Analysis Overview
Threat Level: Known bad
The file http://Google.com was found to be: Known bad.
Malicious Activity Summary
Chaos Ransomware
Chaos
UAC bypass
Modifies boot configuration data using bcdedit
Deletes shadow copies
Disables Task Manager via registry modification
Deletes backup catalog
Drops startup file
Reads user/profile data of web browsers
Executes dropped EXE
UPX packed file
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Enumerates physical storage devices
Enumerates system info in registry
Modifies registry key
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Suspicious behavior: LoadsDriver
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Modifies registry class
Uses Task Scheduler COM API
Interacts with shadow copies
Checks SCSI registry key(s)
Kills process with taskkill
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-19 19:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 19:34
Reported
2024-04-19 19:59
Platform
win10-20240404-en
Max time kernel
1454s
Max time network
1463s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Disables Task Manager via registry modification
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\covid29-is-here.txt | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4C15.tmp\mbr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29Cry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29LockScreen.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-1739856679-3467441365-73334005-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\4C15.tmp\mbr.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nw7o35vzw.jpg" | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580289292678467" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29LockScreen.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe1b289758,0x7ffe1b289768,0x7ffe1b289778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2716 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4684 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1528 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4600 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x390
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5312 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=896 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5316 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2948 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5744 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5920 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5136 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5312 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3932 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1748,i,4523168390546836272,2843352418238677817,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\TrojanRansomCovid29.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\TrojanRansomCovid29.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4C15.tmp\TrojanRansomCovid29.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\4C15.tmp\fakeerror.vbs"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\mbr.exe
mbr.exe
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29Cry.exe
Cov29Cry.exe
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 9
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29LockScreen.exe
Cov29LockScreen.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\covid29-is-here.txt
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3afb855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.31:443 | now.gg | tcp |
| GB | 54.230.10.31:443 | now.gg | tcp |
| US | 8.8.8.8:53 | 31.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 54.230.10.31:443 | now.gg | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| GB | 18.172.89.29:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 29.89.172.18.in-addr.arpa | udp |
| GB | 18.172.89.29:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.158.152.241:443 | api.cmp.inmobi.com | tcp |
| DE | 18.158.152.241:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 241.152.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | now.us | udp |
| US | 8.8.8.8:53 | nowgg.zendesk.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| GB | 54.230.10.31:443 | now.gg | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| GB | 54.230.10.31:443 | now.gg | tcp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| US | 8.8.8.8:53 | www.tiktok.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 16.14.97.104.in-addr.arpa | udp |
| NL | 104.97.14.16:443 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 155.167.233.64.in-addr.arpa | udp |
| US | 216.239.36.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 181.36.239.216.in-addr.arpa | udp |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.178.2:443 | www.googletagservices.com | tcp |
| GB | 142.250.178.2:443 | www.googletagservices.com | tcp |
| GB | 142.250.178.2:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| NL | 104.97.14.16:443 | cdn.now.gg | udp |
| NL | 104.97.14.16:443 | cdn.now.gg | tcp |
| US | 8.8.8.8:53 | cms-cdn.now.gg | udp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | tcp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | tcp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | tcp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | tcp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | tcp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | tcp |
| US | 8.8.8.8:53 | 48.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dn0qt3r0xannq.cloudfront.net | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| US | 8.8.8.8:53 | 44.10.230.54.in-addr.arpa | udp |
| NL | 104.97.14.48:443 | cms-cdn.now.gg | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| GB | 54.230.10.120:443 | dn0qt3r0xannq.cloudfront.net | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 54.230.10.120:443 | dn0qt3r0xannq.cloudfront.net | udp |
| US | 8.8.8.8:53 | edge.aditude.io | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | static.vidazoo.com | udp |
| US | 8.8.8.8:53 | static.kueezrtb.com | udp |
| US | 8.8.8.8:53 | polyfill.io | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| US | 104.22.61.119:443 | edge.aditude.io | tcp |
| US | 104.22.61.119:443 | edge.aditude.io | tcp |
| US | 104.18.167.224:443 | pub.doubleverify.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 172.67.21.232:443 | static.kueezrtb.com | tcp |
| US | 104.18.51.3:443 | polyfill.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 120.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.167.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.21.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.61.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | geo-location.prebid.cloud | udp |
| GB | 18.165.160.49:443 | geo-location.prebid.cloud | tcp |
| GB | 18.165.160.49:443 | geo-location.prebid.cloud | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.kueezrtb.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | gtrack.kueezrtb.com | udp |
| GB | 3.162.21.19:443 | c.amazon-adsystem.com | tcp |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | u.kueezrtb.com | udp |
| US | 8.8.8.8:53 | sync.kueezrtb.com | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.21.162.3.in-addr.arpa | udp |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | production-cloudcontrol-cache-cdn.infra.aditude.cloud | udp |
| GB | 18.165.160.52:443 | production-cloudcontrol-cache-cdn.infra.aditude.cloud | tcp |
| GB | 18.165.160.52:443 | production-cloudcontrol-cache-cdn.infra.aditude.cloud | tcp |
| US | 192.81.208.46:443 | sync.kueezrtb.com | tcp |
| US | 192.81.208.46:443 | sync.kueezrtb.com | tcp |
| US | 8.8.8.8:53 | production-raven.infra.aditude.cloud | udp |
| GB | 54.230.10.51:443 | production-raven.infra.aditude.cloud | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 3.162.21.19:443 | c.amazon-adsystem.com | tcp |
| GB | 18.165.160.110:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 52.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.208.81.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.10.230.54.in-addr.arpa | udp |
| GB | 18.165.160.110:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 3.162.21.19:443 | c.amazon-adsystem.com | tcp |
| GB | 54.230.10.31:443 | now.gg | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| US | 8.8.8.8:53 | 110.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wserver.vidazoo.com | udp |
| US | 45.77.157.114:443 | wserver.vidazoo.com | tcp |
| US | 45.77.157.114:443 | wserver.vidazoo.com | tcp |
| US | 8.8.8.8:53 | 114.157.77.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| GB | 13.224.81.122:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | bis1.vidazoo.com | udp |
| US | 142.93.248.218:443 | bis1.vidazoo.com | tcp |
| US | 8.8.8.8:53 | 122.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.248.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| IE | 3.248.140.97:443 | bcp.crwdcntrl.net | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | fixnlntptgvuwqeaqv7ij3bgoy0fyiho.lambda-url.us-east-1.on.aws | udp |
| US | 54.221.127.16:443 | fixnlntptgvuwqeaqv7ij3bgoy0fyiho.lambda-url.us-east-1.on.aws | tcp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.127.221.54.in-addr.arpa | udp |
| US | 148.135.239.216:9041 | udp | |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 216.239.135.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 181.86.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb.bluestacks.com | udp |
| US | 54.193.102.252:443 | eb.bluestacks.com | tcp |
| GB | 54.230.10.31:443 | now.gg | udp |
| US | 8.8.8.8:53 | 252.102.193.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 18.165.160.39:443 | static.hotjar.com | tcp |
| GB | 18.165.160.39:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | 39.160.165.18.in-addr.arpa | udp |
| GB | 54.230.10.12:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 12.10.230.54.in-addr.arpa | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 52.208.188.224:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | 224.188.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 52.18.182.124:443 | ce.lijit.com | tcp |
| IE | 52.18.182.124:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.182.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 34.251.149.17:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | 17.149.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.16:443 | now.gg | udp |
| US | 8.8.8.8:53 | 16.10.230.54.in-addr.arpa | udp |
| GB | 54.230.10.16:443 | now.gg | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.26:443 | now.gg | udp |
| US | 8.8.8.8:53 | 26.10.230.54.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| GB | 54.230.10.26:443 | now.gg | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| GB | 54.230.10.44:443 | now.gg | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.16:443 | now.gg | udp |
| GB | 54.230.10.16:443 | now.gg | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| GB | 54.230.10.31:443 | now.gg | tcp |
| GB | 54.230.10.31:443 | now.gg | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wserver.vidazoo.com | udp |
| US | 178.128.132.116:443 | wserver.vidazoo.com | tcp |
| US | 178.128.132.116:443 | wserver.vidazoo.com | tcp |
| US | 8.8.8.8:53 | 116.132.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| GB | 104.77.118.105:443 | cdn.now.gg | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 105.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 178.128.132.116:443 | wserver.vidazoo.com | tcp |
| US | 8.8.8.8:53 | bis1.vidazoo.com | udp |
| US | 45.77.78.164:443 | bis1.vidazoo.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 164.78.77.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
Files
\??\pipe\crashpad_2836_EPBVQXBYVEGQECAH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\983ec572-cc7f-4bec-aac9-fbe1685e7d71.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a4df209b6e6595852a2f97cf278b9701 |
| SHA1 | f31b9709524da0aecd812377d347a85ed190111c |
| SHA256 | 9365a4a6cf2aebde8b5af298db2fc3fc654a57895a14103d3187cdb7f3eaa732 |
| SHA512 | 2681727bb7465d61e35095be54952d6c459e5a10df450f8c85629e648176dfdd18be35e63476c3632dcebd4e8b37df7fa29772091d7f3a29b35782635a894a1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83288deb5c06140c295c6e1ae1ac28b4 |
| SHA1 | 5e889ff4c3fa538a4b6b0eda2828d8dbef63f8db |
| SHA256 | 0827c3e5ad2c764e91910449e422e60a95c270d500479b39e4f4ac0c8caaf0f7 |
| SHA512 | 998580bb9668cfde9be6d7b440989019b1ee8759c88ffb13603de50cd44ed85278aa135833a2c97cbb5cdd9a8a8397260023df2093766f79ecff64d0ebaa7f96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b63bc3a5b0e7d286867468a9f8ec87a6 |
| SHA1 | a179e83d8e3e2563f5bb9d8c3cffb161d818749e |
| SHA256 | ed823045a99bb9cfb19828bd3c9e70264fa980efcfb9ffd5beb729c35d7a25d1 |
| SHA512 | 3103bfaeacee91fc1a3392f59d993ffc5ab9282085b5e7ecf191f39f64114f11c4ac341cace6e458ab155e9fe7a854e20da863d9c627ef9616aa29be8aff9f4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f7b532fe183a75bbb402d57dc1320828 |
| SHA1 | 86bbb019b444a4327ec6e5aa2d93cebbbdb0a31f |
| SHA256 | 670e2c3a213ca0e6741efcb068b62dbd74f84aa501e218c7a542263ce74da016 |
| SHA512 | 732ac4b395f9ae3df5feada3734c0170198fb15578cc2b519eb6e4d1817344be987fab6db53294f86043556b9d52bc0868a0a40330857c7f307da2b5f4c9a12a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 245c8ae28ea2a0a259ac69e0c1161819 |
| SHA1 | 54257a9c6798878f3e3f16e61504b7110d226adf |
| SHA256 | 6c138a16d367834edf2382ca62e5370983d6daa56d55ab8832674cc92c71ae9b |
| SHA512 | 48e0574661167b739b2a1a7a623055846164cdd8dfb893ce24e8dc87eaf5f685111ebf1c56806e7092e9f0e17d04ab0f6787c9088a589eccc8d961933f2d826e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6785bea509081a0eb3abc56a68668ef |
| SHA1 | 6d34243bc8a9192cbbce94c4cacbd5ac0a193b7d |
| SHA256 | 7201c365647f103d8023d633bed4ee8142f8bc25092f189afe4b53b068db0e00 |
| SHA512 | 99357cb6c4427118bd043cd59fec89f9aac9999976ff0c90912ad4434083224579da31de0b6bc549a86ee8564a077a965eeb67aeca6976881e047d5714aed030 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 24e81e2c073817321605f87912f5644d |
| SHA1 | eacdc62bec7ea78d9ffcf96de5ffb68f7d7d2f8e |
| SHA256 | 7174a9114aa97c6c33013b313b20d63c5635d62fb327b75bac2dbb297e8dbacd |
| SHA512 | 6610ada29ac9109fa9e59bae54878eb180b04fab4f840a2b777dd1129099963b4d7daf86271ea34f01bac2ca92a2fc2b54277fe13cd893755f12263d14afc0dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe599b8a.TMP
| MD5 | f27b73371a83e176ac31f22431ae8ad3 |
| SHA1 | 2c2223c79bf4ae70db9f835d39761262d2bb4fa6 |
| SHA256 | dd3b2628ff7a5098c9dbe29c48eece5c85fc5d3f198b27cded5323dd4d466f40 |
| SHA512 | f8eb522496f33edbded1cee77c3478306a4a20a3cdd680da7cf8efd4f315dc6cc7fde34a46317d9e235195b0cff0ff4f6ab3b067e65392daf9d16490408d3289 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3b11cb66caffaaef90ca02d2b59868c1 |
| SHA1 | 43eeecf9dc3242f103e3bcef739104a7a7ce653f |
| SHA256 | 7d647cef69363710f5a0d460dbaadcf859bedd74491d52da8fc2f5cd179426b2 |
| SHA512 | db2ce501492f0306bfc99335dc31b85ad62d56b5a9ad979dce452d667e4fb767ba678632058825d9914cae921e03b24cbc37b69f89a6cbca41c7aec387161360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab121cae6537bcf99a7da76c48926500 |
| SHA1 | aebdf0a69dc582b53e118071c6d0cc2acd6cb7ff |
| SHA256 | 06cebd715e3981fbadf78923c167fa79601f61b38e4669b283ff5296c908ca75 |
| SHA512 | f69cc1ba04804ce4c910b603a1679d00d705609964f8fb0307cc67f99ff1c80a49b1d29ccecd48cb3435cfd2edfac54a60682c14598cdca2577ab174524873f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ceb6e6730cd08acc4a4255e1ded50e15 |
| SHA1 | 9de5491905487c9cacb7be49826d53bbd0df32b9 |
| SHA256 | d99fa12327687faa35a2add92c9f450697d28ed0dafb8afee57fceed8b085325 |
| SHA512 | 9b0800cd6bb98192368cb8ce06b20346d7fa3c3795209249d6c6e39e3ccf86c338a14896974b99f4498672f259d90a5bc334c5454a2cff47234c544067704bd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | 46b068660e469e3d67cfac9c4db6048b |
| SHA1 | 143b88c463a74e5b138472a459d0b5040c7cc66a |
| SHA256 | d1dde8d3e590ebabd307729c2d5b3b110943a5d4489833f26aa9fd28b10af05d |
| SHA512 | 6a2e1a7d442761299e8d6c3bc2eb5e7de57cda18135e8a958e06b4fa5823ce159b370899ada04b39b3ec640714c33af1124105be40680cd810ba82ed5c00dd27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | bda6147b324f6d1c522cc7e379f2fc82 |
| SHA1 | 2b7b81867e20e91b91868eb1d48cae5360dd1a86 |
| SHA256 | 4801ba71eddd7737f7f4f6fce6e401890cc10829d3029ba654b9057be1950d9a |
| SHA512 | 422a2919b134443dcd205998794375a9de1574cefbbf1d9e5f2a3e040e9adfc934234f976e79cbecfe3232095746b0a1353a780126450a818f15a13d4f1a1d53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a71fbc720c6adf8795d6f21ed67fd24b |
| SHA1 | a5f6b49791b6a942f4fe970634c170e4ea27ce90 |
| SHA256 | 8577f3410c56216068ba7cb6ab9d73c9da247b0fadd91ee1e3217c93e101178a |
| SHA512 | 9af4c0ba8eb86ac6e80b60fec466dde8e66339d9a574f24c6c1945197ace5e387a31cef6a42fa329358b080d1e632f8fc3390839ed08c2eb8fc4b1c667280f41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3cbde300256e3b2767b20c7e4e798473 |
| SHA1 | 1fce3d0239c7a318a5fb3cc3c2f382770db0c1a8 |
| SHA256 | 3bf3cd2ac46d5ba9606bd3a3842d4fab9236515d489984d8a3a5f9327c7db0fd |
| SHA512 | c2bd2ccd73c0dead62c8d797175fcc32d47548df188fed0bbff0048ffc50a22d0a1ece2c6efc5a434edeb8f188e70b7c5770868127195b0ec12b7207113e443c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
| MD5 | 3e72cb741014136dbd20dc2baf81213f |
| SHA1 | b85b1a405d5cff6f0f54fd5333a180401462c947 |
| SHA256 | cd08af323a47c3b3a19fdd4734bcd083dfce9d0b6bcdd5552bda710fb90028ec |
| SHA512 | f352e1c56cdc21f3c0e94cc087a8dad28cea4c1ee0f98b4ad067d3cd17a431a4dcb41f7e17c1b50abc2cbe88df48a6cb45b0b187eb08661519f1809fb9c2c434 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 4c854f6a720679c21e3dde00ee038b9e |
| SHA1 | 72e1207b3bc3c6ac1c1979feb2c125f4c78c9844 |
| SHA256 | c238d5a6a17192cf7addeec1c10ab944872755ec0418ff5f7e60fa69635a2f3c |
| SHA512 | ab4c7ae50bc4797ffe8886ae48041896e02037a8588bb3be7eeea500531943c07dcd9135111d0583eb203a44a14a0332ce46e7b21e4580b309f24bcb5c3eadb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b6048f8f1789f2651779e597293759c |
| SHA1 | af30efe11d131acc2f1c121a2076ea50b0d96eb3 |
| SHA256 | a427a0f5c8039fb4b5abfbb9900da89b59818189bd0d855eaac9686b7757987e |
| SHA512 | ab48fbdd6f41a38f82441115ed581ee90668cd945e5366195aa334cb15a053807e026e3988e2088e66e223e54525449939616f781e54c447f010c5b76846f656 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 05ef52ddf5cbcf0991218279d6f21845 |
| SHA1 | 6bba1d2495eed4daf5c0b8667223f828a37bb44c |
| SHA256 | a38e2ef831702d04bd041b662b5213a25fad56dc630786e8829516f1eba2f7aa |
| SHA512 | d6fae391e4a3c86217ed96e1bcc47ca4f84208c2f40e89f9cc684c81d0246b1ddf56db98468e19a58dd9aac22fb3e28cb043584d229249fd85838a0d1d04b81d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 602a7f818c71e4c5df213984fce9c6cb |
| SHA1 | bd753ada97de06e81469ff5b0ed76d309b5bf091 |
| SHA256 | 58e91cef1f559fec0df8449cea0455b94af024334ed8ae22ae4f10a367e1c5b4 |
| SHA512 | 3042993f49ddcfcf6b8dc2f5ebba2c0c34501c34bb9e101154a583de33923d0a6e870b02f79769ebd4e284068b8aac2f6e13ebfb0c993cbd8969c515961d42d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c8327ebed80d5be68971ddd63ff76f4c |
| SHA1 | d52121b294d6e6c4668ae61b0dc36858d2325975 |
| SHA256 | d7b694e1096cc61add531c375fc3673a33e4f89586d5d51fd3dced56b483dae5 |
| SHA512 | dab33fc7123aa5b4219278d5139415ebe4d73950ff9269c08d3c2883f2a11e802731ec554e74302860abbe3a9b7f31915ab6aadc62ae29d2fb85bd4125852d30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b0ebe3d4d0e45b567cfd8e3daec033f6 |
| SHA1 | 497d8b0c20ddab811e41d8b1d87c86be8dcc30b9 |
| SHA256 | 602fb9ccf094043165accc7be42fc3fe213dfe13e64671ef6e3b93ebaf8f5d67 |
| SHA512 | e43d5707a85d8b469528da6ff3cc8e54a8188c551dab4045b84b0d5065158bb56585ce12d4a2fe093dfcc2798c86165c7c18558245a6241ef531f66c4476a366 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_now.gg_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0d6d7ae70a6a588577de5ad7f2958d37 |
| SHA1 | 37060a362af7473e55bba08ceeb123d352a0ff0f |
| SHA256 | 5359f5b8af065d9b220478d8ddf203f8ebc2502bcf6975234f9dbc4a12e0f06a |
| SHA512 | acb52a8c39e955166b622cb143c6925a349d2e858fd6918de7e9e2a96cf53a4a08d8d60f6ae96186ef25b9435bf561c67eccc5f6cddbe8e13b48a99ee00752cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b565de5cb63174f618de4679436ec221 |
| SHA1 | 602518070cd094b8236f180870be45b56b91d270 |
| SHA256 | c041d888672a682d4cead02cf9fe873730ab0ede1890e4089b83ea5a0c2fd3e6 |
| SHA512 | 43408f85a0d33effe4dd81232b86670491559b59c2f816ec59f6448fc7a62f04c54451369da65e67231df02860f8294fe2986adcce3bc058d7175f2097b0a09c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6ee5041437aef5b6acc6abf47bbbb8ce |
| SHA1 | c82322de8f62c51fea85bf1bdf9c5585bf4231b6 |
| SHA256 | 706538a5d109beb982add340816059a0a4ab03d56a9777262601a1c4697a4db4 |
| SHA512 | 1d12e1d0a4748a57df8ecc46b984855dbabdf15a8fdc0b49b428fb09951cc609f1151c947e28a001c5a23f59c2e9c30320f68614bef4e4a473d7829c17120287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067
| MD5 | 0e847f027fbb082006fad9238ccb706c |
| SHA1 | ba6ccd3676f25973e949c155c0e0981f0e63f07d |
| SHA256 | b4048e7de781dbbe04d9d3abe217b66f7e199b52e694c94c267a644c7cd99f88 |
| SHA512 | a539fe2d5b0b9adc07deaff1ab01a710604cefc08fe875047f2d2214b37bc6de26d0a4724c20d953dbb15c8916c93da114de00ccd1b7c9bee01994cb23cb3c68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 506f20693ca9e9a7414f13b3b3bf50e3 |
| SHA1 | 73a8454bc1a817604b521bbfa5654478e9a687ea |
| SHA256 | b7760d4ed465d8e1241a63f30f123f8b4ecefcb47ffe2c4bcaa173732d672c43 |
| SHA512 | 3343531db49b95289218effa826f5c5cb16f7214bbf1adf2273221090d4b1071857fd2a404149099f4d5f12e71a44b7538b25bf0648fa79865f991b44d7c9357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7aa744190c849344569dc640829d5c24 |
| SHA1 | c7faf5cc0f4d47627f5253cf3a7cb5437d0814bb |
| SHA256 | 929733103049bb730eaa2896cb78f8403b3d2442f5ad1864013758b125bba5f0 |
| SHA512 | 1dba01be094f433eddbca667b34b8676ad726987f1e5154281b6286429ed86ae65afa2154a5bc841d519a55e0993362c39472c7d22aeaa4cdc3a2ca69aa406d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f0a9a05d59ea41147dbebe7d26cf2d7 |
| SHA1 | fba23641313963511487d8af5ee78d7e98af1236 |
| SHA256 | 1a8b8d146a5542b0babb793bb6726e586aa9da8fd20578ddf67cacddaa84793a |
| SHA512 | 2700492111451c1e949a897b2d11606fd379fb6cdcb1a0b7e09862fb91e2c2ce622138b0e902e2bbde634030a7ced520cd7b47ab699f7bfed62202f3b4cc63be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e4b6d13afc2a13c6595face880de6734 |
| SHA1 | 738814b53a4cef58859746c1ac2bc403450ebe9d |
| SHA256 | 7185547787a808adc5a70771ba15f30c4fee7c9a0bda2b7e6b856a30e3b93e90 |
| SHA512 | 2f4c4283a44c8aeab3908b7588b5b6a4ca2051c8571bd427f4d37c51447656ed741d7fe55b74af3e5ff28559ecaad961b6123b6a41c365845fec62afb0efb3c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6e002f4bf62fe83b23856077ac0223e3 |
| SHA1 | 1378ccd9e86119ec41376ca5221a4b676f573ea8 |
| SHA256 | c8e148649ff32888c8bdb9eed590953dd6c0a1a555a621de218d44be97c91132 |
| SHA512 | 3eed55306782a3b73cd681cf404cb84ce2a0cc41f65e657ff97f26e8c8cc9a1feae5fa39a340c182137da4a58349a9ff132174537fa81bc4b9c3716d12da8601 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 965fc4c6a23d41b71a33adb4ec33180c |
| SHA1 | 29e23fd3e84e795c38f6c0c2f4df70f215e20422 |
| SHA256 | 0e04ead025984e47a4e79a1b149438852b7f5296fed20ec3ba291241abd2976b |
| SHA512 | 617ee0f857155c6b3d094517c5558dc348c9a8196f9617783600b48fa61f754e1a4d7fba085ee6c4261b409a3c1d2b9eee502d757ed8e88e0645dbe95d0c8899 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2afa07aae9d26e0f363f17a98018ac3f |
| SHA1 | 4b4dd95f4b8870a9e15cf18ac3b7c9ea0c66df64 |
| SHA256 | eb916172dabc6db4432e3d3a1c6f3f1bc147d8d1821b910f898b458efdffb4a3 |
| SHA512 | 7406c644155e903326c57dc6b0e754594e09455b3c388d86125e96a40e88260d2cffa24657570e19c2c23b55b766463286bee6c6ad03518a9f28c13ffcbd5e6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d461def73a31530caf468572572dcd4c |
| SHA1 | 3affb7d6c37eba8bd5ab7ce8b30f7b0db0b45f4d |
| SHA256 | 48dd101da0f608adc41066697a5f3e205dfe51d25d85ad0ec6174456755d6fb3 |
| SHA512 | bb63261d6ef1369060f1aa21ab8f35bf3869871c441e56d5a48ab5f89c0f869756cfda6bd5cd35468fc6da4026b902f4803d4ff90d8902072f887dd41efdcbdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d1ea8118446da72ff1e828b781656492 |
| SHA1 | b97e99fe49198b88f8fa57c73f27717ccb942430 |
| SHA256 | 533e336b1d3c31291df432946c5b2bff7e044d690021f112068ef6d77720ba77 |
| SHA512 | d6fe82877c8b1a29c99f68a743f77999306c750ae6835b80eeb82bcd329daa591c6dfef012a1f046d18c1a9ba0d9df9ffb6a253908649fdce9f236d5bf6da094 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 05cfc18e6f5e16518ce88955011cbd3b |
| SHA1 | 6b1e7d4e34ff7717223626587fc00554e62f2a8a |
| SHA256 | b0ec362d28038ec24ddb4ba14504ed7281639b7080b2deaf0c7d438d7ab51970 |
| SHA512 | 1b7c44850014cbc429e0259fe11dd8c20a28dfbd42f4e47326a174a31c6eeac76d9e16c7142903356f2f678a63a370e64b1419cff47771ff60e5d8e28b835126 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe683fd5.TMP
| MD5 | 8060c4083a148ac04249e6c7ddc52b9a |
| SHA1 | f8f2d5e9a2f9ead1aaac0a906a17e2315d7fcb9e |
| SHA256 | 173e2de029d60a44e28323d4d446b1ba97eedfe0bdaabcd45342b46ea403cd97 |
| SHA512 | 8e391df6169b3f1d2cc90d227d7c127eda214548e6a6218e2ba7bf9375b2af6f649487e9763e55ce1ea69ee62d175526e9bdca228c075d0fe282abac0f3d774d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 63a5782cb88533b50414330b06fc5b45 |
| SHA1 | 7c7d88484f66fdba4d55f646e5183189384e05bc |
| SHA256 | 6f6871fddbba308b0605101fd1f3709503f857a4131b970688583b00aad5c5c8 |
| SHA512 | 145921a2741b660e3de0b76615c1629f7b3dfb1e77cde24b587a671e56a4ca7d74f591838ef5d620033d0fdedf3ee2d055833fcb26cd0274ce81d20b64ac9815 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 14ec79bea5eb2dc58242336d8e12da72 |
| SHA1 | 6b0cef3d42d8e6baa7d55163dd1cf8cf19ab8a69 |
| SHA256 | 33219897fe10bf6a38f982b6c9fe39a12b1e758f0e4a475ce0443ac595802d2f |
| SHA512 | f0b833155ec22bcd49aa15aeda72e2fbe756e4984b8a6f51f1a5a5ee589e1b41a90e070c505048bcb47dfac5fbcba22da94df1c291bb310861f25272666079af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb36882a797d3fd75e00cad7182f38dd |
| SHA1 | b07778dc3dda623faec7aebeaf4d3f9370a47f6f |
| SHA256 | 5bd52e85a0b1270face937178efdc9b3c51ff1fc12e682c5d56f25cf867abb59 |
| SHA512 | 7f956fb8778390c6b018a01b156307868f651751765cc85f393c8331a012f37618d33f7541429542f7ceb6caf84da83218de135fac7e08631bdda060f76cf990 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7d77b81fb0c86624ce403c2cd15f52fa |
| SHA1 | 94d7e660df0c442e5f896411dd65c5725f831d72 |
| SHA256 | a9a35218637343f89bc4d02ebcd483930999c61efe7dfbe43dd6ec0784277729 |
| SHA512 | e9398906d7af6d1d9c6281e7ad3add629fcd5e28c84ce044192aa9c9e483c1dd626c9e2612a4657d419917f2ef0fe0382a80881c947b6004fdd0d0f40f9fa22d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dc1d2e36c8067bd79d48141d07e1de18 |
| SHA1 | a87ae0e7b215cfab82b4d5034f13b966196073b2 |
| SHA256 | add86b24f84ee0c22ceced09f0efd6aa654cd8c0203e546046c3edd83bd49ced |
| SHA512 | 9d66567bbfc67269979a49c0baff7d06cc262057565596bf663a9cc09513fd6149ff75cdc8f5e86af2067ebdbb735fae9bcdcd865205c716e957c447859df4a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da0c531192cd71f76103f8ffe2bba0fd |
| SHA1 | 72cae3a9a1e3506d8148f229f9f76ba2007caaa1 |
| SHA256 | 432b9646d896d3df6515e4305e24ca3d47e4f92fab966d49916c9712d5c088c9 |
| SHA512 | c8590e38b99b9869f2f9d67232183ddbbc3b28d1507cf90587ede02fa8f84845a7e1a8dd22e52b6361c0fca58f1d8a61d7d0c6df92d96c71049a30055d51deef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 539c591c6df21396e3e4ef70a78922b1 |
| SHA1 | 196f7a090288520e3342896ddd4b33596ed6aefd |
| SHA256 | 9333b8e3a82dc450064243d567012a25974c8911800639cfee25a98f4faf9f62 |
| SHA512 | cf7c765e9ad8b42247f74e33a663851b8d6e24d174dc1c11f38bc797101c7334c7cbb6d97a57d3c34d604fb0efc1cc825acda82bb9a7f6a6db1bf815f4313cd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b7815e61537130c22b2bf7397ff4e754 |
| SHA1 | 95fcf5b1b156c7d592dcd54bda2a9736286a9db1 |
| SHA256 | fc6f8669970ee1672e675084322411277641c1291a121fc727d5329d1248d553 |
| SHA512 | f222c21d32260567154114eaf44011cb130ac894d4b7d81ad60337ce102a2d43176e21d2406141e9384cd95f599825baab8ff3672742202836fb350a3842a23d |
C:\Users\Admin\Downloads\Covid29 Ransomware.zip
| MD5 | 272d3e458250acd2ea839eb24b427ce5 |
| SHA1 | fae7194da5c969f2d8220ed9250aa1de7bf56609 |
| SHA256 | bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3 |
| SHA512 | d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f5a2ee0ce9c9379d6e956cbd6b80364 |
| SHA1 | 6db4e9f8d011f724c695c3b6132cf0b5851c23f2 |
| SHA256 | ef9fcf3c6610fb66c8cf5479a63c3163f754a35c141425822099f19f20d021d4 |
| SHA512 | f45a76d66888655345a2d61fae2e1c8d018f4659cd462eca7ad82cf73162a07a6b361251c3db99fcd90379dcd2d1b670be848b3e857b47d0774939888859af7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2c63905911c8fd43bc470da468c704eb |
| SHA1 | 9cacd3609681de979b9496230fef42350f15fb84 |
| SHA256 | eca33dd6fe3f0661691b586c53618b03b9d170596459599fbfcdbd5ba90c1780 |
| SHA512 | 6e69edfb695df8f88b22efb00c24a425faf706b34fafd83b6c460f87f47b2a3c533cac59dd4ff3912804bcafa531ea3ed82e84bfebe5aff93a8a3a63af4bee53 |
memory/3684-1150-0x0000000000400000-0x00000000005D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\TrojanRansomCovid29.bat
| MD5 | 57f0432c8e31d4ff4da7962db27ef4e8 |
| SHA1 | d5023b3123c0b7fae683588ac0480cd2731a0c5e |
| SHA256 | b82e64e533789c639d8e193b78e06fc028ea227f55d7568865120be080179afc |
| SHA512 | bc082486503a95f8e2ce7689d31423386a03054c5e8e20e61250ca7b7a701e98489f5932eba4837e05ec935057f18633798a10f6f84573a95fcf086ee7cabcbf |
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\fakeerror.vbs
| MD5 | c0437fe3a53e181c5e904f2d13431718 |
| SHA1 | 44f9547e7259a7fb4fe718e42e499371aa188ab6 |
| SHA256 | f2571f03eb9d5ee4dca29a8fec1317ded02973c5dd233d582f56cebe98544f22 |
| SHA512 | a6b488fc74dc69fc4227f92a06deb297d19cd54b0e07659f9c9a76ce15d1ef1d8fa4d607acdd03d30d3e2be2a0f59503e27fc95f03f3006e137fa2f92825e7e3 |
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\mbr.exe.danger
| MD5 | 35af6068d91ba1cc6ce21b461f242f94 |
| SHA1 | cb054789ff03aa1617a6f5741ad53e4598184ffa |
| SHA256 | 9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e |
| SHA512 | 136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169 |
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29Cry.exe.death
| MD5 | 8bcd083e16af6c15e14520d5a0bd7e6a |
| SHA1 | c4d2f35d1fdb295db887f31bbc9237ac9263d782 |
| SHA256 | b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a |
| SHA512 | 35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a |
memory/632-1181-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/2928-1183-0x0000000000700000-0x0000000000720000-memory.dmp
memory/2928-1184-0x00007FFE0AA60000-0x00007FFE0B44C000-memory.dmp
memory/2928-1191-0x00007FFE0AA60000-0x00007FFE0B44C000-memory.dmp
memory/2464-1192-0x00007FFE0AA60000-0x00007FFE0B44C000-memory.dmp
memory/3684-1193-0x0000000000400000-0x00000000005D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4C15.tmp\Cov29LockScreen.exe
| MD5 | f724c6da46dc54e6737db821f9b62d77 |
| SHA1 | e35d5587326c61f4d7abd75f2f0fc1251b961977 |
| SHA256 | 6cde4a9f109ae5473703c4f5962f43024d71d2138cbd889223283e7b71e5911c |
| SHA512 | 6f83dd7821828771a9cae34881c611522f6b5a567f5832f9e4b9b4b59bf495f40ad78678bd86cba59d32ea8644b4aa5f052552774fea142b9d6da625b55b6afc |
memory/3684-1198-0x0000000000400000-0x00000000005D5000-memory.dmp
C:\Users\Admin\Desktop\covid29-is-here.txt
| MD5 | c53dee51c26d1d759667c25918d3ed10 |
| SHA1 | da194c2de15b232811ba9d43a46194d9729507f0 |
| SHA256 | dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52 |
| SHA512 | da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c |
memory/2464-1263-0x000000001C200000-0x000000001C300000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4054d729-5094-494d-accf-daf2ad77ead7.tmp
| MD5 | 4dbdfb7b224ef025f757307846621a68 |
| SHA1 | 984d45c21c2d2b85032f87b168d7569bfbfc492d |
| SHA256 | 28daa99566f4c8d2abe1c28b278c4032341e0e44ff4ac04ad434892c95f890d1 |
| SHA512 | 0f598d89276a13049264d5f69a729fc966b848030b257d69590566b3c52b57b674d5f6a6c244cc123cec929e9ac37d7b858772f6e0934591f593d49ee900a5f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 105603425a97756adba88bc2cfb4f0dd |
| SHA1 | 3d97f9ffced00906197013c161d3f6766389b8ba |
| SHA256 | 34a050f2cdcccbe20bcff18624119c53a1182525564916a56033d2d97e127394 |
| SHA512 | f330d58ce0f50e5a958494408a9f48a2bfd7318f15525ccfbc012b233029abf3426ad11c61d0be51341c8da33ad7899d5735b431adaa7722d96349bf8c412a57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | beb5f91ae0f576bb28cfa224faa4a8ab |
| SHA1 | 84c24e4aa34aff128b0315448c1fb2f0891d160f |
| SHA256 | b8df2eedee239a60295d83753b10fefe8ebb71e0b9418824710fa808cdc806b3 |
| SHA512 | 4a7e3139cc6f02b49948116615c0e8c478e1decf33b8b05a837b2988270c64ad48129cc952127d96a9edde30da50f57919b9b09c6c844478585518625c905507 |
memory/2464-1382-0x00007FFE0AA60000-0x00007FFE0B44C000-memory.dmp
memory/2464-1383-0x000000001C200000-0x000000001C300000-memory.dmp
memory/2464-1386-0x00007FFE0AA60000-0x00007FFE0B44C000-memory.dmp