1a4db7c486ed7bedaf1d6210a967dc6dd7
SHA512 cb696a8705ec7d05d0548a935c4bfaa6f067ae9a3d02e67e12fd25a8906e648270a4ce43056e7233910c11f7e8d8407aeae0cdcfe863886ba9f185cc25219e29

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\chart-bar-alt.svg

MD5 672ecdd013d7cd8956fc92d89b54d899
SHA1 d2b579ce3cd45359a2d00e07058cfc2b852ea8ed
SHA256 06c128ca3c4bfca98b1d3219de980deb428a5dd0f88d6de4787a40c56bfb832d
SHA512 088602da6370a1fd3e5630e6b07c8de80cd5b9512cf709869a2ad9ed320aa2095d28180399e0cb2e0cd5bff1918714e3ae0fe9afcf50433588afaf012f704855

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\cat.svg

MD5 da519ecdce7d14eebf349e03c730a5de
SHA1 1294237b4b437da9f4f816bc9de833c3fd6d19a3
SHA256 607229e4a89f472fe9f09ef58aa5ecdd5d2e8a0a1c615870598a9af5733a0cd3
SHA512 0f80459f7b5860734a73e076f3ebc396afe8c64b83c57b58eb38a15432a3850be5b0437550fe469522628e476118457976641e9d05053d0310c99f78ecd7a4b4

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\cat-1.svg

MD5 dda5d8ad7977109c39a717d54ef4c8f1
SHA1 b0de1cf7da2d842a58b91c3b6fe6f6f17b411444
SHA256 a973170eea7dc6acdc9b3134fdf1cb9f933926cc4a7e2561b7e97ebbc942f782
SHA512 69b52d8205bc99970f8577bc7a9c0a2238f1b1aea3115c1b0d4b05fd112ec2089df04851f072d6de7ff5c637e460115b5863e4546b14c0bbaa558aebab82d329

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\cancel.svg

MD5 85497ee294fef9feb9f061be10d7107f
SHA1 8ae0a473f3a031022ba24245907f2620d999bec7
SHA256 0d949074a7408c62371d3d7c599b9f154569116d8715365019627f34bb900037
SHA512 ba660b5e8196c7311681d582ee0c8a792f3e3c62d0eb041110e36d704fff221e9a9ba7289c2577b922e90cc03bd520d066236f1ab8f961c96979b64fd180bba1

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\calendar.svg

MD5 6763d770f3af90634905102ebce6c6aa
SHA1 0782da706704c3250ecf24772235588285318dc4
SHA256 203b9b3acea3bc32f1b77a5043410c512c75e9961807b5cb021c4cc707963601
SHA512 916532fb3c1a99a3d6ae626814dd6621d7d1f4269dcde289c82dd539fbe61dbc825fdbb2513e86cf74ae5e1d9f3b23026bdc742d3ee77ebfa14aa2b8db4b26aa

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\calendar-alternative.svg

MD5 a6f16ca0a775b85548c0ab584cadfc1c
SHA1 e8603263e13321dc9a0a8f5074bd2bceb7b9b61e
SHA256 ef8b44637573b2ded7956b36764578515436eccd35a597bbc4d056f082a0af8e
SHA512 fdff93b5f6cb897978ab8cbcb063d32632596f826c2e4a4b78cb4bcf53cb55bd138a78fba53f1d89e21702f73ee204da44af7f365b6949a0ff01a659a87bafb5

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\bug.svg

MD5 9d7be139a71ce10e807d2a1b04b587ea
SHA1 3532e7dde081bf670c051cf8a1c7234351e35688
SHA256 db1ff0d07f8add2a7bfb1d92089524665fd8be533f51c620df756b1aa0ad2b9f
SHA512 8c6a8d15fe9cd4c22be149c9c7a1015d3a26f0b7fb9e79eb4d1db172c44afbd844bf10697f5c886af4946cef3e2b4f86b6c1a0970063d356460c76902d34f8cb

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\bank.svg

MD5 bf9a759efeccf88d1293ea9392eec741
SHA1 6bb175757b6f51cb684dbb8c77fa7e470f78e812
SHA256 0672537ca0cea9227371d3728fafbb6f90255386cd96863422fb895ba3cf3720
SHA512 8b396744afaa53fd17824dc6a36001cb592b0d7b9b1bc68f64d06a9f4cccb35554114541652c493097afe7c153e14a396f4f5ed8cd935bc8014970a98d27f80e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\back-arrow.svg

MD5 3127554ba77c0b0c6871b12540cc595c
SHA1 88cb8d41ba3da59b474e977a68b5fe0c806cdb5e
SHA256 d83d07f26c46717e11fb9ef3e3fa8256f8edd2f66571db73b6a7af69742524ec
SHA512 9666da34b8d01d8b1a2805329d07d5a9479c6952f06563ef10ca6888595d81e35ac3293ceb87784a18a28f30ad175d4e69eb7de48d03f3ba7ce341ac99672dda

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\auto-delete.svg

MD5 7e1bd86b2f114bb2c6ab973c96163ff8
SHA1 a50ce0109893d9deaa1e62e6dce20e31b20e8f04
SHA256 277e2549994f76a3539271719dd46fc0d06e72c303b4efe9e805f8c9d0c4ff3a
SHA512 c232ba5b153f3a8616767b1afe0e8c784f391af4b0521b5a509d2f311a0450ab06f68dc377636d6ed696f733e0b5f058ff08b305cc142a09f07e7febadcc261e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\arrow-right.svg

MD5 caf3668c9e2b82819137f778b10f04f9
SHA1 a3713391b4ce86c084f1981851cef5e76afc71aa
SHA256 92b25cb5172f158b02e577ad36c7de69fd277378cfab9c8cdc7e639b16c03433
SHA512 0b9bf756c36026d853ba5809819f29c308ba15149debc75d04ac5cc2eff4f6c59f3a1da2ac50f268c7751243f96d3c3eb707a16ec0b1ac14fa49199a284826fa

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\arrow-left.svg

MD5 ba5b1e092c79bc5ca5a74b534a6356f8
SHA1 c0b784acf0eab0f9ac2469cb91380c3170527ee2
SHA256 fd7d1070085adf5c678b35cff5899aa600c13cdcc5fb788635a630ae6cd156ec
SHA512 138d8e5b5775c05a7f0c2f2a0ef3bb95d3bbbef643420156deac5bbf4cc43fcc28b1981402f7cf083e4f9eeb0538349ef050ba3997fb12efe2d2e0c4144bec9a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\arrow-down.svg

MD5 673eb4d7e133b2fa1372d7c036abf18f
SHA1 24895453cc62ad88211f2c8a7a4ecc029fb78afc
SHA256 21a868b97fd5beda44d05924451aa074c11a1a96ea5ba45ef11105cb290ff4f0
SHA512 3296ec1a21147e5637ae4d7fd67a7a6f96bb9baaa2719957800235a3e8524686dd048efeccc376865347b4092bb7833e504f914b9b5918818c3aa920ff7f4c3c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\answer.svg

MD5 d7e36b8acea961b56059715332963233
SHA1 fbe5afd17f01e0f7e1cf7ef484130034f3d687fd
SHA256 384a3965448ee7e12eb408ef25b94574720b2ddfecf68473c3c09278deb2eb39
SHA512 13970fe8a0ab81d6a5343493c8d4d862a89035191f902f7544245c2767ae1937936698190814ed1ce55e20b023e95d2c96c7cea163a4f739387e19a3b49b10f9

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\alien.svg

MD5 e41fc939fd261093211ff58aae998a04
SHA1 f10d40b8d1967df4ccf342122c19289d88799693
SHA256 393e551487d68dbe48af9497c28b02ac7da38e6dbf63f7c00d166a7f614ef1f8
SHA512 182010b5dfc3e4bd7520c12937977fb602bf6e1ecf829e9e4419261a0f3e6db3b4ea1467dcd59b6db6264c9299e1b43eaa0d8d438a81b38dc43dd2ef18f6f7bb

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\advanced.svg

MD5 11f3d49b01f6105d803b3d67e8a2d7a1
SHA1 866d313d44b62a7ddb75360b707bdc0ce3f76df9
SHA256 cc1b5cb898b7fd9c396c85359c651c3ec77b76d4502972caac0db0e1ad789477
SHA512 eec9f3e63fed93bf1a35c6063b3a35d432ef0325359de828535586681407e0d2cf78fbd4431c0ea1231496df979871e82cb520394e985ec4873af07e359bfd2c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\admin-panel.svg

MD5 3793c8581582f78f81e96a2d15e79637
SHA1 9abd494baf1e8263a87fa8ab23627b75c7b93e73
SHA256 0df749d94a0349477ff44e8c3d4a061246155a732583b6a73a5cd0dde3aa3dd2
SHA512 23cd27d9c9c171d9b104aa6bdcb369617e4e737a38ca2a6398e24842066c8bb43bbb5706b1a5abf0f8a775628e1f69563abf695e3ae9293acb44bcbff11decff

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\add.svg

MD5 5a3230a0cfd5bef48c90b7c90a5d4f8e
SHA1 0f4058127c30aa7928a448e54195fffda531929d
SHA256 54bf4853ae737f99972b4aaad7bb1384e2731989e120609bcbb0be7c4b37e173
SHA512 cfad366c093e952541b85107fb12c28707bbc907a41fbf65c669e691c36e7ec2ed0357b4e5839f5142d1a44d2087d15e65ee10fb738658832fc32f4b1af52e06

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf

MD5 5177edfb54762b59df676052d11b363d
SHA1 fa18815bf4914b93d587c2758b65e234ad51b38b
SHA256 50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d
SHA512 7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\fonts\NoirPro-Regular.otf

MD5 d969db6adb881f1dfa91a5b7ec0154d9
SHA1 d7b44b20eb246b0ff5c41147c0d0fb96fde47c48
SHA256 c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152
SHA512 2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\fonts\NoirPro-Medium.otf

MD5 df63e8855d04ab0e25d2bb6a0b1fabfb
SHA1 5512dc285f36cdf7da5ba5eabaca128ca3442537
SHA256 a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed
SHA512 eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\fonts\NoirPro-Light.otf

MD5 d10d77b03ba3abe6ccc1c142d9852595
SHA1 6108edf0cfb3d5f25e3c593949c301c5c2aa5f25
SHA256 3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44
SHA512 71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\fonts\NoirPro-Bold.otf

MD5 e57b6bc24b970a377574124e026a7c01
SHA1 00184aedd4ee4d2ca6b5c87cf41e78f64304c89b
SHA256 b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6
SHA512 c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\war.ico

MD5 b942f8a18c3cb3d9aace9b5892c66671
SHA1 1cc54e8947e36f2e64cb7ddd9fba785a60f93793
SHA256 4efdef75cd3a854faf44e5d0f25f62da8194c07e108b3b2679503c16f2805a4e
SHA512 4b49c72d6f994f575a9dd142dc8bbec2b13bcced27722ce2820910aa3023c5e9254ec8defc1809f899130f6c3d398b6adcc32e146ea1d02c94fac80a8928dc0c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\summer.ico

MD5 cebdf3173e21a7c16d4a7d8076a11c0d
SHA1 c4c19af47f02faae7a6aa671affa087d11a9e96f
SHA256 14da5ad17b31761f6c9302a05b198a703e91bb6bf1a9ead708d4914fb4ed05ac
SHA512 22672e6b4a72ec4fffac142eec31a75f85a3eb89d8b66a9b82d775db6604e3ac329ee3976e327e463ca240bd83e221ef01bf0aef204dc3f58700c43e1a3e4069

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\space.ico

MD5 af9a47926259005be2bc4e609f45c62c
SHA1 edb0a26d47980032531381a40766af1a44bddd01
SHA256 5dcada90aaff8f8076a966dd4a83ec4b087b437ca4d7a0a9519e277ee1528bea
SHA512 af3344daf59a5c0e2b2f140101cf47084be7a8ad04ae31691fffad809f3ca41f314cfc5be61d2e1e88b96703e30124da3ae430bd2ee88f529ca100978558c584

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\romantic.ico

MD5 1e574f7a6ea27150d9c2fd81b12f6394
SHA1 847699fa258885f644b66a25dad4ada094671ce0
SHA256 f01399c613a0b6451dcb8ee77c5d77a1755161bc0a5a403682b3607f6040fec5
SHA512 a235fc7f7cb4365e90ec59338334d606a17a77f101ab1505889e7f75c7258e7c3a63f9a93cf4d447bbca39ca207b8b0d221bc19afc71009a088f52ba9621f4e7

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\newYear.ico

MD5 9f66fb548e4aee0089409e5b896fab99
SHA1 f340d4ded3da188aaae76a6dbbcd64f4c8678b13
SHA256 dda4f29c5f687ab63c547cad472f5ab9a5fa7bac816b36207c0201542dab6173
SHA512 df4071913a884bdc844e30dcbba317e052926e77da4fd17b903cb5975845f067786e508016e2a10cb7f9367f863537cbb91d7d0684601751ebc91f8455760040

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\logo.ico

MD5 362e23dce02f6439b99fc322a62cf7be
SHA1 dce93401f082b4464f697974727f90cb55eedd80
SHA256 3c4cf7e9644493d059da452a3af9c17a3be5c01db09c2da5d5d3d5a45468f2a9
SHA512 e1b36ce9feba258e3f2db9bba421546b96499273be37c36604f0c6afe04cc8e1f04d910f7d815ccd9040be1166dee9e5ef1c107dde08f578dbde44ee4e045ef9

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\installer_logo.ico

MD5 d1f5ebe2b7fc80412af20dccdf6d10dd
SHA1 7172b11e58421e741fb49d1d83f05ea696135b78
SHA256 2f6d4d480ccb302d8c119695ffb2f33b0d446e0d32a050a8e77828c3393d2906
SHA512 c753790979241d978c300a6c22567f8c206d0807ec2c06c053aa39da94ce511626868e0a12a2b207c7d6bc790595cb75668c231ad82a6bff3b9568338d619ce4

memory/2788-1714-0x0000018E92FD0000-0x0000018E93DA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\food.ico

MD5 f3ce54818a6c18da1826ddd2f089c51e
SHA1 b0a39168c28afafd461d05522e6f964e7524d4fa
SHA256 e3187124e5e5b7b135014f6924893fedea29efb62c9955c5aefa2aa00610a97b
SHA512 19fd926cd4840a1fb7af64b7cb17bedd3f3e7fad861b2cdeef6b8589ff6119488f76dfd2ac27b8acf85d4493cbda06879c85f23db3d3c4a0f09f94899185d5cd

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\clown.ico

MD5 ad1e1074f2e24099f2c1a41a42ee7ba7
SHA1 8b3db9e5fe4537dec069172e52d527223e5b1eeb
SHA256 01b0c0084fa9d536baec5468033154d9fc3028bbed55d0d3697d0aab8b13384b
SHA512 fd8a58519994bd773f86dd71eb90c519cf50f0e0dcdfa33af4dc5e5fdc7119b3cf240ba0654ac542d5b6ec0fb4647b819dfbbb338aa2c87940bddc31431b3f80

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\compressed_logos\cats.ico

MD5 a60ad26735ed5f524fadc837ba409bee
SHA1 0c93146c29615c62b84da87ec5b9e8503ac0a51f
SHA256 ac38101ea1995b026d743575c7ecd82be22192c36f7f5fce336b6584a83b88a7
SHA512 bf20184fed223bfd5c470002a6d0a5d1222c5e24b9fb4c84318a406c0524f961a02d036e0bc3a9530e53b676ce9931f03dba9c8cf02d3aabfb522c045000e054

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Warhammer.jpg

MD5 0a5ffe11b4d2f0d579e22a475047589f
SHA1 de35be4763c7bd9698ec627f025fc81fc9927ff7
SHA256 bc755a02b636013d2ec0bee05412ff7361675b0cd3dc5661a4d750d74e798346
SHA512 adf7696b4fb1a1201e744181b63b02e9f224a1791e954994daf8785c6752a7ab85b438816e67a9236c6275b2f7383eb6f50fe32e1e58b3a3aacf9fad1d49b92d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\VictoryDay.jpg

MD5 eb92d94cd35b8d73ee977381750a96c3
SHA1 95b0dd83b136898b4afaa780f1c8375b31a7f7a2
SHA256 8bb4994de1217cb2cd1651449f030794388a2e1fc333d062d52e813748216ff5
SHA512 52d67616eab7856d2be52eacd7144c3e85f4a37daaafc293765911854504147dda6e61d93d2a17866e5735a4dc56f0246cd8a2d2ea8a9cd87bc3f45a2655d663

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\TastyFoodDay.jpg

MD5 9f7ba227860a8d446f77f62888e4158a
SHA1 361e736b6ef44e6c496aedf7387845249c76a4c0
SHA256 d070946d773f126d824a26abbad730d2fbd146e1a9359cd3afd21960285d638a
SHA512 c2841305671590fcdae7d25abb17258be2cbd271ad1241e1a74206f12c583c75db64d706e87a0f99fe546a9c8bc63d382f93703ef358b384ccf349c3887acac3

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\SummerStart.jpg

MD5 d77e5703d7bd49bd5ed2dc837fcc93d2
SHA1 d745bbd9fe501412b7678dedf468a3d4ebb422e4
SHA256 7ebbec54b74af16436aa4e881e3cf723c1948e88f3189ce15c8d2e675ba7de78
SHA512 1fb1638544451632d185b1085590f73b93ea0f791f24ea833fff9828db77e6fb9fef56af703b0b6f7d3ba99a4c11e323d4fd63cc39c3b14ae3105b343d4e5aee

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\SpaceDay.jpg

MD5 cc86f6ad72336b38c9a94292a18d2a8f
SHA1 5c9d533d89c042d5492d2a2dbf5537d3f95488ab
SHA256 44e05f8b0a73889362368fff0e91bc5d38b1c33552e1a2c0f6967a99bfb4a252
SHA512 7b6c1e34784345ec9210d0ee593bb9cf9ade0be718bfe75b6d08efb0d7c82a5b9b4e408a78b1fa6605d4477060f7b6578d3bf981a116722b029d312ba48921db

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\SchoolDay.jpg

MD5 ff2c795ca73657308ff62023583bb7df
SHA1 79795d1a923fbd2b042a41d71c6e4daa71931790
SHA256 a4f459702e21c375a81e84ac85ec84aa463310d8aef505181c72c5274fb27a35
SHA512 08a11863ebd40f1b9740411fa79a3f49e37085db0ee0c864502ffa2a75398b7241b104dbb5b765d3a3b7932cd10cc28e096fe9bd920766a62be0cd43e2e95cf2

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\NewYear.jpg

MD5 72d7cfd32904762e3e06590a08f6b752
SHA1 d1e9fab08630afd6cb06ee7b719338b00bceacbc
SHA256 b544f944a958b0634e6d975fc4990ad8e1a71fabfa383939cb71569332d246f3
SHA512 c1c76e8e5483f598fc540ead8e0cfb3a4ab7e537565056c1036a895ad48ee0b590b6a0a63c4f8aa2e1b221ffe98df6d0b6b85f176a1e307a4e733e7f63a220ec

memory/2788-1677-0x0000018E92FD0000-0x0000018E93DA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\JokeDay.jpg

MD5 6582a4db0e5c0570717565d12815d169
SHA1 b05f9a1cbb16149da1dde9e7b0a9fb3abb603f94
SHA256 b1b347856a7a93fc41c18291ecf2424abb03961439583c78a9b2b3c4520e9263
SHA512 33185d6f56209b8d713ca8f76fe505947836b116b65b01ca2e649fde42783cf35d606f5a6101be3b97602af89ce7787c42a2dc3af922eb7e325fff1d6ceb8fa9

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\IceCreamDay.jpg

MD5 0df267f391a6eb5ca24ab83e734dc80a
SHA1 ab815a95ed9ba9f4e8bd5fea909f35be739529a7
SHA256 5217c55cabedce00a97332273478eb75f26b3237943c3f90f608976cdde195da
SHA512 519ff25ba063829121863b9ea0eb609de7fb78b60b9f8abd0e9121aa79085b78304b26c603cca7da62e3d45b0724942ae3ae6ebebd8ec7c42367cbcf77a7e8fa

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Halo.jpg

MD5 06822359be19fbe08382ad01c363aa60
SHA1 ef108eb6c41a37be79913599b5fe4fdc827a7569
SHA256 6a77bebbb47626eff779e583ee220d1dac117dce66b28d1173b9601f7382ef27
SHA512 3a7fa133e771e610ab99b29e7f5c0646a5b2026084777ac30eb1af1efd48fdecae3f6c11c0f4e3d251f0c0b5a0404dc11351b250cc3bb956a22b142dd83d2c25

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\God%20of%20War.jpg

MD5 d40d3b1641dda951397f85d91cc7da84
SHA1 605fe73ea3d21abd3de674152cacc77cabcf57bf
SHA256 bd9b8ebbd5e12f111b386111fbcae08f5545e6c8bacba466a33748ebbe7caf58
SHA512 18fa5dcb676a43e1ea2d7384f7fe34db2da738fa3b96f374b673fa935303c1226c72b2eeec65f2c96081e4da1a8ef742c60cef82a003510defc48e8bc91d3fef

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\FishingDay.jpg

MD5 53cf0a2de9e9f375a5cdc5849c19f589
SHA1 6d2e7dfadc38dac294be97bbc4e73b332127c5af
SHA256 19b182dc9d9580aa0ca41367618d877f1cb4e53830dafdda3b6298be0c001993
SHA512 35e9a5cd1735049c30c9a3b88b67359c7d58d9d56595bfb41166b24340ac1a0e5446a6c2d6e063afaa1fe905968b0734634658120f516068f5c65b9030939340

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Fallguys_v2.jpg

MD5 58eb944079ea4b055adf9f329de463d3
SHA1 33deef3dd78e844b4c3544e5afe39b1acfe7d757
SHA256 2e4a44fd6efe2b6fcce4966613b4f4e79c2040a79a914d8377e32127c49010a5
SHA512 6884f1b837d995283c44436885b3924d8740d795b4343ccd1ffe216b07290893abf6c8d5b10fa807565c443662915d54fe098ac93d648b940f0caa313d5cc69f

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Fallguys_v1.jpg

MD5 a795acdc99700b1d4a098b2caf3d39c6
SHA1 178595904d29c6cbd3efc5e71cab28628ea58cf1
SHA256 5bae893db8e438bc28cd34ebe0ec23c3826f1a942d0e336ce2395fe4a5ddabf0
SHA512 8896e458e201eb7faba10ceaf700a1dafda634e5ee36b8065bb8f33b83c06a706f3ab92a4f20560301410ef57871831a7fa014ca9798f58f131f7b36bc63746e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Cyberpunk.jpg

MD5 fccd45abac1b102ef9d852fb95241618
SHA1 b8362d3e44a50348f5e687d62e94ea1ea186987b
SHA256 2325390bce62c4bef9f0262222d2dd74f06c3033ad864de432337c75324e1f9d
SHA512 b250daaeea81011c844f7d1a93f7d6094de12074c6bc187d7051dba345e997c8d96d6d20bf725658e793b61569789d5fb5662d761dc20ba20b2fcc44a0289e05

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\CatsDay.jpg

MD5 c25749492a3f86516fd363eb33e48703
SHA1 6bd0604b25a74506a2bd9006ddadf7dce1ebae16
SHA256 751556778ef9e8ddcad5da225453b258b369596dc8e1e072f2d700cc1cbdf3d6
SHA512 de98588d60cdf5a6cb11cdbe60a79f77345ce428024ec888cef4605f3068a1a86e57fbfbe8f0187257037ec9c424df6aa8cf81ff203f9763201fd1731341e513

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Anime.jpg

MD5 4f549243fc39cc27215f04565c625955
SHA1 9fbc2dcc25d07f85f9eebcb620392b7187bc8d92
SHA256 193017ea61d1b56fb0c834d8d7bfebb69fc84da0393e41418efa7abbe7cdd0e8
SHA512 519d1730a104fb70cd192d13d260c7cb0acfa7104e4b5dc4ae53a057ef05ccd8012f0a960e206ed5a9297a8df83fb1f6c408196019d4c440bf0a74c419946345

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\backgrounds\Agents%20of%20Mayhem.jpg

MD5 c90f20fe086f92334e9c28617b074977
SHA1 e22c44b85f4f6ceb0fec2a568252aa181df258ec
SHA256 e24de8ea065066522543e0919697af69036f2a554746172c373cc2dc9b0ff895
SHA512 31c7143a1f76184e87847ebc63fbbcd77a04573d456f15782f55869ee7b5b9ee3b2295b06e5f581d7e4f46e67399b2c97890646df58ecaa05de25f44ea24a2c1

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\Steam_press.wav

MD5 f8eab8f1b49b806f490f8716a8208190
SHA1 d5e7401f403733c071347616a2c0a069f74be52e
SHA256 e7c36644507ee52d11ad20e17a165bcb4bb7efb14c573cd29921088c03777241
SHA512 71a75f1e5fe3204caa70adc9d8c8a96155dfbe0b131afcc4bcd55908048ae314b81a84b54be21a1f99321e89cc4c77042bd0d0ad4033988af8d0042060631d31

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\Steam_hover.wav

MD5 2d9be331ac50c9a82af0ffc0678bd575
SHA1 c455196af8db5823ce8f6735ea4a4f70a595a2ca
SHA256 5f53f2d8499d27dd906587a6d0aad05d5c387ca2fc1c12f26c76aaefa690c7d6
SHA512 645210077b7110661982a76484915f6f6e63267de472db86a89e5ac8d65a790a01df8bfe807e8d309c3609ab009c1fb1e221799223c648465d22763e7ba00bbf

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\audio\Standard_press.wav

MD5 f9a86f1da07c3dea7445f34ae4f793f3
SHA1 17e4f9d7d5ce2b209b513a3b1a6745adcd898d98
SHA256 fe7e148d5b80eaf49eb7564233b87679e53fa4e68371aa347f18c1886a99bff9
SHA512 2052873fba1482616e7be708f6328d708bc095b327416bae6c83679ef4e5f829e8d4667292868fb7ad8fbea52a54d069ef6a52f8ae603d9fabffab4c51336c84

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\AssetManifest.bin

MD5 29b2176e332fcad27b610e65b68d9b25
SHA1 41e5ce04d4ba90e0c0a0a04277065d4aa9203567
SHA256 80f2fb484f4bd47358e6ab0c0b8c0be903ebed49a6342ea6b6ce3c90a731582f
SHA512 0e7528b70ee2e024792ba91a535a1a6b93335e4b0845bf000d0e84ca05d68a28390b3d6e47a3ae11cacd6284e6429662597d53b5f2d041553e4c1b2c9b87df7b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\tank.svg

MD5 7855af32dff90b2cc7d7fb479db71336
SHA1 a40c2a570b91611a77d7a126448c66483112692c
SHA256 77dca18f3f1c496d254fa492e98a5fac30624d3c0fbf88d52236243c8d770ae6
SHA512 48bc6385e5b9b8a8a920e50b7812b075bbc1a96d0ef4c0b08c623be5f371e0bfd4e6954a907e095f4f69eefc35dc0b20338771edd35ab8a7b033274089e5577d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\trust-properties.svg

MD5 68f7f4bfca4e7d6655f7d1bd1f1c3783
SHA1 91ad0a65eeb996dd55bee35a94be2feb950245a0
SHA256 5765a598fa870071ea7da43b6b00b7842c790057d92e140351f641efc9372a5c
SHA512 c8d1a91d1e7b0f34f27c21965cbe45a4d89c4e12914ba1c4003f31f35be4e22f66dce43066e477bb5266dcecb1b60fa8259057bb4cc9cc997b3b98e3ef5bf416

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\unavailable.svg

MD5 48698f89462558718bf9a42ae94161db
SHA1 ba34bba88a5266d10446dba9157e86f34c009e3a
SHA256 a98b6f3e36155c31f47702b9eab4b12332dadfd5f51f5814a512b384a306529b
SHA512 2ec3e543f9cbb177edcabdb572cc0053008b17de66dbbce438efb14b59eeaa5c3b73dabab3fd5c04c5b6a424aab2e29b6cd0528a140d8fc0f5d22ac26e47fe72

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\cloud.png

MD5 4e33a88060a2aecf121ae479710dcc95
SHA1 f70695f0db1304b22d529f6968e2b398fd1e54f3
SHA256 2a5515e13134d96b38a86ff57bcf9b584c150d230ad09a4d8b4773ca5f43c9f8
SHA512 e724dbfe191bcf2587e95881de177c3b03532c430f9767ec45002fc4114a926dedb43d37b78acd07aa94dd3f6472f31b7151448ca0b4635f0d9405198130f04d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\window-minimize.svg

MD5 d47255b6d3e685cac4804eb58207d0b6
SHA1 7fe02211cf6b77f3971522a3b3888460491ae153
SHA256 29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640
SHA512 b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\icudtl.dat

MD5 da48e432fe61f451154f0715b2a7b174
SHA1 51b6add0bbc4e0b5200b01deca5d009f1daf9f39
SHA256 65ea729083128dfce1c00726ba932b91aaaf5e48736b5644dd37478e5f2875ac
SHA512 5af9c1e43b52536272a575ca400a9eee830a8fcecb83bb1a490515851bef48957d8de669b9f77b8614eb586838af23385e1afce622edb82a90ec7549f882d381

C:\Users\Admin\AppData\Local\Temp\RarSFX2\api-ms-win-crt-runtime-l1-1-0.dll

MD5 f1a23c251fcbb7041496352ec9bcffbe
SHA1 be4a00642ec82465bc7b3d0cc07d4e8df72094e8
SHA256 d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198
SHA512 31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\shaders\ink_sparkle.frag

MD5 9942377cb3334be0cc96e4c5f581d87e
SHA1 64e9fd0da76b0dac46b63e5fc87031ad0c7daaab
SHA256 0ef9d9012e179ffbeb8e89f45da87066c7dac81f715b77f700b7a9c6f64b1466
SHA512 55bb79eb1f5f19cb038cbe9460d88bd425ea57e81107e9473ffdaa28a922e3e503e2842019f1c2f2167744ba56e2a7a9395427456d46ad5b1b9d6b709ddc0c5a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\snow_alternative.webp

MD5 d5ce493b018954f7eefb569fe185df05
SHA1 e1949f46a030b8163934555c3bd5e40a79e11603
SHA256 be9b4f5a0088ff9f3d953fa596851b0c015f00fa560d59678a770071873c6d6a
SHA512 a325cfc1e35f585a5b9d3f5b23f23708a712b975d80c295182450725c1238a49d2be00cd6953134052584009e204e6fc744d9abf3b58146ae71159dfd8d45f6e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\snow.webp

MD5 e2002d0e20b636bb2ee67a869e9d37fe
SHA1 dfee3c36543b1d638bfaeeb528cc27a0e5cbca30
SHA256 890d8963e3f72df8b7dbd845d3d8997765d3e756204cc20dee6e91fb54828067
SHA512 24f516da534505b0169366d4819bc6acca9b4699071ba77c21c5a442ef6f37633bb5440978297c130f77d34421d0fbb6b9029e74d6e273bfe9a03874e4d67004

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\rules.jpg

MD5 6e900cc7b7ddea59a540185c7d7ed195
SHA1 15b3c3c8ceeb1802c41f1062318c92213e3e1eef
SHA256 a8061c11e8b16ed68abfe9407710dcf64fc45e3b2c4cc86be3459dffb5fd55ae
SHA512 b3134fae88993d68fb315797f5639eb5f8f0bb359cf2df6aa6b86f7827e275fde3c62a8c59ba2eb4a3f45a0f42eb4f42c5393f781cb3639a34162d6d79747c0a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\rain.webp

MD5 be14922d4d3c0caa92982861045a678a
SHA1 6420897088656598492473cd468b072da532dabb
SHA256 d93d33bfa57151721c3e3e196d56648c066aa100d4a26adedcd772cbbcf19422
SHA512 43290f48dd58e85cf6853a900bc469848e99e01faee4644d5605ed4079ae4cbda8e2483d81f847010ab60ce9ee808d54729c75ac5f14a965e7e2cf4c28599f86

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\mascot.png

MD5 74f6778f1243a09539ea88b380137eb7
SHA1 1a8c065ea714e7d64b7653299b47b16b1d8590d1
SHA256 2cf6cf4a5f53ce9a6d8777d5830973a9b35b959026ed9c25cdfe4c71e92aa525
SHA512 11582330bd6ff38cfe7f806d2b8a238f87f154dccf9caf27e04595d6c7c7cae590eeb58fd34e8524a38d5a58aadf1d75ded1de0722f543f73efb83266ce7cf51

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\grain.png

MD5 3577f702479e7f31a32a96f38a36e752
SHA1 e407b9ac4cfe3270cdd640a5018bec2178d49bb1
SHA256 cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2
SHA512 1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\forge_second.png

MD5 671511329c2c9a4437f00989da0787f6
SHA1 61f989681448254bf755feaf22a3dcc5d0d3d976
SHA256 8fa8ed76d7026bedb73a430354f5acb61f1b9eda92600be7722a9d2a701509b8
SHA512 cd662492ee06c247d296a350361ea61df78331ee9e4cf6d708d89934f6aa9d89f223d59ecd4338ee917111aa2aa4d1b6a13776577195f61fa9dd83d8069bf5ca

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\forge_first.png

MD5 60f50e3b0b9d67696890bbaf948fc24a
SHA1 a6eb2b4d94c7cf113fd7361221a7d63d6416f28b
SHA256 ea2a6db83709b5b42ae6d1ae5a6378522076b92dc93b7dc91252c02696011fb9
SHA512 ebd2d91b5c6074bc5dbcea046633d044f550dacd20ee965a5daa3df308014ed71af5238f4b6eae6d9c51cd927f36f2e5ad302d7e9a7249365902c72ee873846a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\fabric_third.png

MD5 fb1a9af8a489482ee687af17943d7695
SHA1 5298977e8ee29ebdec8830beab90d3956470b993
SHA256 c1128e02c6d0224815c977fceda04e4b46d0bd3bbe4347c78f3c13d7b4fb5790
SHA512 31ac298c758104dd7cdc50d2207d1b2607de93c21a4d0be2841c2740880d7c4f17e2d895a1e4d72bcba1ceae9d0490d24e96541305438ffa59bff77fb3f0e32b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\fabric_second.png

MD5 c48f2a20219aabb67ce9ec51421b3eb7
SHA1 6e4130ff325b718946199fd1b6c0e422143a6cf7
SHA256 4652197bd4a0c083889906d1f98d8b3df814eb1973b801d1fb62ff64453e5a47
SHA512 b60c06baad9d7ade0574b7801e1e45ff0eda32ee119983249bcae133c596188706fd52ba25fe476fe1f8b091739815d018d8a5bb98493304518220031f6ebff3

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\images\fabric_first.png

MD5 b963160c79ba79dcf17d68ef099b6fec
SHA1 15c1b1973c14e2490d80f31880d01f661b70e457
SHA256 c728752d70fdbe11fb366bbe54abbbf25787a89828b0e5285e96a85a6fdf7367
SHA512 2cfe6e8cc903e180ab7e8fdbcc1b7c125ea99bde7cfe0bbdb946a1329709d1040138539bf8a0fdd95754f5583de86e95aa79adf0f5beed36db8d3fa2a4d12632

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\warning.svg

MD5 c42e6317de597af012f9a7267464c150
SHA1 5ea0236a030df8ddd29e126159520b0e6a6eef61
SHA256 b5a7294bea34952cd52cf5a1ac8ba41b278c127f1402059864a05a8a6e33b8a7
SHA512 45c2faaf26c0bb0f9316f0043db80dc5e6d189c5abb58a117bde7825aa59376d67e690c376876f440612829e71f62e59de01fa012950a71de810576339205252

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\verified.svg

MD5 9ab9683f4c362bf61728890a49c8fced
SHA1 174cdf1bf74bca6d3c10b7fca4c3e836551d85ef
SHA256 97e0484bc7ef63ee1af8dc1f2ad7373df3af86f2ee84cf841d2271872a87bfe6
SHA512 5ef40535ec31c7c593abc64f389debea701d38508a0584a8d4edb1cc30006cd82c3afd35a3d7bccc9e394752f979229b2ae117e4db8f8294543fd7f7b65da4dd

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\vac.svg

MD5 186b7ea76594b0ccb50a101f8f0ab492
SHA1 74bba53aab0c731585ccd2d0dc1a690d4839c14a
SHA256 f5f1576714bfe15e0f2b7b9c569c28b28d06567af9bee2f5acb1595addddbb3a
SHA512 f757ffc341dda6b64961f4f0545536bf299322881dbaee93296047e55c7cb5968e4b3bc28d63d590b443eb674ec8a0f7524718fbb694ddb5ebb58dddae92cb0a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\users.svg

MD5 9f706b5b4f025b4e125756782ddd3111
SHA1 4bea9caa95fb6e1fe21bcf9071b7b1ab9aded627
SHA256 258c88f3e73d5483002fe13ac211fc0be091bef6dd151b8acd41e8e6f3aab228
SHA512 efc0d38d48957a0eb112743e14de11db32619c3997f016324cd33f023b26e90337caca392527d0e077341bdb55da819732b4e48274cd3b7ade32a24a4033ef1e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\user.svg

MD5 eadf2232ee1eff5561f5411ef3defb8e
SHA1 7e1d568982e18cae9fdd6f2493e6d7ce84107219
SHA256 05ebd2d607afe9aeffa66e007dd6b06126e7f20ec0a8d2f98fc518ff5fbacb1e
SHA512 0378b56e564da45e2b998fd2f64afeb8e75dc53745f036e4b1608702f76c4017acb607038073c73c5a8857e82ff72b11e427641596c9b598b6bb63f51af615b8

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\upload-sharp.svg

MD5 ddeccb53d26f577c1c3000021429bca5
SHA1 34f87b6cbe4ca0d316066478b776c7296094ab79
SHA256 0213adaa7eeeaa2d2dcc7ca61bfd6432a60f853e9dc645fa092a4d1d929818b9
SHA512 646ce8449ce493295d3cb83dfa948c8d409ca7bb84f4edbeec415db33e47c3e2a5acb6f7d0eba6a72232b2531e76e59c6780d8d29039d9c8eb94092c501377ec

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\unverified.svg

MD5 196a6b41ccf781ba8cfc0a5ad883a410
SHA1 93cb25dc5cc812ae95b1256c1ae573a3221e6e28
SHA256 908afa73e8e62cefcdfa6ef29f47dd27cc39510778e56701189a72395dd82079
SHA512 2c7684b9809400f1a55724e787bd0357f688c342efebd6a8b1429f52aa882b4082aa484be7374a1f9cecb6c35babf43a8ceb1c1d3bff7849c0e3f299b50606a6

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\unsafe-shield.svg

MD5 14be3d3f613f8721a913387d64972c93
SHA1 aaffa7eccffd1670b9a7c662c63a7f295c2677b4
SHA256 fde822d10d89589b1115b240e1f26e073dd8c2f08eff2bbd78baee2d67b008b4
SHA512 6a46fece02b3878c6e3b661dd89da2cfb9782e950b65710654b0a4809417f2f4bdd25a3adba91e539a51037dc5060507ea4bf05b14358b808d66d759de9ebfbe

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\trash-bin.svg

MD5 d5befb2af2e0cc3151729a6cdbd2dd21
SHA1 c2ee04b48a2a588705f44fbd51b7e0cfc7624939
SHA256 d75b029e4f510d5e2d93f74134f541ba32bc0cebac9e58c1def001f516ac033d
SHA512 d30ccef20ead411ebce3c90667d5415b9e7a9de58b33d298768878642e73dfb7d2e045573a3be69544dd121b74e5989accb358f51f550fb74a2e6a707cbcb382

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\translate.svg

MD5 f9d2306faae51aca57133a34d2b09f96
SHA1 f5541b425fc767e3db8675c673c9377a5a722d73
SHA256 d6d4fa06aa462ad1a447f60f17d4def3d205ad3c6ab3855837abb5102a59ed46
SHA512 581f5dffe71fc71d3cb858ac18da38c229f58dbcd795a6602a3cf0e9089faa5d91bb87a3ad3ab808cc2670419a10daf73d09d2e2567e7b24202ea66613f2f2dd

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\tick.svg

MD5 27f4b146b42afa92a48bb0eb2e12fa72
SHA1 bdab53428c503a0aab798747199139260d7b7be9
SHA256 8c136430bfd89c28ec19d8da20962839dd24a4a479bcd0fa6698a8bdbf71f4cb
SHA512 d1f3cdcabf1e223dd32a2e4078fc309c6232e4bb9dbd26b6a6d2029d00d8a0f82d4f2fda7fa9e3e26c7bf0540250b34cbbb6343c99ee9d90530b3b347376516e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\thumb-up.svg

MD5 7072e946d9857df0093586d1b1c8a0ca
SHA1 6bb0742c4c2a8b68c0329366e471fff36e2b63f0
SHA256 95927e4472b0393a8e3777f29df90dc5639e28389b92a3ca694bbd25c633b635
SHA512 c997c637417f0eb875b0813e4d0be300770fc7c378bdf41415b058e50cc3ba820ee100a482192cee78c734824a312d62f16cf8622526b87ee1c2050cef029d23

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\trash.svg

MD5 a8b7021db91c597a908a8e16b2431de6
SHA1 ad81e951cb6b5aadc73434cdf003a710bc3f7924
SHA256 d5ddc17a028eace0f086b61eb9e3d7587add1352d4d94236b6840e08151b2f41
SHA512 affc0fbe20e514ce86bf4b8b05a72b84c9fdd8b2537aa8da4947d6aadd9cf0091d7fd6bcd11213d79860199a0da88f83c3ee72e508901ebce9589c23ea6105d2

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\trash-can.svg

MD5 273ec02d2599881a1a2ba63834f06710
SHA1 a54d22c77fc771d77239dba0e99744cd6150392d
SHA256 9082e91c3f1c4954c5cfa8066121bc8cf733fc25274a15514e6c9feb8666333a
SHA512 767921b027a5a5f1e09e86d44e5b9ba4ddd9b2b50f7149e438ed4185b3d145a856066668dd7e04223094fa399d9ce9c228fe00c8b006737f7d6c400dd75defa7

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\translate-not-google.svg

MD5 ba11eafc76e1a9c7ab7cf2554672c95f
SHA1 74a34cca1c85ec180d281c2e5d991a932c66176a
SHA256 2270bccccf4caf3cccaae3684abb49e2cf961807367c7c54c69f6b7eac90e084
SHA512 db6ff615361837168460dd61458e901cb9f5d751a715d2e5f9c2576506440c31c64cb0c53048237f24fda065f0db9dd7a8f8bf12d9216cc722ff9e521e13e9ce

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\thumb-down.svg

MD5 b762767c300fd41a4e403f1f7339310c
SHA1 5cab80f32b13d770094c3e99c218f1fb4599572f
SHA256 bf10ff0949925e08e28b1464a548aca2ca9519bc44816d7781ecd200617ca1e2
SHA512 3980738f7b7a504a52c999700e2c7719390c5515ad3a6386b0e2d245eb7a08ffb9c035017bedf28d9d5aca0d8253f4e923fe28890f37b1857077fd366f7de3e3

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\telegram.svg

MD5 c6dc06702fa6de8cb564fab96f8d36aa
SHA1 5451dc7290ab83a08334f8000a28a5ee766307c9
SHA256 b635a37f40c8f77d84bde8a9b901b6df7e1c240cc466e69602554a0ecd1c9a65
SHA512 115c59f16f171db09fc9130bb30f35eb0009bf02d5bcc468489697d19e1a6c8787c47d0eb701931052d12334907c33b8d28cd1d90970187be4a6b7755b399e92

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\swords.svg

MD5 f63bd6514a0375d4970f941455154324
SHA1 d0a7fdb97118054de2fa5f247614d2f9735d84fc
SHA256 1cb47c1d51eb97d61903b7920d5012b41002ca324dcd305774d3483315a278b2
SHA512 7f0ac43f0f440c5008c5db947bb42adca63f97617e0e2f6dc2e5fe6a17caa9f93859f621e01e0b218dc3d6f7bd322c5a5a1c2c468f3b6fac9ec6a3b2cbff31e0

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\sun.svg

MD5 48efefb993db67b490dcfb283a5d686b
SHA1 a38edb69d6d1e4a181cb35d0e0cd1f108af87dae
SHA256 63d5c7b36f02f6865ad9a7934a8cb8a690f6bd613762e5fcd89780328c141eea
SHA512 9c0892dabcd25ba33c28f87b8ed28374754b62cd8d689b82719a3fea8db405931c647f725d30c4ea65cdb447556dcc1cf72c33547f0d81740da406820b1de4e5

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\stars.svg

MD5 6d697dd4db9afa7355c678076704585c
SHA1 72f4f54a3c7b6911689339a275e79bd9541c0e2f
SHA256 f8481043e8261bfc105f07a8292a5ea51581f89bfda6af9205176b602fd46922
SHA512 9b5e8b54ee16b9e40e4e8b5f9b30f98788aaaa23d607c8d2f16783c181ba575733aaeebc2b069ea7e31771e5cd97ea84ce2d56e820627dd245c1ddd29211058e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\steam.svg

MD5 e2c7a3175e1a066f40348ce3827c85b9
SHA1 c61ebcc657d33ed22ff54b28b2ed4e90c784b4ef
SHA256 a3be819c2d6c54223ce4080b3042e294e4622edef1da0bfd949536a44d46dee9
SHA512 7abb94fd90520d66204c213340f17799e1686396dfee01428e522dfd6514f1e3fb476ddbb2bedddbbfce935fc4b487c90226ffe64abd57c2960016eb250dcd12

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\store.svg

MD5 46fd6e7dc2e37046f822e661cd836847
SHA1 24c46a5b3b02a0cea12626394c6ca5d15bf739e1
SHA256 85b0bf37780a8ab9b95366a8365c402ccab05c65ed3042d4c35a9a8789483490
SHA512 add4ca056427861503213f41a7e944cbdc13c158fa6432edd85b5fc204c1a90827798b45faf2db047570e34899b0684f841f70be42fa40a6c880e065aa06fbdb

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\star.svg

MD5 0e24399c04f2a930c8a2633bfe1076d1
SHA1 ddaafc85748d3abd08532a6514e62d28a2f0e0f1
SHA256 afe9b949fa604095b120e1d9e6536c312d8ad75de3dec62d105be3585bf201bb
SHA512 e1c85a650a6a4028b2d74a656e13fa6bbb8abbb31bd9bd9b83338c3690a01b010d68b64c3e0f5cb2d6daf0e8af191d1b481793ac02ba8da9f47935e7c3cb392d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\star-filled.svg

MD5 8e50361e84613ae81876f221f02af156
SHA1 4bbb4a2de17875c1695d7850c4c42fa09863b8fc
SHA256 26f32a5d7fb810f0345e52eb7421bf3d0debdb4deae21f6ca6d48428be939eb8
SHA512 a0ecce5e5d4959be19b413d6ad90048bf94ec24bcfaef9d845b5ed2a9a8f6c185d3177f4afccc1f2efb4fb2908f47a833caa1c1fac02ee237d1aec5e85229017

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\sort.svg

MD5 b866fd2cd6d61e5da540360ea8932272
SHA1 d197a3ef4f47d2712609e83b82d1b4aee1e9d713
SHA256 49f6a34110c16315da0f3506ab3297135e4622fba8e8f48720a88f55bbe8cf82
SHA512 fae1db355568263dcd5b1a5af5b4c50735355325e32a04220abd62575b11b8d348480dcc3ede5824843b27d265999c6831ce54fb2777b88a2277bccfc674a280

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\space.svg

MD5 d29a4435600e5efd38793eeb9c21be31
SHA1 406157a9cb8cbd0fa526090e0a0dc53b1a5b7ca7
SHA256 6f04a0ee0068f4ff81ea72bee4e5ac6ba4292b47889d7e1bf3a726cb381e77aa
SHA512 2e6a7604f53d21aa12800de2eff498141252caf0de3ac7ee6d738eda189d1ed5e5b0cedb8044e1592abf738fec9554a65e9802b5ec63e71d18f0fbc81011407e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\star-border.svg

MD5 ff09f8631f61aed97367a1f63c1850c6
SHA1 877f0a6cb5ea26d73d2a3a0bc89240571a4d56fd
SHA256 7e4a0bc930ba4a69614c0a211920943fff3a2c8f08731c5a6d0f738f06cdaa6d
SHA512 a65552fcea5095a5051833d9c90305cff3b2c18444e0dd7c99dd71da460c06dee33ac2ae30ed40eaf8143b2acccbf0eb9415cc065f809704f54c5f8130093e57

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\sort-ascending.svg

MD5 71095e5a0bfa275682952a05c70fd298
SHA1 c1b8ddd9fedf3ec82d33b02f530ccab5ca10cbd9
SHA256 af9bded13a95a964fd2f4f5731ecb3ac6f1d57273fb4393f3150e8416e3ba126
SHA512 67e78860bae750691749347b60f5931305590a085c986e68ea80f03d55fbf7e1263ab014d8baf9c7afe5db25ef321fc730262c3593ed1e5d4c3cc103f7560a96

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\sort-ascending-reflected.svg

MD5 ee786b0e51706b3eb2f109c7d5d4c358
SHA1 edc1f7fb87020c012799157e7f353dd5d828def3
SHA256 82d60dbef6c11ba1329dea8e3a2d1b5699cda01952306bf3f2c0787f1059b594
SHA512 0a41477e32eb454f66dff7e0f5b16a65b7e7f47632fc8d3be2a9252c7df0af0a43a61c72e3ad57062ff3050e5b608785d6b779020ef161c9b1bed2a5feafd36c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\shrimp.svg

MD5 2176f38ff18d21720fd036d00a90e7e7
SHA1 01f3d59032ca02c6809fd06c1c4430793f8619a4
SHA256 ee09dd9b8e42bcee9806fd74924ab9270a99149939321b1e891ce3e6d93112f9
SHA512 e0037d4afaeee591a29ed1b0993223b12662acc1f2a7b2b2ea108a5124ec68ee84f570759aa9dafdd1c72c596cc215f177c2a096485bcf680177b4e2c020ae3a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\shield-exclamation.svg

MD5 3bb35f1854f5fd7603dd174a1da091f2
SHA1 b50916a5aaf1cb90a074fb1d8e1868c84bdceef8
SHA256 87145f393339d9040c69131e1d51203a87b3a01cbc7148491c0fe4c3d2e8f0d0
SHA512 8534efae20e03caa71e4df052169b1fd72d26e5bdcc5494c52ebabf12e4863ddcf8f9e83c722423b0705f82d87b0dd26a5fb88492aee109397592a2f6ba3e093

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\simple.svg

MD5 e0a3f331813338ceb7418e48ee6f73bd
SHA1 147f115ced91d8c12121f5e6ec564dc9c14d5da0
SHA256 cb52988599550db1c55929542ff7cc993fe8de6bf231498fa16fa838ee63ee6e
SHA512 5fcea372437a360bc731d78f209991b781d05ff4797d3dec0a688537847b8d6ef750508f302964f0dc1e74e0d86a92fdf7400db53d68e48b9fce5dda39102b8b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\selected.svg

MD5 eb6fab0b82ca74cd426ac51c61fe3506
SHA1 6eb166dcc9827c05b73991e2eec6284b71efe429
SHA256 201f905052a49006744a28a3d391aba2ae31dc6ca345e1ae408f742e5b632b5c
SHA512 07613757bdb78f0a603b18a66fe0903279708d0fcab0fe5903bba44cbd782a3b0d85b0097f07f68c57978697f8110cdaa98c61d4ba81a15c8ebeef62020797c5

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\settings.svg

MD5 ae7d2bd31f05120461fd0e5781f6eb10
SHA1 8b85efbbdd7de78b27dd66d52c7d70b8f317e492
SHA256 92c0de4f5734114bfc4b4b8802766a73f96f7a0c05e4f4c3e02cfafa781ccbea
SHA512 272b6e847b376f3eff9ea9ab46f4ff544b1d2cff0aee00faca2039a625ffd51278e09906dd276e99ae5251e9af3b3f546e156b4f6e6447be583917f68bd46dc1

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\selected-check.svg

MD5 98db66ae594431716df54e5e2d65a85f
SHA1 bb5535667238119e31aa0dec71a963e8825c466e
SHA256 d44c81ff7aeac695b1ce5f6ef675b29f8f048a40273e8d27522e8681514f0dea
SHA512 e136154a48a173716514a1d5c7c291fd7c4e45f289b1f64838a103fc0db5e21b887d3ee8c89cb7a9258dc3a51bd0a2133053cdb1cf5787fc88e48810e9804339

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\selected-viewbox.svg

MD5 6865fba9d3b1f2d7a066d3a60a7046ac
SHA1 bb65a60f047c017fc629ada2dbe3b1af83184b17
SHA256 67437b73363a8b6b2cdd688b1b3060d8c0e2b55b0ff10325b3282a730a1e1035
SHA512 1f2fda9f20d953dd8cdcef0bfa9c9d37765ec227540a385a02e8ae680a47135fd0f1829e94ea298138dad41437106330b59dc9844de838185baa27b827855004

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\selected-anixart.svg

MD5 8b7792bfd8ea18d8e3bf5331043afe90
SHA1 7db8594f8737fa19aeb4132d09f5d6c37f177cf2
SHA256 fe5728b21899f66040f293c5b4f8835382c9dd66348dbb7673d95f035234267b
SHA512 12fb75ac3805036b685efe9fb355c2c07424c017ff6cce8a66a427dc0df890191d9970d5d4e85129035bac5c00b7318bd54c6a8d80f455574bf5f50853e9a8f5

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\search.svg

MD5 fafc49bc19b7bbb0f09c3fe2a3d369b4
SHA1 52dbf44bdbcdf7cbfe216aabf480af5f6b1d918e
SHA256 5753c64d6cb9bacb4be302a8681fdbb7dcb22a074e7abe5541593b532c75e677
SHA512 87217db5e8cc30a4491baa4659b206f86087f6db2f614839cd39aedb8ee138566e3d00024af473f6081c11f98a2dd395d54cf47591f98ceeb55f26859980431c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\safe-shield.svg

MD5 dd306546543e757eae65e926f8a91c6d
SHA1 f1219557c3b57412585778822c48965f1f2ebad5
SHA256 6d2792e05588eec8656928ca5d3205beea8de6b0d007f76032f7bc9b5552bb9b
SHA512 14ae0b3e55b5da87da153893a2e389da00d7fd294cac85912ef463544760941eb7ddb91bcbeee47822d19320e3ed3c73c6a29d52d86944cf8ddfc25f4acbba74

C:\Users\Admin\AppData\Local\Temp\RarSFX2\data\flutter_assets\resources\icons\search-alternative.svg

MD5 efa454a054cf395f6a373f48b2c84b6a
SHA1 6bd9b228b8466d58136ddc075dbc2718ac1e7b8d
SHA256 c481bcc1e950348b104fded2fa599ed5db60ac49d8e70b97335d447582d99595
SHA512 d140d638d4e50dea0cec0248c260553ae76ac315691ed07695021a3f92d2f1a794ecc13dbd58cc3eb40932aa32c2cc66fbbe689038c844cc91618b55eed6a0f3

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

MD5 2bfa981619d7f22c5b55601c21a609e4
SHA1 35c02c8fad640bee9fddee7ae868d7e4d438d3a0
SHA256 66670ad3b63206a11a2442b815fd0eb6793c90e999c676bc35cef864646743b0
SHA512 ad1161a1d9bdfcc3f0bf452644d133d96f0dbc5b9068990a9f99b0d0949c79f37459d592425eeb014e75f12451efa485fac95f79b30a8c89ce1148a5a543b577

C:\Users\Admin\AppData\Local\Temp\RarSFX2\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Program Files\ExLoader\ExLoader.zip

MD5 940bba848ea353d3f199a15d012b4c81
SHA1 643c62fd6836567884f1fe16ba10c7fa612c6545
SHA256 08a291c12f8f75fddd0efcc40eb45269350c1949c9f502fb9abbd5461ad80176
SHA512 b28e84031e0fcd89c401c63cd766a44cdffb021fd319e00edb7941a08b70ca6387afb7f0500ca91a56944e234d7d3352ec059098fb048d02503486825040726d

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pc1i30uq.25v.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5988-2621-0x000001B9F2E00000-0x000001B9F2E22000-memory.dmp

memory/5988-2633-0x00007FFA44FD0000-0x00007FFA45A91000-memory.dmp

memory/5988-2641-0x000001B9F30E0000-0x000001B9F30F0000-memory.dmp

memory/5988-2644-0x000001B9F30E0000-0x000001B9F30F0000-memory.dmp

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

MD5 d496ffa1bf8c838aaf96f2b150aa5773
SHA1 e7c507474832ab73fc6e428420dc43e5877765f9
SHA256 9b444a104f0a9329efc25edb05db3e644a8e6bdf0a6bdc93488fba3940cb9985
SHA512 e8d95bed750e9d60fbd8356bb20476feca6c59cbe0f1e41f5aab04bd304e83687ee988efab4797d338ecd07a1c68e19a7a90b8d61ae35139e2ec25e1a3542201

memory/5988-2666-0x000001B9F30E0000-0x000001B9F30F0000-memory.dmp

memory/5988-2672-0x00007FFA44FD0000-0x00007FFA45A91000-memory.dmp

C:\Program Files\ExLoader\ExLoader.exe

MD5 933070e12ca43951df707079615c7f49
SHA1 b63b925745b921a38cf1aa10b0b37df9af85e50b
SHA256 843dfa9efd0b1324409e2f20a00eb5f8b3f3a2ec5323baad8cae5316b8922ff0
SHA512 7d28ce406357ac2738a98b52321e5a5552f3341bcc7a933357c783190ce5cd4b907d0a89001d32065a00b8609d0631b6a521f0bf5b7097e5e3fe52aaf640e2d1

memory/6124-2970-0x00007FFA44FD0000-0x00007FFA45A91000-memory.dmp

memory/6124-2972-0x000001F3B4850000-0x000001F3B4860000-memory.dmp

memory/6124-2973-0x000001F3B4850000-0x000001F3B4860000-memory.dmp

memory/6124-2985-0x00007FFA44FD0000-0x00007FFA45A91000-memory.dmp

memory/4156-3176-0x0000000000BF0000-0x00000000011B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-13 12:35

Reported

2024-04-13 12:36

Platform

win11-20240412-en

Max time kernel

49s

Max time network

60s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\dctroll.txt

Signatures

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 704 wrote to memory of 1428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 704 wrote to memory of 1428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 4916 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\dctroll.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\dctroll.txt

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd429eab58,0x7ffd429eab68,0x7ffd429eab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3804 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4804 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4824 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3168 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4188 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog

Network

Country Destination Domain Proto
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 172.217.16.238:443 ogs.google.com udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 ogs.google.com tcp
GB 172.217.16.238:443 ogs.google.com tcp
GB 142.250.179.227:443 ssl.gstatic.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.246:443 i.ytimg.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp

Files

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e8197e68deaabec1caac808d8a1b1202
SHA1 3b706ac97224e95f5db57eb60acf067ccf2d4c95
SHA256 89d5da8ae7c25fce8f1b74b2a02f4cb9d524dac5b752b35e511d399259a26d66
SHA512 609e6013c4683519b1d7448c2417ec3f528a0764f1ae9c9cedc213ceec2df497c187164e7b713e4a78236e17f6fc9680630551a7fec98c2432e308a48b8e66e0

\??\pipe\crashpad_4916_RMFXHREOMJDBXIKT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c9babc4c55b0b2864096e22b2962c75
SHA1 9077fb0e3081171f43a57866fe4858dbacda91a6
SHA256 70b4aeaa0f39edcf4d3a2a8016b0727cda08569051e3e380bb840d97bd767b84
SHA512 3c5b592e59f85dd555122d9dc4ebed9d60c9be7426d57c1dccc3d04779d5f9931f753cdd1cb17708f359aa85168fdeb65c309be5e9ee483c8c4c83349cb0d8c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c405540a923a7f521e672c8b399b9c09
SHA1 949e4b0453af7df4fa15f15bf2fe77c3c4ccaec0
SHA256 cf3c62fca03d889cedb6361232795897ca2269b78821f6ea179647c26a63538f
SHA512 75a4c5873099688c0fae8063ed30e310832870f0c3250dcf29f0c36c0863e557a5dc8c97e4983107821055969e5bc998bfd90018392b39c4979fefa0a9c1b164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4660f87abd01c5dda8445e38cebdabe3
SHA1 baa4a9169508797c1155ccc79f92a183e811e10b
SHA256 fca62c523d497c112ca2bf196fa1dc9e83bffcc39f4a848bf4953350b2e3bc46
SHA512 339ee1d3a2c68530b354bd47fadcdbb7be9538add409c785102b880caed3e675c2262d94c91213ef4b363c6b868020c1cba08e727f5709808a2e9c89f1024cfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 101b6db13eadd65161fad950953d435a
SHA1 7d28b08dedce36444d542b76439adb8cfc023ada
SHA256 4a1220a1d71748261b804880962ce4a30ef01c0be51cabc284ca122a4e511aba
SHA512 fd5f1d85861b1d176fcb4e2aaa4f4df167131f27a0c94d277112f0eb438e99fb4841bed248bf471b5725ffd4e140462a9a01f05e3be2b03c41436eec226dba7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57bedb.TMP

MD5 f317ab18347b333a79ec297e5d2ee225
SHA1 a880a8b5a5467d2c3fb9612fe012fac0ecedbda2
SHA256 b1dfb05f987da23483cf24419e2c4f4b09abac0cdc52791fb4ef8e0f4bf73083
SHA512 d7463e3aa4d5e033d282715b7f0fdbd2b4e060863c403572d96b4525dc6e744748e2478e05947e91785ccb999289dce4bba917d1226772f228a8a85b1189ace8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier

MD5 c0aaf6dc437b95d10bb053831c3cba7c
SHA1 f3b57f1b2dfc8a4ca0f366b7d1051d68f59110d7
SHA256 5d3db06bf246f33b99bfabbac16d6142e6bac695092228d5367b3cc03959653a
SHA512 9effe9ccb34ac61508648e32efb4f7fe8dd5ce195259f60707c720ac4cb9ebee0f5e944bda0ebd804eb441a8a32cf56336677389a9ad59a8c1d4402c164f2ff0

C:\Users\Admin\Downloads\MEMZ-virus-main.zip

MD5 a043dc5c624d091f7c2600dd18b300b7
SHA1 4682f79dabfc6da05441e2b6d820382ff02b4c58
SHA256 0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a
SHA512 ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 582934f0992e22c7ee5ea6155cccd217
SHA1 31d1325d93c0bdc61c29247f8d32cc8dc3171aa1
SHA256 e8c3d0a3d56ab34d18d0deaa3feb29cdc6044dd8b3c9fad75ee179b49408ae49
SHA512 226c7781b71f2a3503d59faa91db8a0aeb953c558ecf53a799ad34cd5c5027b6a94a9bfac81bc3da20a38e104776e816f55b80d008a77d2c202fece59bcc608c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f18df366121e6e7fbd2d6662341a54d6
SHA1 38f3f32cf9abf29942eb6639f0ce85c4c2259f2e
SHA256 ce6c930f623f2deecacf060e132d5bdc19745df625d43748add5aed0e527254c
SHA512 90692264c1cbd2feaa11703250d8cd6df18ca15c37361a1e43c52a8257cbb54f2e200050f929b22d61ecd0b05e73ddf1b2f71ff098028bed943d5cd0eb54a0a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5804ae.TMP

MD5 0fd7bdf05255079dacb935c0b6d48074
SHA1 bce0ba6952ffa3883c74ba7cc430b5f43ed95652
SHA256 6c34da41065c55f933950403ae333a1d4490682790ee932ceb36088c18637934
SHA512 5a563210b496016243041d6919543b14c3d7312f3c8f52a2ef3471d865dada4fb1aa4ed76de23e77d750a988e12851139f0955e4a004a75ab40111405a1a5797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 404d44449d3c6f72c97c9035bc276c08
SHA1 7d6f250ee8ffcd92453bf34c6f1d269b947a1bd2
SHA256 df02300d5b009010cbd3731cb32b1249d16c0020ae5f2502ecf92da7ed944df4
SHA512 11df6611b154f9544390f3562e9dfd3979c1543e57699029ddae4c8a3ec0c921fdb0607168d64d258d53bdea7b38625e12a2c0c82155d53327392476ceff6af7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9357091fa5749852c83f3ffc0fafd83a
SHA1 0ac7212f62e8aa5686d3959aa5a78a06d24d8cb7
SHA256 778c5a52ef87c43e68b21f1473ff09a26f249fcdfcc40461f669bba3503db05b
SHA512 194ce2429e6519e78cd6f6ca5a5768ff1e429a104e1959b552d0ed29631d07f105735d871032027e1287164f710bc3b17ebadd97796ed257d40826bbd4b66566