Analysis Overview
SHA256
ee5999554db9fa327f647a24d87cb4c08c885320b0ff90882da9afc9849a5d23
Threat Level: Known bad
The file sssssssssssssServer.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Disables Task Manager via registry modification
Modifies Windows Firewall
Checks computer location settings
Drops startup file
Executes dropped EXE
Enumerates connected drives
Modifies WinLogon
Adds Run key to start application
Sets desktop wallpaper using registry
Drops autorun.inf file
Unsigned PE
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-27 20:48
Signatures
Njrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-27 20:48
Reported
2024-04-27 20:59
Platform
win10v2004-20240226-en
Max time kernel
555s
Max time network
649s
Command Line
Signatures
Disables Task Manager via registry modification
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\ProgramData\COM Surrogate.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37f622693e6086826fd92b3e7e508134.exe | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37f622693e6086826fd92b3e7e508134.exe | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e14109296e01cf24bb9b7f72f64c4cb3.exe | C:\ProgramData\COM Surrogate.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e14109296e01cf24bb9b7f72f64c4cb3.exe | C:\ProgramData\COM Surrogate.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe | N/A |
| N/A | N/A | C:\ProgramData\COM Surrogate.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e14109296e01cf24bb9b7f72f64c4cb3 = "\"C:\\ProgramData\\COM Surrogate.exe\" .." | C:\ProgramData\COM Surrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\e14109296e01cf24bb9b7f72f64c4cb3 = "\"C:\\ProgramData\\COM Surrogate.exe\" .." | C:\ProgramData\COM Surrogate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37f622693e6086826fd92b3e7e508134 = "\"C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\" .." | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\37f622693e6086826fd92b3e7e508134 = "\"C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\" .." | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Enumerates connected drives
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | D:\autorun.inf | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\autorun.inf | C:\ProgramData\COM Surrogate.exe | N/A |
| File created | D:\autorun.inf | C:\ProgramData\COM Surrogate.exe | N/A |
| File created | F:\autorun.inf | C:\ProgramData\COM Surrogate.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587245843426559" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\ProgramData\COM Surrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6BACC35F-5462-499B-91DA-C815CE7DBE24} | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\ProgramData\COM Surrogate.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe
"C:\Users\Admin\AppData\Local\Temp\sssssssssssssServer.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM Taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffae8899758,0x7ffae8899768,0x7ffae8899778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3236 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\ProgramData\COM Surrogate.exe
"C:\ProgramData\COM Surrogate.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3876 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\ProgramData\COM Surrogate.exe" "COM Surrogate.exe" ENABLE
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM SecHealthUI.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3492 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5972 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4e0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:2
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tmpC0E.tmp.mp4"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2748 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3412 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2084 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tmp6036.tmp.mp4"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tmp6ED8.tmp.mp4"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2612 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4280 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1756,i,4013418927717955796,705566210067031287,131072 /prefetch:8
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa395b855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | artist-composed.gl.at.ply.gg | udp |
| US | 147.185.221.19:28632 | artist-composed.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | green-morrison.gl.at.ply.gg | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 147.185.221.19:17455 | green-morrison.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.xvideos.com | udp |
| NL | 185.88.181.11:443 | www.xvideos.com | tcp |
| NL | 185.88.181.11:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | 11.181.88.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-ss.xvideos-cdn.com | udp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.53.55.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn77-pic.xvideos-cdn.com | udp |
| US | 8.8.8.8:53 | gcore-pic.xvideos-cdn.com | udp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | a.orbsrv.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 89.187.167.4:443 | a.orbsrv.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| NL | 95.211.229.246:443 | s.orbsrv.com | tcp |
| NL | 95.211.229.246:443 | s.orbsrv.com | tcp |
| NL | 95.211.229.246:443 | s.orbsrv.com | tcp |
| NL | 95.211.229.246:443 | s.orbsrv.com | tcp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| GB | 89.187.167.4:443 | s3t3d2y8.afcdn.net | tcp |
| US | 8.8.8.8:53 | 11.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.17.123.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| NL | 185.88.181.11:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | 246.229.211.95.in-addr.arpa | udp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| NL | 95.211.229.246:443 | s.orbsrv.com | tcp |
| US | 8.8.8.8:53 | s.tf4srv.com | udp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| US | 8.8.8.8:53 | t0v6b0i9.aacdn.net | udp |
| GB | 89.187.167.8:443 | t0v6b0i9.aacdn.net | tcp |
| US | 8.8.8.8:53 | 8.167.187.89.in-addr.arpa | udp |
| NL | 185.88.181.11:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | cdn77-vid.xvideos-cdn.com | udp |
| GB | 84.17.50.44:443 | cdn77-vid.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | 44.50.17.84.in-addr.arpa | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| US | 8.8.8.8:53 | u3y8v8u4.aucdn.net | udp |
| GB | 89.187.167.7:443 | u3y8v8u4.aucdn.net | tcp |
| US | 8.8.8.8:53 | 7.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 147.185.221.19:17455 | green-morrison.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 147.185.221.19:17455 | green-morrison.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 147.185.221.19:17455 | green-morrison.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.xvideos.com | udp |
| NL | 185.88.181.5:443 | www.xvideos.com | tcp |
| NL | 185.88.181.5:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | 5.181.88.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | update.videolan.org | udp |
| FR | 213.36.253.119:80 | update.videolan.org | tcp |
| FR | 213.36.253.119:80 | update.videolan.org | tcp |
| US | 8.8.8.8:53 | 119.253.36.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | artist-composed.gl.at.ply.gg | udp |
| US | 147.185.221.19:28632 | artist-composed.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.xvideos.com | udp |
| NL | 185.88.181.8:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | 8.181.88.185.in-addr.arpa | udp |
| NL | 185.88.181.8:443 | www.xvideos.com | tcp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | cdn77-vid.xvideos-cdn.com | udp |
| GB | 84.17.50.48:443 | cdn77-vid.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | cdn77-pic.xvideos-cdn.com | udp |
| GB | 84.17.50.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | gcore-pic.xvideos-cdn.com | udp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| US | 8.8.8.8:53 | 48.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.orbsrv.com | udp |
| GB | 195.181.164.16:445 | a.orbsrv.com | tcp |
| GB | 89.187.167.8:445 | a.orbsrv.com | tcp |
| NL | 95.211.229.246:443 | s.tf4srv.com | tcp |
| US | 8.8.8.8:53 | u3y8v8u4.aucdn.net | udp |
| GB | 195.181.164.18:443 | u3y8v8u4.aucdn.net | tcp |
| US | 8.8.8.8:53 | 18.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.orbsrv.com | udp |
| GB | 142.250.180.3:445 | www.gstatic.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 157.210.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.xvideos.com | udp |
| NL | 185.88.181.11:443 | www.xvideos.com | tcp |
Files
memory/4900-0-0x0000000074FC0000-0x0000000075571000-memory.dmp
memory/4900-2-0x0000000000BF0000-0x0000000000C00000-memory.dmp
memory/4900-1-0x0000000074FC0000-0x0000000075571000-memory.dmp
C:\Users\Admin\Desktop\AddRead.shtml
| MD5 | 0fc4934b899df7c2f9ab3f2775dd4cff |
| SHA1 | 433fbfa2c504962dac923cfda0336def78c3ce00 |
| SHA256 | f92dd735f8391abab367addec5b6a5d3cdf434c4c09dcc14fabaeceea9084046 |
| SHA512 | c398dc06e96562ec3c03e76452261703685ac44728e6e1c1d67c75d87493283b2359ac2405bf772eb4b2ad49fe4f684ad8b6c24b9af85b9b1bed4b55e66abc35 |
C:\Users\Admin\Desktop\CheckpointExit.vstx
| MD5 | 609eba7cc5733280d261b4c9cf4991ce |
| SHA1 | 50b134935f55fb575ef9e1600f3be5e1f5581f78 |
| SHA256 | 029a24c2085864604ba1fab13d89b2ca7261979971346715a2244770866d25ca |
| SHA512 | 2010dee2bc4d2bc04a03f55d2005bed14f308b6203603b17e5cf6a1b57bca1bf9af62bbe81f4802d05d91616ab7e27bb835ee38c76ef76e1c114df8d1fe91d27 |
C:\Users\Admin\Desktop\DisconnectBlock.ini
| MD5 | 9cf5b14222fa4a43ea679dea0b571299 |
| SHA1 | baa688a0fc7a6fa939a72e4b39b48059a4d73278 |
| SHA256 | 4f5b26de97b1b88089c4ef6b6d69465708530b155a2e11242faa1a949e1e6a5b |
| SHA512 | d8cb01561f9e34488d05e60c4176f8e3800ab81a634f6968248d540ead52a4a4b80fc46c9190df94e4ba9543dafe53a383da765b182389960a36d6e174a6e5b7 |
C:\Users\Admin\Desktop\ResetPop.bin
| MD5 | 50ce8c95cb10cb1a15248719c8d19cb3 |
| SHA1 | 8e2c53c0347cd9eee8a1768073b1f8e9cd37827f |
| SHA256 | 511127fc52321046097f580cbd6d5f7d7123629fbd2aa0a430fc25bca7576700 |
| SHA512 | 279b7583fa3fdb57f69623f968710e2ea658709dad7f0ace3982cab974a5eb571776ad681a7eb0ce0b31f47751b4c7db7ba8c762d461bee7b8dfcb6cdbc35b52 |
C:\Users\Admin\Desktop\RegisterRevoke.html
| MD5 | 1e0688614aa8b944aa912d7511008e33 |
| SHA1 | 2dd829660fba9e2fa631455cc55da8c9508efe96 |
| SHA256 | 0401c32306a4a71e49eb7711d90fcf948e6bd8e580e1ccdc805883fa6327b084 |
| SHA512 | 46c8913237fd0884564fc53bf5d5cdd42af5709b392a26f22135f5a9b7cd32e8895706db116e351b74268d0e58b53bdbd21110f250e762cc1fd22d5d8123eb4f |
C:\Users\Admin\Desktop\PushRemove.vbe
| MD5 | b6f6523d569ebd0fa5a62b2828db4435 |
| SHA1 | 3c51590731f1f3de39eb430f39b51a9a3fd39733 |
| SHA256 | 25b9dc506af301b578734a62fc4b3612c8c0af1d88e51b3598fc11d02c10a3b6 |
| SHA512 | 802b1390d2abb0c421606340f8d7e5544aff7d5611a67c6c130185a68e6b7e36c973b23ed3837a486d6d9519863db178a26a7000496ca421744674c55e609088 |
C:\Users\Admin\Desktop\MergeUnregister.mp2v
| MD5 | 418c81c5a94d7589eaebacb9d779b965 |
| SHA1 | ed6524f440f93141f3091cb5abeae490474b5a35 |
| SHA256 | 9444696f1b4abbcc5b93da0848f3c01f98d9dcc60bff8bb939287be7a3b4645d |
| SHA512 | 72a58c860ad35c313de2d3067de6d4d2a03e78ac457ba62122ad8dfef55f21a87bcb46fd3e9787c87b29aff6ba5e71112952795cd9f33fb79cb74766b038895a |
C:\Users\Admin\Desktop\EnableShow.dib
| MD5 | 64b9c7ef07c3adc378b416671a627e67 |
| SHA1 | 1dfdcbdf8d0ff3beb531c42c3c38696620f328c0 |
| SHA256 | 541157af40ddbe82b8e3785ed29d45ef8cf68cd1bb1f57c59d0bd411e26073a3 |
| SHA512 | bbcbfc443fc67dd53908e5710755a8d2e1c8304165b4ea7e058197e01fdc1eeef37cf28c0a475fad6b8d6d724f22e1f6c62187a86a0923bf4f698dfbf64243d0 |
C:\Users\Admin\Desktop\DismountUnpublish.ini
| MD5 | a58d2cecd6775463022d0ebe9fd51627 |
| SHA1 | 48f3bb794be4dbf393733a5516f2c7ae0e472ddf |
| SHA256 | 8c422adbbb37016b9d6f8539f37989a7822030b23b121e8b88c662bcdf7c1725 |
| SHA512 | 0cb7b415f5683fbc3834dc0e8886e21a3053cb7cf815babcc00dfe10b8cf21d69fbd77810ef5554e57e16bcd8f54d7a946096ee835d5ea209ba1494183dafdb7 |
C:\Users\Admin\Desktop\SelectSwitch.mpeg2
| MD5 | c24f95a16116d5984483664ef19f4939 |
| SHA1 | 31e8f0f01f93262099b9d0131f86e1e7ce8eb0d3 |
| SHA256 | a60ce9818d1d9bc7de2dbbdc60dfb16c06a47cb3329aa8413a58c01ef8979dcc |
| SHA512 | bdba618f2b5c78c8f3d41e526ecf098aad11e9d9b80a36512c8e6ec221f1300ba5039848aa4d4cc4b9284f39c6b52b64ae51d4ce67d30ad016a3d09991985fa9 |
C:\Users\Admin\Desktop\PopAssert.mp2v
| MD5 | 4827e36a8376159c5e379fa72cf662d7 |
| SHA1 | c2953b002d95fd60a14a6fa90f791feb546fbc6d |
| SHA256 | 04d2a3f7460ad238c630a25f75737393dda104febdf042f101ad1e7026ce5959 |
| SHA512 | 590fb59f044de15165cbf94a1a94da07ff8c394f8d60a1d53da609cbe8a3a35aed2fcd8e7811bfb69965cf8588b877f66ece547a9f3509b70b9594f633d8a305 |
C:\Users\Admin\Desktop\TraceResize.m4a
| MD5 | eb5e07f89ab1957bd8a1418cf4745bfb |
| SHA1 | 4124f7be9639b2c367ac70da7718e7287c9870d8 |
| SHA256 | c8e516854d227060e451d45bf6e80abce474215bfec3491f269073472d1d472b |
| SHA512 | 83fa93a29d63b19b4b7713847fa89e7aa5242e39f34c0e3e81525a425a19774bdf11763308283e4ef3e877d327a2777e1d2f209cad87f08722ec044a28f7696a |
C:\Users\Admin\Desktop\SubmitReset.reg
| MD5 | 6f56d34f823928afbaf5a25209133e27 |
| SHA1 | c2cdd45dbf276e9d602754a897a47862bfc32797 |
| SHA256 | a62190691f421839e02f4117939708e1a878f58faf95582f2b826d28a47de10b |
| SHA512 | b5e46fd9f1f5d3065153634c1b0da2e2f05fb5898f28406397236b40db6a1b4b9c876dc20a00c0b3b3953d815e536fbd34a1570cf721aa4fa75e6899eb985503 |
C:\Users\Admin\Desktop\StepOptimize.reg
| MD5 | 8056a59f7161a47b60ebf1a7b21da6e1 |
| SHA1 | 24bc4f7b722be8fc49df7254e672749fd96ea9a6 |
| SHA256 | f4a1ce08a6db2734418100603b8e768a255baa1bbbc8febb611578d4a5494ce7 |
| SHA512 | 5a0564e0e433fba9ba6da617f90648a0a71b6bdb0fa41b3d90af9d46e6241dcd1473541e166bb820b28e54a0f8ef2037f65e52e1471fb4da3bec465e018989e0 |
C:\Users\Admin\Desktop\SendDismount.jpeg
| MD5 | 824dd6bf61ec0769dfe0c22fc189d6a3 |
| SHA1 | 80f7d07122d5846cb71c33e6566801ba06e55354 |
| SHA256 | 008b7d19597c765754add7f1c7c6fd69b2baff081233272cb53c32c56b877245 |
| SHA512 | 7b42d68995e9939f340ac03bcbeb0c3dc86afefeebc2f22b5aa40cac36f65ab7070ef41ef391074f9cf88c75c1e8c6bfaceca57f5893ec97a5739086b034d322 |
C:\Users\Admin\Desktop\SearchNew.pps
| MD5 | 589c3753079191ed0ed78a1794a506a1 |
| SHA1 | 8f756587bfb6d1b46f471c552cb2ca407b8c558a |
| SHA256 | c4d540aeddfee460376c7f4e2e22c04dba400de037573f8039feb082996e0d27 |
| SHA512 | bc70d81a41c617f4163dab6371df1023fc17c6231b614f521e3a6bbd13d98577b1ea683b2b28c5f6418e7cc6af231a99aa515293575d61b64840133d8c2791e9 |
C:\Users\Admin\Desktop\LockTrace.cfg
| MD5 | 92ceccf2bc43bbe984e1326d2456cde6 |
| SHA1 | 7c88fcf5e5c64d32f8053be9163ba750f7379adb |
| SHA256 | 9f94a0fe537c6314efd87667ec0f80de1ee0661f37b3eb1c9af824a94d69d107 |
| SHA512 | 9ba1cddc2fdc9ee6de5e35fe4f9aa4c42dd585e2f20c03c3941b5a1533c3af685820f243d8a3ba10a5b75db3fc14226a9e34db75c41ae2962f195e0995219548 |
C:\Users\Admin\Desktop\GroupClose.DVR-MS
| MD5 | 6a0da91859b0d6df734c772ce525699e |
| SHA1 | d546acba2edc53c8bb943970ab89f39415539fcf |
| SHA256 | 7148869158ae0f4cd6b12683f1f76e2818c28cddb5ccfcbe7e85c2f696f1cee3 |
| SHA512 | 1cac406a9129f467caefb7c2d146a975716853687357a2162c7deab4067bbe4c9e3c6add638739a35c65333465e1595560f3a5b8df7e16d0330d81e5534eece4 |
C:\Users\Admin\Desktop\CompressMeasure.wma
| MD5 | da984cfe848ce244915a0a5c561aa18f |
| SHA1 | 35ad3d1a35fbb87ba59e4f1ac3a96c3ac45b5b60 |
| SHA256 | bcab1dce339f3b680b8b25e65129746a1cd59fba420dceafe2dcb42e8db9221b |
| SHA512 | 91385b45808242f6aeada8abf55c0c75a9aaf1b4f3e0f4610393f6ff7445a32748553921a4e1e0c302ecf017bbcf5b6b12b1a90fa3204672af880a16de5a8d7f |
C:\Users\Admin\Desktop\ClearPop.doc
| MD5 | 893b27540cf74ea2e9ef2e456ea3e366 |
| SHA1 | 42e2e3c8e939c7e46fa881060f418aa8fa7e71af |
| SHA256 | 19983dd49dfab510790d5d8b3fa45891387aa25f87a712cf92ca1729b38e885b |
| SHA512 | 3b106890e3ae0cbc6e0fed0436628e5094f76857fea1c71ca73e7cdebc92c43d5148ade9f2ad977c5c5ae554f7acb3d6fe9b785db9d1f7f0c4e1920d069b4e46 |
C:\Users\Admin\Desktop\BlockComplete.vdw
| MD5 | 18b16e52b0b2c9584d9dcf3e8783fde5 |
| SHA1 | 578306db296fb278a6907e14f20f49eda3993191 |
| SHA256 | 41f58bc1aa4a9f9973a0b352dc7710b8cb2dded51a334f246c13a9c81a31f264 |
| SHA512 | 21abf685c1e9a7ee2e8f37ef2b781e9864d3b3f543cf2815f840eac08acd538fa98b4b8463e2c78cfa8edfd222f100dcdabc62fa2b330e4bda2fa1ae6c427586 |
C:\Users\Admin\Desktop\UpdateAdd.mp3
| MD5 | dc330eece0cfcc4ae432209c4c0669b9 |
| SHA1 | 8eb5fd3ea00fed138ee66f5db614f24ee85a457d |
| SHA256 | 3eb966fa8f83844585108ec8405783c05979af7da40a97280baa899b3829e98c |
| SHA512 | 9841b44754aa2bd5e215467e12cba28ef54152de6899d0c16d19722f3d491aa24f4a5ebaba4ae2dd69d690442b4d41a0c0946860e4ac0e42037c2fba499631ee |
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | 1c731bee4a8f4a28503fc766be1255f8 |
| SHA1 | dc40c7857b31ac00d67b3b2bfc7afb7ea2d0aa03 |
| SHA256 | ee5999554db9fa327f647a24d87cb4c08c885320b0ff90882da9afc9849a5d23 |
| SHA512 | 77922442fc0b92ed9101d5e1a871bc0a80c7dae6bb784b28b2cea543d03515c498319a1e41699b249d615afe540d5bee8d725a24f775d77622de93d328a35e31 |
memory/1044-34-0x0000000074FC0000-0x0000000075571000-memory.dmp
memory/1044-36-0x0000000074FC0000-0x0000000075571000-memory.dmp
memory/4900-35-0x0000000074FC0000-0x0000000075571000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp747F.tmp.exe
| MD5 | 0c84829a79c06e88510607526990391e |
| SHA1 | 63970a42f5b779c1f0f8d95d493317917b0bd46d |
| SHA256 | 6f9b61794c9169a8860fb74e2cc0253b0bc283327b6485f799265f702a67c921 |
| SHA512 | 85638191fee2b456e601487aff23bc5dccbfd24e74970e5f1d8fbdad633a3d31208887f682debf1fd2abcec6e36c50e74b6da30c660dfa0bc0471e7ef8c98f40 |
\??\pipe\crashpad_116_HCBTAJUFHUUIRMST
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1044-68-0x0000000074FC0000-0x0000000075571000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dd723fd9ce07164b23050ce9621ccc3b |
| SHA1 | a1f3c1ea23c376ccf082f8c86efa69e00d5b4598 |
| SHA256 | 487a2c688222c41bbf1bd51995ee2650d0e6947b879e5ea2e6c0617bd55b7ec0 |
| SHA512 | f056839257688e13964758f7e140784765d3c00f6a1c8e0df280577f1892a96dd33e225e28b88fb009e2f1f7173d7b9c4165b352721c4765858ddca14d0f093a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7511cb6b8c9595e52953dd2047f8a3e |
| SHA1 | a7c514754de86640f663c4ee80f28c9f93bd3637 |
| SHA256 | 38fa1ae1153a521d55a05a3d6c758329643aa8f72d9a3b45f66f9594d3d90a7d |
| SHA512 | d0d60c244ffc6128d563967e20b595acb94e5ad20ee7b25cbfbcd1efa8b1f78cfea791f5338f2efb50498e67713d02cecaa1374e3765695c814cf34b612b4ac5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 88ad9c98f6cae25d64042379b2a523a2 |
| SHA1 | 287b56d31d97f61d0052808cecbd88c03511d4b2 |
| SHA256 | 2c10e95a5a17cc6c8fbe544cd8a61bc3eeee7caff9dae9bb02f97826c0043358 |
| SHA512 | 1809143b98cf28b9446b86d29d91556197d853d3a709a68e2486480ebab630b79bdef296321d9ee5400b3b79d374ee0c3ce54a5ab7979a94f38bb8553b0b09a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8a1d53431e51af5b583b41b3d6edb70 |
| SHA1 | 4f445c3ab953e2133c030617bb505ec18608b2fa |
| SHA256 | 7c9f6cd4b9649363cf3ae9b595dc91302fd06f8d4c051eb94b36629156fc785d |
| SHA512 | c680d59f925367c856c22a21d1d7544454464879cf11c2012e71b35bea46c8641cef1ccf2124ae16e39b19b7d9058fd00f2d57bcfdd152bd1df8a19df07ac1f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 2c0d4353ddf1b20fe3e7d0d1dd747274 |
| SHA1 | 77c47ec6f5572fccc133c055c621654a8510f6d4 |
| SHA256 | aeb4d1b29a9444dd279564e4ea251dcda09982ff6d9f815831cbf21bb182b498 |
| SHA512 | f14923fea10e30d9c548d4aa588ea2f9c52be58a4c8ea118ce50a0e8a88c4ac84ae1dc7ac668c3474adb90d51e7281f746c83cc16f1eb5bfd67b38d2227501a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bde5bf92f559001a4d7a1604b7f9628 |
| SHA1 | e296648fcb247b10848a1b875a9f49a860d71be4 |
| SHA256 | fe4dc7944a4fd239bafd4d25b8277991c675838613cbfecfdebb3f2fff2a3209 |
| SHA512 | 4a7fbc50a35a01a6f24a818dbbff12b7cd7ea7902ce3c4e9d445f4b170a622b601ab196af44bb38292554eefd2fbde7a6c9ce742f0231d5021cbb27233e54f2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | e00ff9c5d2bdbbe2d2baeb8d1812678b |
| SHA1 | f1a292984652a42fd1ee951ba5be666deede80cb |
| SHA256 | 99c16d3788f722e5fe0aa0ac466f0af351c8cd8029450364f2296b24c7132646 |
| SHA512 | 9c5f6a3fcaec091b15dd14fac879a05afd7e424e9c7254e3eb517a78143eefc863aeb45b32642eb557090d923018b1909fedf1f8b73205ce8a840d8e7a2b270c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 1c723f93a52c01ef152971bbf0d7527c |
| SHA1 | 4ecd5ab4c0f57fe0037e22b881c1e1c13fbf2378 |
| SHA256 | 4c815b2084182793cf9c2e6b5e4fbbf384d5cfbc94868299fbc6c199d98b79f8 |
| SHA512 | e87479ca1f24a1e1bb9b57606a986e69fa695cdbbb91d8ee564622aaebac7e6eff195cad6c9ee4fd6343bf96c43c005e1189b2e1d5af9854e3657b9af05a8aeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | de9655b0da1777bcbc325ee817bc8f71 |
| SHA1 | ccb48a01b3b891de8f7fca3da404356044fcfb57 |
| SHA256 | df7f439df22795f658ae08a1d3e657e8024b8117c9b57d0cfee577406aee214c |
| SHA512 | 5c9a73cb6d26316ec40f660d45de9e46a43de25d14f55b3e2b0fcddeaed6f5d3706827af78a955f675ace4e9016b7a298bbde4592ecbe9f33a7418205aaa5184 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 223a76aead2e450e31ac02f5f4005d72 |
| SHA1 | 819ffb2c1c7e98eca0c203793b3440b9666e5c46 |
| SHA256 | 8ce4680978f3aea1cdd04f678eca791c187dea9f30510b3ea236b70cc3fc8833 |
| SHA512 | ae4cce77343dd82dd05202d47ad3b228ed497ff80160b1c7968d871c2a9bf2d806015a0f346c2b71e789bef29b91916314a7131054a9031dd45c6f903714f0a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 262150565660238e90d62d32eb3c08d6 |
| SHA1 | 46ae7798867ee6adee813ca02eb9183998457f87 |
| SHA256 | 67bf4ac26fca77b07bb2db40161030bacb67c389f9ec3771757629babdf0890f |
| SHA512 | 30496782f5e9ed8209dcf04ec91437b1e168084b2dc7ae2707796207276fe3f7706f224453952b06587cfc3b03ec03e47fa66e6ff18a36a5bf87125a6952a0b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596383.TMP
| MD5 | 81ec82b82e6f95321a95db1c45c50c14 |
| SHA1 | 2848822a36e1fc716a932ee2a6b9ea7e8bc46125 |
| SHA256 | 9f64308a19bdc8a2560ebcdc453c6affa8e4e0a0b45c2d17f79009f5c4c3a3e7 |
| SHA512 | bbca075e8e91a761845c34f15ba763639222aea8bd6dfa33dedb10979059d77e012fce6d0a28026cbaf6977812995c7f942d11b7a91fc6d3844a8e3f6abf3f0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c197a7c55dc7d6d7c5b2c6737a334fa1 |
| SHA1 | ace8efd633806cf78813157afa1d8f560e94cf24 |
| SHA256 | d2fe7a62f10fa7f70e8fa7d01433301889f623bd110f7d9ce87d785458cbffb5 |
| SHA512 | fb49806d5f9f3ce1869abc44922d9542aad2c8297dee751c7821ffb6ed52f31d78b32c774df07ce25b3d1ae298c9bb439c5123ffa6826d452612d1392e974b2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a2546fb35d96f6d0810f4839e795619 |
| SHA1 | 182a69a6fd2488ef23b04fdb2be277ea092e2494 |
| SHA256 | 505c4d0ce87c2c291fa59c45023c502814e246f84778802787df735ca3efcdc4 |
| SHA512 | bdbe39fd94a822c036a96961d4e41016157944d4780d1d809b4721f3345e2470bfecd784dbf12e46bcf80d92ee34e461311d064b682fa31f23427e664cb5eb7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a27bf8cb1a7e73abe5925479b65846a1 |
| SHA1 | b77051b600dea9a5ccf707bbe3182f6cf7facabb |
| SHA256 | 8a3f631c5edc09d30566e37a13616efd4c4a75993891c7da53b4d18b4ba4cc45 |
| SHA512 | f0bdfe4b516d9ef37539c0491d09ef4fedb44a69c8db3d35ccf2d77c1f63a491b7f2e41b4cc05c4e54e4f8713a00d2d79998cc4b12f97b88edfc2f8d9cd49df7 |
C:\Users\Admin\AppData\Local\Temp\tmpB368.tmp.exe
| MD5 | d049caea69082ee08270983b30a1a999 |
| SHA1 | 38ad9f6b0cfbd9a53bc91adb7f5d1d9b23aee8a4 |
| SHA256 | b20e60c57be88a7f9ce44ec255d5b1f57e2b9d64932731a30a383373e37295ae |
| SHA512 | 4054f6b704fcfaf1e9d07430a793cf52e53a7c4becaf4e22123e1b208c9f64793adfa19d22f45278a678cd7426a7f20905200b124650f69f72e1c4ce2a7357c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cb6fe4eb2c581951374ebae5db289c62 |
| SHA1 | 23f9f97f0e4bd7ee6e5007ad7f4360f9b9b0bccf |
| SHA256 | 2875d9850650253b541deeb90738230d3ae5d548450c9f7a6f1b2173f330807e |
| SHA512 | 8586cabc685f22179e560ebec5c791f1d964578c661c8fb872be58fd92066d10a300dca1359ae655635748e707351f203da7502d45c3befd7c4ef864a2259918 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 85903181b498727e419c278d1cf94771 |
| SHA1 | 3c9af7b1b686986b3bfd731bb7bcb408db1bfacc |
| SHA256 | 7d7529f10175b01fa02865aa734dc7d4aef1a2a5e225959b6adc83692dfce7ea |
| SHA512 | 632493d3ee51188e0a1e256be1ddc154a36515a0ee14fb1a13e7982d6eb7a82277a3851657ec94b882fd3294876b94a076451e99682a819f8e39432748b78ba5 |
C:\Users\Admin\AppData\Local\Temp\tmpC0E.tmp.mp4
| MD5 | fd9b3c8da56202b141d2461391f6d1c8 |
| SHA1 | 34d4baca07a9f4dac7ddf17a76d5684061d7a6d1 |
| SHA256 | 92499868fb19fbf4c519fcc5f17a51df7d0693a592766e0fcf9850c36060fc9c |
| SHA512 | 521962601aad637cf76df7052cf1a47d92739d425bc496f0ff0ce13db74a1c9e9e13272a1b37a8c982316b974ff03fa9f2951f53b9b04f1150275e7e9bd70b1c |
memory/5744-424-0x00007FF681CF0000-0x00007FF681DE8000-memory.dmp
memory/5744-425-0x00007FFB021E0000-0x00007FFB02214000-memory.dmp
memory/5744-433-0x00007FFAFADD0000-0x00007FFAFADE1000-memory.dmp
memory/5744-426-0x00007FFAE9630000-0x00007FFAE98E4000-memory.dmp
memory/5744-432-0x00007FFB009F0000-0x00007FFB00A0D000-memory.dmp
memory/5744-431-0x00007FFB02140000-0x00007FFB02151000-memory.dmp
memory/5744-430-0x00007FFB02160000-0x00007FFB02177000-memory.dmp
memory/5744-429-0x00007FFB02180000-0x00007FFB02191000-memory.dmp
memory/5744-428-0x00007FFB021A0000-0x00007FFB021B7000-memory.dmp
memory/5744-427-0x00007FFB021C0000-0x00007FFB021D8000-memory.dmp
memory/5744-441-0x00007FFAFA960000-0x00007FFAFA971000-memory.dmp
memory/5744-440-0x00007FFAFA9D0000-0x00007FFAFA9E1000-memory.dmp
memory/5744-439-0x00007FFAFAB60000-0x00007FFAFAB71000-memory.dmp
memory/5744-438-0x00007FFAFAD70000-0x00007FFAFAD88000-memory.dmp
memory/5744-434-0x00007FFAE4E30000-0x00007FFAE5EDB000-memory.dmp
memory/5744-437-0x00007FFAFAAA0000-0x00007FFAFAAC1000-memory.dmp
memory/5744-435-0x00007FFAE8DA0000-0x00007FFAE8FA0000-memory.dmp
memory/5744-436-0x00007FFAFAD90000-0x00007FFAFADCF000-memory.dmp
memory/5744-444-0x00007FFAE9630000-0x00007FFAE98E4000-memory.dmp
memory/5744-470-0x00007FFAE4E30000-0x00007FFAE5EDB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 517dfdb96a99b242beb32d4a76835899 |
| SHA1 | 6b45dbab5b86b7e11f50cf78f9173b722c26df6b |
| SHA256 | 6e57eeea41c6ac49fc1fb625f91a815a8c26486e7c9406a496375a208f2ed9d0 |
| SHA512 | 0adf65f5817524177d851a700961428126117a1936c116a5af030294b5bcc515d31923fad512f41e67b876e074c259c44752ef625902ba43922ca0278c6958c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0ff9db2def2d0dcfab6a7ca4b25b6967 |
| SHA1 | d362a1c915c54e6983ef9d1227139a29ede9493a |
| SHA256 | a46948d80e6a461e98d4ad32c5f7f2be1e6d072ee727a081fb7713efe116130d |
| SHA512 | bb43f9195e4382f96c8c2b559a7a7f1ff4f6730d0c7da898aae68b8693df3d27f08d0588f6f67cdcd25dc46f4b2a3b5e49857aded7150800172a628d033b4bea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7469b6e2b91d5b692f7a593b978aea9d |
| SHA1 | 816bd5e2e65bdb763a892a885715b63e33da3470 |
| SHA256 | c4a2ff58bb65ec66a9e0caf3de21bc1b1c59d1eaebc1a135bbe3d22379afb476 |
| SHA512 | cd1733a6ba6e0f8f52d42a6df67a997fd544efaa934a5fa05563767558e2afc327b76285001ce7c5ec508959147df542de01deb5c8877ad1b733267a897d43d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 430aa320fde7759707c077b534bcca9b |
| SHA1 | cad664feb3b10aaf3612811723fe13399e42a9a7 |
| SHA256 | 1d4b239959db948975b697ffbb9479d116f3498283eb7521519984db6c13f1d7 |
| SHA512 | 2dd8e5a0af6a6a8dc62f393ee633e5bf1a33bf99249ceb709c16f94ff67e9a29d369c917167d99d01e6f7eab1fa5c01b0495784aa4320c4fdd4519293feca8ec |
C:\Users\Admin\AppData\Roaming\vlc\vlcrc
| MD5 | 478a4a09f4f74e97335cd4d5e9da7ab5 |
| SHA1 | 3c4f1dc52a293f079095d0b0370428ec8e8f9315 |
| SHA256 | 884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974 |
| SHA512 | e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1f7eb3b4b12536f3ef50eebec174d1d1 |
| SHA1 | 94c979b36118aeed3f6778aba1bac865cf371d92 |
| SHA256 | f1629d0ad87b183f104a47947b5807648500decf990ce9c8650e0a5cf0f2ce5e |
| SHA512 | b3fcee3d6768fd959db97608e5b178d16d6df7b103f7296f53dd7abaadff68d003feb489c2229ad03df507dc279712545af11d95ec9a694136c2e51bdabfe94d |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | d32609f6a0ef3b641d63776ab1abec10 |
| SHA1 | 0a79c01bf7cec843ec1183a5d6e15fcd55a9f9b0 |
| SHA256 | c8dfcad4382a621252364643a963ee9d087ac4f45ee0a0091e1d4c8d1daf8f27 |
| SHA512 | 1976a2bb0105a2148b47b7ae8c6c97ee5b37a142ba8de62773a6f64e4eebd4f936aeb556f6f7e04f21a5aaeaeef37e95d7625414159a9d3e59de03f4857be28c |
C:\Users\Admin\AppData\Local\Temp\tmp6ED8.tmp.mp4
| MD5 | 49188975edc5320a98b7c35eae9b5ea0 |
| SHA1 | 5a986f951ab846dfe8f0ad4d53be3dff28543c08 |
| SHA256 | 2717b4b29321dcbc8b052f62dd6c41af56243af9922c5e17464645a5be2187b9 |
| SHA512 | f13322c245df149e8321f3caa7f31b0715e35cb7bfe2c90b05f3ade57909614795180e739a51d1a1ad7004fde75c334786e1e2dc859f61d95247c3c9f7e7d9d1 |
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
| MD5 | 781602441469750c3219c8c38b515ed4 |
| SHA1 | e885acd1cbd0b897ebcedbb145bef1c330f80595 |
| SHA256 | 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d |
| SHA512 | 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 030db32899e52f14968f02158f7badf7 |
| SHA1 | 6029efe7ae95cbc1b81e85822ca9c5fdfadba8dc |
| SHA256 | 168d76eff0bbc94860e13105ec3addd64330024ada8a84496149656d024eb46f |
| SHA512 | 6aa8cd4431242b7b58381b8fb26d0e90ae90ab3dbdef9580a0c45946d1d93e7a082da59578f0b6bb70272a0a26a50d73795aa6818eace4511faa418762e99858 |
C:\Users\Admin\AppData\Local\Temp\tmpD292.tmp.exe
| MD5 | f2b7074e1543720a9a98fda660e02688 |
| SHA1 | 1029492c1a12789d8af78d54adcb921e24b9e5ca |
| SHA256 | 4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966 |
| SHA512 | 73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 2dca29ad095c416f4e997f839324e043 |
| SHA1 | 32811f3cb4202106503b71ccb39a21b0f1eff647 |
| SHA256 | d003b57dc579997865e2e124c0821cae2f1a21a8e1404ae1365eafd308b03b16 |
| SHA512 | ffb3e304bc2cf01f5463c1c5d27e18e890b5f2821bff8d419100870e67e0d6782afd3099b234cb0a7073ad5d81dbd3a6cebcd0bbfa862c0323e203ceb6cbf5b8 |
memory/3180-902-0x0000000000D30000-0x00000000013DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 449ec0efc00077a12ed45192ff1db7f6 |
| SHA1 | 25c3835d8f3a7b1ef3ae35ff44867adfefd94d43 |
| SHA256 | 35982c7bd543d7a4971be9b16ec4713771d303e87114dab036d5f673019024a8 |
| SHA512 | ad8d16358ee46c412989d0c11071253ed52a1fb3e5db94262d711c82c77c1a035606251254e680dd41a3a87b67fe9e4a45cfba7c2a767cad622b1063ef3a07b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1fa7b80b0151be8cbbef35f01690a2fb |
| SHA1 | 4843f8d0e202f01d5c9705cabb13ee6f1488f7ab |
| SHA256 | f4a1164179dcea43fe86148796968009582387394b695b62049a10174e529c2c |
| SHA512 | 1fc7111b6fea57abc4e2f182e0b01b390f2c6434b0f463862bb68b16ee8ecfcf702ccba4bc02d1c4d59f4ed1f7e0286feb51ddabfd1175a9bc3720d62348e472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 652d27973dc4fe1860edcc8f3175ea8d |
| SHA1 | aa6b0dbe0ede09b5474d3a3fd284378ea6c666f0 |
| SHA256 | 094fcc1a023256338bcd410e90a0d118320b4b94ed4d39f392488200f051a5b0 |
| SHA512 | 2b046629ae7e0456bf196094603212b4781990e8ad4f0d80364c76953e48e8a78601d3e9221e9d6d422816b8675a162708774db42294b6def7d0e8130e60dee3 |
memory/3180-1000-0x0000000006350000-0x00000000068F4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\windl.bat
| MD5 | a9401e260d9856d1134692759d636e92 |
| SHA1 | 4141d3c60173741e14f36dfe41588bb2716d2867 |
| SHA256 | b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7 |
| SHA512 | 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/3180-1027-0x0000000009720000-0x000000000972E000-memory.dmp
memory/3180-1026-0x0000000009AB0000-0x0000000009AE8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | b4fd61d5c7ab0560495e722c795c3ccf |
| SHA1 | a4c186a3942a3b7f4c5fc734bac7b16fd3b36f84 |
| SHA256 | 92f22647e7d696143655844d1ed9a2012363bc187aeffc1bffad7f1cf1554a66 |
| SHA512 | 0577bec74666152f0dc8d9a5205c01889182ab1ec9011681e996d931e8db921a7b47dd6a5b724a02c5c5e75bb64abd18499895fb54a0ee76574d1d3536a61f57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 06e92917e19be75d70671e67d0b30f84 |
| SHA1 | 507365380d50fa982c0a85b3407c57080674e1aa |
| SHA256 | 91fff7b04fe4636d6f738604e8894a2e026c5ed2da0bb9db0a601c3a590c817e |
| SHA512 | f72e374fade0c993fef2239aeceaeaf4418a2fba8f159a95186797b574ebe2fd011f8dafa25c3509b15683deb20704cf16b9a5dc3f403ac7197f1d71ff080ca8 |
C:\Users\Admin\AppData\Local\Temp\v.mp4
| MD5 | d2774b188ab5dde3e2df5033a676a0b4 |
| SHA1 | 6e8f668cba211f1c3303e4947676f2fc9e4a1bcc |
| SHA256 | 95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443 |
| SHA512 | 3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bf2cf38ec0f658e1a3507fcf57e3cd6f |
| SHA1 | ba7cafd75703d0f7913fe1aec226514fb9e0278a |
| SHA256 | dacd8ae11155879da35cea015d1182873f4b4ede27f6d86068e1e62a7db2dc8b |
| SHA512 | 6942c90d2ab65d03aecd4a7149268cc8f5e8132bf03f6561ae34442ec3b23f5f414a7d3febae8a713d1d794ed61bec8472853f0aef4a4755b51262c7d987c9f7 |
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
| MD5 | 9037ebf0a18a1c17537832bc73739109 |
| SHA1 | 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60 |
| SHA256 | 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48 |
| SHA512 | 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a749b5053eb148246b2a6897b7d54520 |
| SHA1 | 24c158d1d2358ef68acfe24d572041b406a5f721 |
| SHA256 | 23cd5783286ca0771aad8f260c490f13a3d67226660b9552c0f6dbaab1df36de |
| SHA512 | e0f87ddc6129079b06b562f1f484a26d9b4a25fdd63f8b7c72223d081f717c082ccec77bb2fa549261ac2c5303dc60946629d583b1edb36a564139de84a3c6a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 249aee34eb05b5ea19c270ab9401d9b2 |
| SHA1 | c8b24be3e90ebbd1e3e6cf337824d3c3f72f1496 |
| SHA256 | e6749f29a4cb1baebe23f7017d12943bd543bd502c73ef5a6f5448d042357a14 |
| SHA512 | c50459c90aed14122a2f0f1e5c888754f1553635b888f2428c3caef7826ad56cb5cda7f21871ea948cb48aa8f9899949d04efe1a3fc7015af62bccf886a4791a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8618e81a420219e6b20128660be9d9d7 |
| SHA1 | 4094de45ef40db5c066f72b841f7550c11343d18 |
| SHA256 | 18a3b88e62b8409875d53db5243a4a5378cc163029a01b3a8722246002ad5986 |
| SHA512 | 2272fdcf05dbd57667ed3ed76d2d09b98148ca456fb235a6c7a9e065b82207223602101fd38992da91d5962320b51c31d3b3dca721c619777b4cad37d4e9b8db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 4cdd02a55b586cc4c2f144440b0f46bb |
| SHA1 | 0401598988e59f007ac5f59d66df68e2c4c4a5b6 |
| SHA256 | 71721164f83e3bca489c2ad2001197a6882ba42dc10a460170e77fb4b705e9c9 |
| SHA512 | 2bd1822506d6546ad75c2b3950daf032897251d593d56f49acf2a6c3050de4f7300dff4e4e41c5970e298de19ca922c61a24219ad1a1f09f4869c607dbcd759e |
memory/1044-2517-0x0000000074FC0000-0x0000000075571000-memory.dmp