Analysis Overview
Threat Level: Known bad
The file https://youtube.com was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
Modifies WinLogon for persistence
ZGRat
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Runs ping.exe
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 13:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 13:39
Reported
2024-05-03 13:45
Platform
win10v2004-20240426-uk
Max time kernel
359s
Max time network
359s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\", \"C:\\Recovery\\WindowsRE\\spoolsv.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\", \"C:\\Recovery\\WindowsRE\\spoolsv.exe\", \"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\", \"C:\\Recovery\\WindowsRE\\spoolsv.exe\", \"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\", \"C:\\MsAgentBrowserdhcp\\Bridgesurrogate.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Users\\Admin\\NetHood\\chrome.exe\", \"C:\\Windows\\es-ES\\RuntimeBroker.exe\", \"C:\\Recovery\\WindowsRE\\audiodg.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
ZGRat
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\._cache_Synaptics.exe | N/A |
| N/A | N/A | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| N/A | N/A | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| N/A | N/A | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\SearchApp.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\????? = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\es-ES\\RuntimeBroker.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv = "\"C:\\Recovery\\WindowsRE\\spoolsv.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchApp = "\"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiodg = "\"C:\\Recovery\\WindowsRE\\audiodg.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiodg = "\"C:\\Recovery\\WindowsRE\\audiodg.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bridgesurrogate = "\"C:\\MsAgentBrowserdhcp\\Bridgesurrogate.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bridgesurrogate = "\"C:\\MsAgentBrowserdhcp\\Bridgesurrogate.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chrome = "\"C:\\Users\\Admin\\NetHood\\chrome.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chrome = "\"C:\\Users\\Admin\\NetHood\\chrome.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\es-ES\\RuntimeBroker.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchApp = "\"C:\\Program Files\\VideoLAN\\VLC\\SearchApp.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv = "\"C:\\Recovery\\WindowsRE\\spoolsv.exe\"" | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Windows\System32\CSCE7A81917C93A4AE6B67D9565844629EC.TMP | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | N/A |
| File created | \??\c:\Windows\System32\t4pfwd.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\VideoLAN\VLC\SearchApp.exe | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\SearchApp.exe | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\38384e6a620884 | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\es-ES\RuntimeBroker.exe | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| File created | C:\Windows\es-ES\9e8d7a4ca61bd9 | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592171950165471" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Users\Admin\Desktop\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{8BB28F77-6118-45CF-BC14-9B44D0FF7C81} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\MsAgentBrowserdhcp\Bridgesurrogate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\SampCheat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Users\Admin\Desktop\._cache_SampCheat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\system32\taskmgr.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| N/A | N/A | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc451dab58,0x7ffc451dab68,0x7ffc451dab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3356 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4544 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x504
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5048 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5756 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5992 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1896,i,4580327439536763729,6649002662069178792,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SampCheat.zip"
C:\Users\Admin\Desktop\SampCheat.exe
"C:\Users\Admin\Desktop\SampCheat.exe"
C:\Users\Admin\Desktop\._cache_SampCheat.exe
"C:\Users\Admin\Desktop\._cache_SampCheat.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe"
C:\Users\Admin\Desktop\._cache_Synaptics.exe
"C:\Users\Admin\Desktop\._cache_Synaptics.exe" InjUpdate
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat" "
C:\MsAgentBrowserdhcp\Bridgesurrogate.exe
"C:\MsAgentBrowserdhcp/Bridgesurrogate.exe"
C:\Users\Admin\Desktop\SampCheat.exe
"C:\Users\Admin\Desktop\SampCheat.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat" "
C:\MsAgentBrowserdhcp\Bridgesurrogate.exe
"C:\MsAgentBrowserdhcp/Bridgesurrogate.exe"
C:\Users\Admin\Desktop\._cache_SampCheat.exe
"C:\Users\Admin\Desktop\._cache_SampCheat.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vucraqwk\vucraqwk.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE277.tmp" "c:\Windows\System32\CSCE7A81917C93A4AE6B67D9565844629EC.TMP"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\NetHood\chrome.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\es-ES\RuntimeBroker.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\audiodg.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\spoolsv.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\VideoLAN\VLC\SearchApp.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MsAgentBrowserdhcp\Bridgesurrogate.exe'
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\GG3qQO2d8b.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat" "
C:\MsAgentBrowserdhcp\Bridgesurrogate.exe
"C:\MsAgentBrowserdhcp/Bridgesurrogate.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\VideoLAN\VLC\SearchApp.exe
"C:\Program Files\VideoLAN\VLC\SearchApp.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr1---sn-q4fl6nd6.googlevideo.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 173.194.24.230:443 | rr1---sn-q4fl6nd6.googlevideo.com | tcp |
| US | 173.194.24.230:443 | rr1---sn-q4fl6nd6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.24.194.173.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 173.194.24.230:443 | rr1---sn-q4fl6nd6.googlevideo.com | tcp |
| US | 173.194.24.230:443 | rr1---sn-q4fl6nd6.googlevideo.com | tcp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 6.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 173.194.24.230:443 | rr1---sn-q4fl6nd6.googlevideo.com | tcp |
| US | 173.194.24.230:443 | rr1---sn-q4fl6nd6.googlevideo.com | tcp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nzk.googlevideo.com | udp |
| GB | 74.125.175.106:443 | rr5---sn-aigl6nzk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.175.125.74.in-addr.arpa | udp |
| GB | 74.125.175.106:443 | rr5---sn-aigl6nzk.googlevideo.com | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nzk.googlevideo.com | udp |
| GB | 74.125.175.104:443 | rr3---sn-aigl6nzk.googlevideo.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 104.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nzy.googlevideo.com | udp |
| NL | 172.217.132.168:443 | rr3---sn-5hne6nzy.googlevideo.com | udp |
| US | 8.8.8.8:53 | 168.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.125.203.66.in-addr.arpa | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs302n114.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n141.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n140.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n147.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n140.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n325.userstorage.mega.co.nz | udp |
| CA | 162.208.16.24:443 | gfs302n114.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.24:443 | gfs302n114.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.24:443 | gfs302n114.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.24:443 | gfs302n114.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.50:443 | gfs208n140.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.50:443 | gfs208n140.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.50:443 | gfs208n140.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.50:443 | gfs208n140.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.51:443 | gfs206n141.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.51:443 | gfs206n141.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.51:443 | gfs206n141.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.51:443 | gfs206n141.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.75:443 | gfs204n147.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.75:443 | gfs204n147.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.75:443 | gfs204n147.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.75:443 | gfs204n147.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.50:443 | gfs214n140.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.50:443 | gfs214n140.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.50:443 | gfs214n140.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.50:443 | gfs214n140.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 50.26.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.37.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.16.208.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | freedns.afraid.org | udp |
| US | 69.42.215.252:80 | freedns.afraid.org | tcp |
| US | 8.8.8.8:53 | 252.215.42.69.in-addr.arpa | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 216.58.204.78:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.187.193:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xred.site50.net | udp |
| US | 153.92.0.100:80 | xred.site50.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1140_KVIZCBTNEWUMRCNU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
| MD5 | ee729f24edb5dfcbdcc5d1b146d5d739 |
| SHA1 | 2078045332fdfd9e378789cdc27b58ae61398b18 |
| SHA256 | 490b95796de6997709ab262d157e70fc806522921de0c3d2976364bcc07eb247 |
| SHA512 | bdd690c33cc6591cbbbfe71cb1daf1e2fd4650dc677178dcf462f50317f9117eba0b6820b2344ca9d286ede39d7132b5e3b68603a00a57f9ee7d50f1284e306c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 89c35a40ca9775956fff54202981ec9a |
| SHA1 | f442f3a19d20e643f74710fd2d826bbe963e96d9 |
| SHA256 | d20fe85a52bf5e7f78d5dbc249049832056630dd3ba3043bf661163d1685c029 |
| SHA512 | 04ba86dcd53c5bc40494bd581a8e6088b94da18a07e4bf3c18a6e1acc1f581bf60dc15afd7e560eb49efac97dd03bcf43357ed282ab9889717fcb2b4022794e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe574bbe.TMP
| MD5 | 40a5e11c1f3ff1162e2c1813a1e7ea40 |
| SHA1 | f25d73bad2a971fd80f22c24d0d18c99871c435a |
| SHA256 | d696450f2a0f8bdef99be54135bd068a0380ebbb9de9721d927c8859c5f0e8c0 |
| SHA512 | 3660573ff24eb880f84dd913642d14f0290299d5a1c3a5e508037943b47c08e2c56d38663df64e562c2fc69449eb20b5324cede9a73ca098335723d5207c9961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1140_1200500082\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1140_179921915\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1140_179921915\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
| MD5 | 88dfa96f9642297ff88909ca4e0f7330 |
| SHA1 | ed8655bf13e6cc49395da4c760168c4148454b7c |
| SHA256 | 5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286 |
| SHA512 | cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8c7804ab11d5e5eff3dea22fed1f13b4 |
| SHA1 | cb75c738d2f2f391834199d0d2f0f779e2fdcde3 |
| SHA256 | aac9b222394fa8faf83ca8586561041ee2da990d0cb05d18926109e6fd26acba |
| SHA512 | 092775002ae899190e0ef7bcdb8298eade3e077d7c22a49ed96af83771a8a045bc78d497897cfde5103d7b0ee6932ff54e9eeaf169aab54c6e9beb20cc229cea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 387a59b511aeeca261b34fee048068d0 |
| SHA1 | a2731695391d6d45897c267eb42a13f9c794fba8 |
| SHA256 | 49049b1a695c4db060c956c2399a50b60f4d3d675cf3bea73f102a3bc3b1959e |
| SHA512 | 7cb2d5fed561447159367dd87b7ebf5e84b23ce6fbe8e517158dddccca83b9c55fa57bfdd3b48c80af980133427bec331b906d5b66786ba797ee6522a080e455 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dcd50279335cd9d7eacd4189fe714f62 |
| SHA1 | 8370e71fb9064585f9c6a08ea1962b08a25ee223 |
| SHA256 | ce03f5a9d66b50d318450ab124b2b4c8b395e40ab87456595ca993a2c3ad4690 |
| SHA512 | e3725e5e905e728b478d6cfbfe55a4d08f9645adc92c1ca46c9b0bad33d69cfe110b502bbeb271035d4fd828e8f55d7924050b226a1969795743ad069350bd73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5d2b905cb5a65dd6ac900a561fd88bfc |
| SHA1 | b6384868c2ff10277cb3139762d4cc45422aec7d |
| SHA256 | 71102f273a50502599a930a805c5f9be799bcee45012819898d481d6e44a0a8c |
| SHA512 | 3b6de485f28cdb92098eb3f5d3733ba04091c4da35f2f6ae5e6efae78277fa77994c104d38fe31615f7163de36312b1e25a0afd9edb70ff0fd493dda79013bab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a0eff0-ef2e-43a8-9df5-f7dcd13df3e3\index-dir\the-real-index~RFe57a0f3.TMP
| MD5 | 933d09e9cc740cc85a83a62bc274fad6 |
| SHA1 | c50d6105f6246de22f2384b5c0f2fba2dd56639c |
| SHA256 | 3fc2d5697364368fb0cd824fed82f85c0f86ed090051add522bd2adf61592333 |
| SHA512 | 39e6aadd394c5380a0ddebaf5938fd0cea91eaac3645b357321e41ac6b74406f0f5c0a465489d04fd1495c1af4fe038f5b43ffec81a2ba4e7283e8f12337f813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a0eff0-ef2e-43a8-9df5-f7dcd13df3e3\index-dir\the-real-index
| MD5 | 0843b2c09d865bfdc1debad66c17ea89 |
| SHA1 | 03374a983d7fb87a45ac2684199e3ad6b65f307e |
| SHA256 | c883e15dc3a44ce91a195ed66d23c412fe7cd6820102666a3d95db86f6646169 |
| SHA512 | 8b18061525efe5569988f31b1916bd25aefaf22580e9342ccd751365492588d3b1d28b291a5398047cae95ed72cb74679799f6a3f91df482fc04725c88a23373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4b93bdb0f242b4cc3def55f5640428ad |
| SHA1 | ce1e3723b3a82c5ce0388d2b4b03acb303f1a504 |
| SHA256 | 0b26f2a8abaaf1ce893114f6b8ccf5989371e17db690dd308e7474bc3b4887da |
| SHA512 | d71b874e068679626e37ffb3d1a6d7b12ad63a9a6ff1cb50444ef25358170aa4d41614fb3b3845f2f45a83c3a4f7e8c9dab7d069231765cec9f1297e53da869a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6822ff35fc2fe8ca472049f392fc491c |
| SHA1 | 47a85fae14aa2dcfd5668e5b80707efceba5aa6c |
| SHA256 | cdb20b3d7ba0748ebc6955c8d377b1d472c7b12728c353528e6a1fa25c0b47c9 |
| SHA512 | a58c68799a97f6ec366f4943f152a8e5fb5835252fd0b8c3bdea585ee867eb290389d15c270a45b40ceb050ce1cf94ed5b1b2977ff2a7d3463c11cdce647c3ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 04fb183578ab236360c0386a3cef2ad0 |
| SHA1 | feb5066e8b67552c7e19e1cf6e8b7a020e18ff00 |
| SHA256 | 7c4f83dea3f0e428323002409cc10969e2f5abaa3eebb572257b8eb698e20c9b |
| SHA512 | 218ad3f0709c00b86d29dfe2742e0dc6a1e668fe85743e80331d02821f375fc442f50e572bd22be9f93b997cae4fc812729828ebdec3a22e840f965259460390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ce23f8e8ecade8eeb2ab58751a898698 |
| SHA1 | ffa015df8c5054fd31dc2506d300d3484740e448 |
| SHA256 | e76639334361bc78ba5b42d1b6d26661dfe9e6d0fd8ff7dcca32ac286c0b06c1 |
| SHA512 | 9675c873e7fd91fe812e51da5fe7df93b32b58ca9c408f9231694bc3da2cb82fdf24388ce6174f1faac701c964fb8d497dc5fb109c634b155398601f8e47a976 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | db58814e73b8dcf7bf565f2cab11d7c0 |
| SHA1 | 68a11b423c9cb3301955a360f2ee7c37d216afde |
| SHA256 | 86884c4eae6f40374250b89a320b020427ddd9b01cf598ff6f6b9a489e804f67 |
| SHA512 | 2244b518e697dcf61cdfcd13a614c605df140a789905967318a790e1d990713e3e79b25d051b2c8fe168da212bb7833242df7c0de81f7d866b9f5817b3621f34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 53b61f5b29c1179b0279fbd9498a1536 |
| SHA1 | 140f44cd9d51ae81295ed199ccee46a7d37430dc |
| SHA256 | 197e9e4a9e3855014800c3bfb36a9e2c2082dc9ebd743cb7a3cf43736fefea2f |
| SHA512 | e7c6ec98a1e299e4a6c711d02d1c3a27cb3d22be2480f02ec458c9d119e48f70843d441729f3cb52c1f2ffcf4581692eb61ff644f99f88eebaf7c9af4d5cd57d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 4691023a524333adb2337720b52adde0 |
| SHA1 | a92c4dc3df565cfeed1e15ea4ff059ba01fd9248 |
| SHA256 | 19f1853554fe7305eeed5dda5c8f0c01f51e2e14ca101f129ace3ae25f5c3d8d |
| SHA512 | e7c9da80f49c888db06da32da467f8166c5e10374c207e2b7ad29a32d504c97491d96d5c298f4e070f857bff045bf4af25391b69cad5d5d379bb3054c4da8803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | eda13c6b6a5166489f77c8d20050d7eb |
| SHA1 | 83d1706bc1bb4b7e491045b945c3b50db09f58dd |
| SHA256 | 6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637 |
| SHA512 | b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | b322e56a86b24d52ba6c2a10614ce78e |
| SHA1 | 9a990a198453af55e2c86f8a85ef6eebcb296f4a |
| SHA256 | 3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e |
| SHA512 | 0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b50571004b7acfd1c06e46cfdc13401b |
| SHA1 | 32c126b85e4c4760c85b68ff03571e2e97998fec |
| SHA256 | df65ad1f37c25fc7bd6fa1ee5a1f660f5dd3d2e81ab5420944d4d956c41345d2 |
| SHA512 | 6053dce1379a201621bcacf1b3106fefb7352f58247899648e3a276aedad56256add10b7f7919d0455583baa8ce5d3f9da8ea88af9cd0e7ced2a3193c8b77b86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac60c5cc9ad2d4db23bd316b225b3d60 |
| SHA1 | 18d93ed64ccc9eb26bdb8f3f8b1f1f198656f410 |
| SHA256 | 2046eb501132c61cf3641fa50118da5b991a96d6209ea96a8b24fc396e6b3afa |
| SHA512 | c20778189cba2f46d45491714ec27a318746ee7b3729b3b3d56c88c2408e1c2c4eb6666692dd95078d4b11e57c91776c69e992676408dde21503b55636525763 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\83a1665e107c0f73_0
| MD5 | 85343e6c7d02338aaff58882f1852a20 |
| SHA1 | 3d2f8427492f5e184d08e83c4a274711cd0aba4c |
| SHA256 | d99248a522191b4e2abd434bc23866521ad57b3d9b3ef8e0aaf3143c1d890149 |
| SHA512 | 5127127686a53f49653750f82b511e2ae50eefe6b4898679ad7dda92ce928e030a59a09dab7084d5823e645769d373a272f0cb5430fac34a17134a755a482476 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
| MD5 | a45d240c403ae77892c77030c031856c |
| SHA1 | f348628eee2ff79c3db99e544e5b2e1c380da028 |
| SHA256 | cdfd1827b18fa55ea43abe5d5897e6edf5cc69aa58fb76920681f4002c52a076 |
| SHA512 | 83111b3490562c41c5fda2edb219850a232a1c4daf514ae55f4e9561babb4c1c312c023460ff392ef08e60a2c96fe28fe362672180a133de274fd4226843cab9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\index-dir\the-real-index~RFe585687.TMP
| MD5 | 895558da52d054ed76d9a94f5bd7c857 |
| SHA1 | 26b7990d82c58903aca0e83b86fc1c9b5db7c0ea |
| SHA256 | 21c9f0346a5d939a2ed04417c7afd330cccfa811828a90b8a3747174d6b760f2 |
| SHA512 | 7b2a8263d8ba52cc1a9250cf78729498e67eecb6b76df62e2b52ede0f84cddc47ba8f7ea6052fec09cd6da4657c27fb2e034626b99d5406e122752bdb04f0bd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\727930b5-9453-475b-aaf8-a31877c124da\index-dir\the-real-index
| MD5 | d4bc14ff143c1a716c4b811900741d95 |
| SHA1 | 4a4698fffa76c0acb521e9f8a28e2f6211a914f2 |
| SHA256 | 80f3ce9020109ba164562d8d3acb88e8373f9cfa4e28028912d3ae0c4dca898a |
| SHA512 | cab439ee7d9b2550b0f414ea4274b88537e1b98294d55ce112e8c58cb944467377a6ce19db03d3154d81e5eae177ac5122f237c473646a2ed0e39d4e089a1d25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d1e197b0fb1832cec83cd1b0f7c1f61d |
| SHA1 | cacf5e40e83566d6c2a562648cd2f5b9065c762a |
| SHA256 | 24e4ecd325172929abcc0100bb53c6c2e36709f962878a793a358d6bd78ae940 |
| SHA512 | eb834a11af0913d166f642c29b1aaf969b1a2649e83c708ba15f5c2c7f6c3b6ad9563bfcb81a714ba2e4dc2bf0e0a6d351c61568e80806d9f84367b0b6f0ce4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 796584179c854adb9dc70b4324adcf6a |
| SHA1 | 3a8c2e28c7a66929d7bc6cd365514c7bc236934f |
| SHA256 | 995fd552216efbf3667b6ba61a73ecb10b8597f6b7827b059f456d47f1f5e101 |
| SHA512 | 2d17855ddac5374145c9da15343716b1fcf48cbf370aea9872c12355bd8fd78d4f2632f36dd68b7f35da1b514e9eef902b7f56f6593b5ce601a103f4554710ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5862ad.TMP
| MD5 | 6fb7d1d4a0a6217ec0720660498144a4 |
| SHA1 | 784a74dd569fed0ba0f6c8027e61685035cec518 |
| SHA256 | fbec828d351f4754d74413204c055dd44c4cbbe30f7461bd3a0c0fc5268ce00d |
| SHA512 | eba2b0f43592b897def2d0ac4d7ff1c7cde4a72c05f374c306bfef0f14ad9e605178c31a4df17218f00e250ca958e8baa2116609ff2be335ef8913a5de7921ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 06d573682032a0aa04d6062aa8c1e93e |
| SHA1 | c5d2a1b2a41a9f5f04a2368b49d9b228892f9236 |
| SHA256 | 44190d8c4e5b9efa8fc86436674f96d4234333512757102598694985f14df18d |
| SHA512 | a6394d187f1f5244551712acd78ea748b90790c77cef3d9a53934c98b93b49c61ef6593289d753fb642496378fbc2b7baf6f256e077bbec2ec0fc1ca4ef71394 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a0eff0-ef2e-43a8-9df5-f7dcd13df3e3\index-dir\the-real-index
| MD5 | c1f4bffb68a4af23c1538f03a7d296c5 |
| SHA1 | 925cde6e71ac5d5276d22a8542a324b826828c80 |
| SHA256 | b415abb8e5f4dff3fdc54e3ca518363415746b9e001a525abbe20fd64ebb9b1f |
| SHA512 | 6f74e3067a4fc8945dc34303d63786928cb1e22db9f7f7e38d45b14659be2c3d4d5bf4ee141046eef4e399286150f0bb4590d5934733fcae9c7332945128022d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4f0c78414cc31d9091203c67ec66b9bc |
| SHA1 | c655be0df952267ec4d08db8f183cb35c45906f1 |
| SHA256 | dc2d33dd5abda07dd279da9ed58194d0942d9f25f0b685cb89dbcc9982d8b326 |
| SHA512 | bf5f7b8b76a8b44f614e945ec6dae7c759388bee478b49156006fe592b1abe85e1e2071368beb2efd1c9b341fb65fafd19c80806d23464abac955dd846bfca16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | e487227847af9aa3774d3ec327c9c24c |
| SHA1 | 7fdfda0bd77288a7492475d090dd709ac5863bb5 |
| SHA256 | cac591400bfabdb551d4eccf88eb0de34f7dd3fc73e55ec905bf353477df625c |
| SHA512 | 56e6a119e1fcd8854de68b0a2f8d3d7261b339797f419f22a2af35b21979e8a018a853494ac4a3aaab2be54d1dcf76dcdd62fb8e6f3c8913fad829f7502be34e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 458f3287759449e11682ed4afc4bfec8 |
| SHA1 | 3ccd84eb085788cc2abe46322806d0e610277254 |
| SHA256 | f4ea8de89e3fb53e6cf1b83c8fa09e48f30df3d974d1562bc53f7afd5d204e30 |
| SHA512 | e559405ee13b7b7bc5347e8df66b3ca0a7fd740a967c503a7f1d7c64366ef9bbc4d488b8608c3da7ef20ac30cf5da1b5870feebf0e2f9219da00418e68798834 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3ab413cf62481feef78f834f4ecdc357 |
| SHA1 | f354dde0866d73a2f42dbdc09c4f0252272999fb |
| SHA256 | 19b6892f37db88fdf9423f08d990a7dfd4b538ec1983dba5bfc82e9e32f64808 |
| SHA512 | fda60438e62210759328cc7df12f78d31a0361b61103ea19563b2bf47d886bfad467c8b48213c4dc589d09f6caf0a77da4325e000e287de187f79f4e678f13bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1554a7b967fb124cedf6355b1a44b8a5 |
| SHA1 | 6c04af751057d175934741fd8e584f92b4a7e9e2 |
| SHA256 | 1f2c78a7e6d1e6b0b5bcf479d143d7b1af3c144faf855334f9dc9c4116c48cfc |
| SHA512 | 8f10455d8726f4965d376f854efcca730223c5682a293eb4a8bc3c4e136786f74afdd6c55e2211378bf14006ae7c04de7475c992ecee82bf696176989990becb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6bffa9fcde2ab2bd6fc1ebbd381985be |
| SHA1 | 80561843b7b6cceb1f1fa66cfca5769996eb060b |
| SHA256 | 0005bf1db3cece1e72a0a01134c3f789ed4f31b1ed0b4fc69b55bbe33f324f54 |
| SHA512 | 0797bb5bb2a2a3c2397fc33510d9379872e23288eda74b2e328d7dd84dabb9ae00ee2a6e067a24e7e065bfe7d6aea4de1ae0ab47765fbfcc8565ea72e3aac0f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45881e4e67d8898c5b487d2a9c3624c2 |
| SHA1 | 256866f789aeb66ab7e81b81035c6a65c3cef0e5 |
| SHA256 | 10ef1e79fa55d34ff61e1cb252d36adc1748831c2d90ee94c2cb3e096bc61ce6 |
| SHA512 | a2341aedb6e858d07666daf0805d56084ec90cab4b8bf61561762be01b29b0a47c8eb55fa2790cfd22e7718ae05b69361ab755f0c4aa2e53569926061a15f7ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d6eb28de4173deb65620386e4199380 |
| SHA1 | c9c0cf46750331352ddfa604776bd64048f02f24 |
| SHA256 | 30a589c87fb6741a4c44a827413a88b97a53fd338f97040a78088f927d71ca85 |
| SHA512 | fa5ca9451c980f16336475e5c0b67207275bb48bc22ee6835d65fcca8096eb63490c149e311e1d93ce69285c1824fe6c483a6083afe496afd5e83d29dcbc6c7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c1a733a7bbb25e6b5b95a1d5ffb785ec |
| SHA1 | 5a6571d0f107ec6ac8dd176df1c1fc6892917bae |
| SHA256 | 61667dfff06a2b55c49f3c5b62a158843fe2cfd0b49a4dc07e560120e5ec93c2 |
| SHA512 | 1321cb881d463f692ba3c3fd71064758fd96482986b7bc1273285d8ad2f9fc0dada7344e64a58e288939be87b7c628075aaeb7d56b194e6d21a1f757a2958a1b |
C:\Users\Admin\Downloads\SampCheat.zip
| MD5 | ac515523cb2b3733ef577b41be25f567 |
| SHA1 | de33fa0b3c4cf54453f15181d636ee019cfb68ed |
| SHA256 | b4e0a7e5019643db5b46529c37c22173b1001d59030f1d711492aa3387445085 |
| SHA512 | ed79899f7c030696816ae969a6eea0aba82da3d6842fc7e156bcba726eabea9a761c8c84a04dc4e72094e710b6235eb980d1aea8a55b86e9f99539c95ae168a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3495f9b310597e47d695c6c307964d71 |
| SHA1 | 744a28f4c8ccacacd4593a5c4f86f00cbb2b7724 |
| SHA256 | 6a328fe00acd8ded75e9ca1911a23de63e939418cca7f64ae78a9eee0a4664d0 |
| SHA512 | b0234fac17e709137d473812e91abdca961caefad15e050d3fe0e7ed8dd1b5564005b1819dd62f43f4890ede9669caa1d8ad205977d69f0c69446a52f0a81d45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b04cc4b066daf3936e23e9bbe0c0b823 |
| SHA1 | 8a29244966445575eda933e0d2f2706d77842cf3 |
| SHA256 | 4dd6d46386352df8b6a313d31a0e2b929dd9e561a8117581c4c3bf9ecc91cc02 |
| SHA512 | f2bf9097a2f6abd7222d7fa8d388f11849dc1abd12b19e5d3ec6a12551212b88fe1970d477ea596dd5baa1070eb1df8d4bea1fa44a485948df5cd217547a1ab5 |
C:\Users\Admin\Desktop\SampCheat.exe
| MD5 | 73d7e637cd16f1f807930fa6442436df |
| SHA1 | 26c13b2c29065485ce1858d85d9dc792c06ed052 |
| SHA256 | cd0f7fb1020a931c98c7c258241f06292cb9b7cab8e9acdb4010f4d56f076ef6 |
| SHA512 | f3561a2090e70b6a2a7c4070daebce1b9ff269fef1a8ca6297c20eb28170675eec7c689d05a05a00b8ddb2d1c2c82639c5d53f63782c0460acd4d3aa95328922 |
C:\Users\Admin\Desktop\._cache_SampCheat.exe
| MD5 | 885383199b4458661a083d690adec52f |
| SHA1 | 7f3a0cdbf4f14e71fe0061f35c121ce087918a99 |
| SHA256 | 7e1fbcc206aed09ff42684b9dcdac876e2a1f7c068463430b1bfb21564af1252 |
| SHA512 | dbe796e5c8caf1de33ddfc499c86f3a2d289ab6f1e1f89ecabef7403c70e2ea18da72897184988f12024e01e159276dc6f70b09266102bb542517d08bf41d31b |
memory/3876-1229-0x0000000000400000-0x0000000000AAC000-memory.dmp
C:\MsAgentBrowserdhcp\RJohyDXhI3BukXB8LZtFph4xzxsRiCFy2OHMYmU5wvokqlpzCh.vbe
| MD5 | e6aa5a9a61e5a14929496cc623751fcb |
| SHA1 | e5e193008aaf6155d8959d1f237297e134c8c69f |
| SHA256 | 4518eab1e079194970bee0b64f0dc5151e2208a48a94672e9a98fbe046e6a7d9 |
| SHA512 | 45a4385a57d928587194313bd04ea42714619e2a3f35f8c7af0d930507f1e717dfd9c4d00c36514a826fb2e5090ed7e9b8a76f099798d2c468910c40e1d7cd0e |
C:\ProgramData\Synaptics\Synaptics.dll
| MD5 | c0ef4d6237d106bf51c8884d57953f92 |
| SHA1 | f1da7ecbbee32878c19e53c7528c8a7a775418eb |
| SHA256 | b9eae90f8e942cc4586d31dc484f29079651ad64c49f90d99f86932630c66af2 |
| SHA512 | c96947d47d49d8c09973c760f066b0fc600d9caa9f5972eac1d61c7d06d7c6c28c4b280827c576a63097c7daf6609b4930ad34a353fd784e748cadbdb971d4e6 |
C:\MsAgentBrowserdhcp\6tdiKxJ4vs339LB2ENkEUF6gwXbV.bat
| MD5 | f0817915454c14a131a03bb1e970a3d9 |
| SHA1 | 40bba77a1b68a36053d1cfce4a8820eeef1108df |
| SHA256 | 9983f72ca78bee90d64610d7bd9bce46c075674f22307494ad40982ff760978d |
| SHA512 | 00a97f09edc0824207fe5bf10e6d7ab903740bfb507db085b912e58a62f8ec814f05940bcb263163bec71e71def1ff9868fedd7b0348b4146a70198a00606c66 |
memory/1412-1284-0x0000000000400000-0x000000000040A000-memory.dmp
C:\MsAgentBrowserdhcp\Bridgesurrogate.exe
| MD5 | d5eb73597ed0a278e1a993ee15c5cdb1 |
| SHA1 | c0a88c5eb727b7e4eb38dd90e95cbb1c37de0341 |
| SHA256 | b6b9517b7429afea6d33ae62a1cff9ce8290b160f9f5544b1d9dd3ab0f620404 |
| SHA512 | 538de4b61b35c7acead9e8c26bdf1a47e024e7dd78402b4dbeb5fe6afe6ec7c323f2700f12c6ed441c51b61b4b3884967df67db6ba4ac682fc32c616dca2c932 |
memory/3912-1288-0x0000000000D60000-0x0000000000F3A000-memory.dmp
memory/2328-1295-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3912-1298-0x0000000001740000-0x000000000174E000-memory.dmp
memory/3912-1300-0x000000001BA40000-0x000000001BA5C000-memory.dmp
memory/3912-1301-0x000000001BF50000-0x000000001BFA0000-memory.dmp
memory/3292-1308-0x0000000002A60000-0x0000000002A6A000-memory.dmp
memory/3292-1306-0x0000000000400000-0x0000000000AAC000-memory.dmp
memory/3912-1307-0x0000000003100000-0x000000000310C000-memory.dmp
memory/3912-1303-0x000000001BAC0000-0x000000001BAD8000-memory.dmp
memory/1452-1325-0x00000000003F0000-0x00000000003FA000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\vucraqwk\vucraqwk.cmdline
| MD5 | c4ee4763b3ce16aa918e5a59a9ee8bc9 |
| SHA1 | 35aaa0362eb1abbf025bf710a359664c1388cc44 |
| SHA256 | f9958cb89d0d78c166d78d8f39e343a765b606cb309868fabd0ea7dd6cdc716d |
| SHA512 | 5e149eb8fc6958ae4d80df07c3a717cac8d4190b3a1a8fcc6995c6a6d8878c9464508aa5e7a57d793b728f0c498c84f527821fd6e7f10ec012126149e9f1039b |
\??\c:\Users\Admin\AppData\Local\Temp\vucraqwk\vucraqwk.0.cs
| MD5 | b9405413cb8fb32b9bf116c2b0ab36f5 |
| SHA1 | 842765a5b381436fae05b4834ab4842186823c71 |
| SHA256 | c1e4bb9f958bce8bc7bdedf80e514c140fa26a94f90e0e0e62770284157aea58 |
| SHA512 | cf170cac6f974f83669ca0c9657aa9855cecaed7b1f75bf8b13d1adad9e6f33eb998c9210061e8fea6b8ae8140de0cf55b93e87c3cc57648e7cc5db558bd0574 |
C:\Users\Admin\AppData\Local\Temp\RESE277.tmp
| MD5 | 3eaccdf59d74a9c603d96ece0085a094 |
| SHA1 | 05c5a75c21fc33b9be75b0be9a1b2bee9a340c7e |
| SHA256 | a3a4cc3e124ddbb6a5b47f013db16bb0f3f2359cfba604fdc92768b81a669823 |
| SHA512 | d0c79e50eaef8c7f9911ff5474c1c4bf0ded653bdb5cd61ad7bd7cd38c41d426d14881afe672c8a2e57763d1b6933e108b117989872f52697ed9730e52ef2420 |
\??\c:\Windows\System32\CSCE7A81917C93A4AE6B67D9565844629EC.TMP
| MD5 | 9beedc7794aa6283d0dfe66633f0facc |
| SHA1 | 51dcbc25b09e1b1eed30d7e7c4ef6d10958b5c71 |
| SHA256 | 852142ec581e78ed8efae8c1c328654f6bfad35e875f0d815c5f36c23a0fa860 |
| SHA512 | d07e046a043b4c4fd8352f0081ee5cad8585eda817f54e3a1025b16d8ac47b5d11409a6f0a3aeadb8ea04797bb7edf7edaa73214cc41f7557baa11406bb90eb4 |
memory/2884-1349-0x00000158FB270000-0x00000158FB292000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fozhx1x2.hz4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\GG3qQO2d8b.bat
| MD5 | 8ba59232d2c9ae2b3581c104e9beed59 |
| SHA1 | b16f1752aefa51e767a22e7079af9f40d7c8c2b6 |
| SHA256 | ed48f87ea7470231e21a3aac96d8a07a3c28e1d8ca54e615d7383cf114a8eac2 |
| SHA512 | 8c528597c6b977bb814ec865a9ca17b271d62021d3ac05d402622bc9dd24814d5572b131d9705b8a8ed59c15b2f9d9132bb909c0944bb8ba5e29fa41a48afb33 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2e907f77659a6601fcc408274894da2e |
| SHA1 | 9f5b72abef1cd7145bf37547cdb1b9254b4efe9d |
| SHA256 | 385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233 |
| SHA512 | 34fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d28a889fd956d5cb3accfbaf1143eb6f |
| SHA1 | 157ba54b365341f8ff06707d996b3635da8446f7 |
| SHA256 | 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45 |
| SHA512 | 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 77d622bb1a5b250869a3238b9bc1402b |
| SHA1 | d47f4003c2554b9dfc4c16f22460b331886b191b |
| SHA256 | f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb |
| SHA512 | d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9 |
memory/3476-1413-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bridgesurrogate.exe.log
| MD5 | af6acd95d59de87c04642509c30e81c1 |
| SHA1 | f9549ae93fdb0a5861a79a08f60aa81c4b32377b |
| SHA256 | 7521ee2d065a78efcab55a194fbd78492f84b70595f139263875f4ea92b194d6 |
| SHA512 | 93ab99bcf588fde553de3240e0d2b0cbd4e4bc5ef5e99d53f45a267d7ff30103a80b5a7aa1c52d6eff1e070af0ec82d2c0b8aafb7099742aa16810edc1815c3a |
memory/5656-1416-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1418-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1417-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1426-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1428-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1427-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1425-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1424-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1423-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/5656-1422-0x000001A0A5960000-0x000001A0A5961000-memory.dmp
memory/2820-1430-0x0000000003060000-0x000000000306A000-memory.dmp
memory/2820-1429-0x0000000000400000-0x0000000000AAC000-memory.dmp
memory/2820-1455-0x0000000000400000-0x0000000000AAC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c4a57dfb2159fffd154be9d847f06767 |
| SHA1 | faca55d707e860b701e836cb3f58418c87345cad |
| SHA256 | 2b59832c1fe38289a28514b4135068655ec73640c5a443a9fcaf3dbeceaa56a0 |
| SHA512 | aee702b493466435e6c7a7437643365027ba2004c3103ef0c24f00d7528b739a0a6a928a14aafa2d1a27c2b1fc0c2e59483c19addbf22f96916eb37658b22735 |
memory/2820-1470-0x0000000003060000-0x000000000306A000-memory.dmp
memory/2820-1469-0x0000000000400000-0x0000000000AAC000-memory.dmp
memory/2820-1484-0x0000000000400000-0x0000000000AAC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b711f01c6135801962fef3317e4a17b8 |
| SHA1 | 254e55289df499af7df719a78daa127dd3301999 |
| SHA256 | b0af96f009d35921fe57e332a477e3a77de9ec9cf57922f5671aa20aa7642b83 |
| SHA512 | f834268673209011ee4cd754077676e9b869f93c05d504a74be3d31c09157fc4fa07383f1a84e00a06593a251715eb92d0ad838684fc3a4f96cfd08751debf37 |
memory/2820-1508-0x0000000000400000-0x0000000000AAC000-memory.dmp
memory/2820-1509-0x0000000003060000-0x000000000306A000-memory.dmp
memory/4652-1518-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1527-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1526-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1525-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1524-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1523-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1522-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1520-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp
memory/4652-1519-0x00000253EFBD0000-0x00000253EFBD1000-memory.dmp