Analysis Overview
SHA256
bdd5ea18320c3fb29eece7ffff299152d11361659e8640f64de736affbe11e61
Threat Level: Likely malicious
The file images (1).jfif was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Sets desktop wallpaper using registry
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 12:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 12:19
Reported
2024-05-07 12:22
Platform
win10v2004-20240419-en
Max time kernel
115s
Max time network
123s
Command Line
Signatures
Disables Task Manager via registry modification
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" | C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected] | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\Desktop\Wallpaper | C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected] | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595579919841025" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3726321484-1950364574-433157660-1000\{2435E6F3-E193-4E64-8B65-5223583DCE9B} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" | C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected] | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3726321484-1950364574-433157660-1000\{4FEB15BF-CC9C-48A6-9B8F-8046A89BA31B} | C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected] | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected] | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff764dcc40,0x7fff764dcc4c,0x7fff764dcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1688,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2032 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2324 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3692,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4436,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5352,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5124,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5128,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3268,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3360,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5632,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5616 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6068,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3300 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d0855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 172.217.16.238:443 | chrome.google.com | tcp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | wipet.malwarewatch.org | udp |
| US | 188.114.97.2:443 | wipet.malwarewatch.org | tcp |
| US | 188.114.97.2:443 | wipet.malwarewatch.org | tcp |
| US | 188.114.97.2:443 | wipet.malwarewatch.org | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 172.67.168.207:443 | malwarewatch.org | tcp |
| US | 172.67.168.207:443 | malwarewatch.org | tcp |
| US | 172.67.168.207:443 | malwarewatch.org | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.168.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.247.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 246.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2100_WBFYVFHCEPWNXCFP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f9ced12d849356db80c920deab35f5d6 |
| SHA1 | bdc84cc0b92e4b024d1c0da6f4dc5a7740c48783 |
| SHA256 | d6de6c6592edecf7ad8485d7a1958e2c4b2c09ba27da7ccefe02e54d16046905 |
| SHA512 | 8c14fc22798ad2350bdb624675f25d7e4d2eaadfe1af1be4820702c9bf3a88d4c8ab2d0d9962f16ad1942194e88ae08a570005c17126896ce33337236d404eb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d8d83cdd3b7a66222c5666c2dac5a149 |
| SHA1 | 7196a865a53bb469366359007441534b0fba76e2 |
| SHA256 | f58a0e9aef0c1efe7c94c200470706f7ba397cec5d4af3bb802529cdabf28268 |
| SHA512 | 796f5a927443349bfa23cfc4ac4453a55f7571e4e463d658f0537f438469cdc104aa84be39d1facf86decbbddbfd6c808c6c0284f4672c7d8f340503dec55c10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb01c7f20ed7ac9826017ff8e31516b8 |
| SHA1 | 5ed695ce395ebd2e33f2e4975a024f81072b41f9 |
| SHA256 | 35fa3a1c2622312b6f5373c21d29932ec48c3c65372fc9ff22a6bb286e4b7894 |
| SHA512 | 0687ac46b584c99c6d545d731ff75d74cd6f0add10e3dfc643ad501f411ec2dc438bf6df4834151443b4126b899b15bea43690d295fc70e6b52f6f3a4795b247 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6e0d23261c705c4867f8a641b1b9487 |
| SHA1 | 55db9062810c82151e0074a244d11d0362972c7b |
| SHA256 | 14fb8c7c74d80547692d55fb046450efb59daa3904be2cbbb240676dd371dfa3 |
| SHA512 | 53b932dabeb88de1dd1a00bc29e0f41b7f3e4964ffc6a707b9597dc60a8451f0e63571c950b4a95bc409246e936b2d4effde541384c1be49ebcf39da965ef78a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 757e2944da0cc68c5919bc375801b450 |
| SHA1 | 3f790b5529eca741545f3b13227005c6db6556b4 |
| SHA256 | 6a4b9986075ae8d1453bd30f7255498b74d4a0d8be5e8eceb0b91f39911e8ea1 |
| SHA512 | 041ca7552bd96b150507135940b1d0d663e4f59662b8ba9f475107e6b71e46499d14a2f593cbf84fd4943276412e26cf822466c79d02f1b9e70ffcf4a0ea7fba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3f83ddafa0aee9bd50c2f363860d95d |
| SHA1 | 4bb2de0f7bfe89496739e8131fc8e9b4b228ac61 |
| SHA256 | 35b7b4c747cd517fe66d4de22cfd45315e1aabd481a045c28ee24ab801c31807 |
| SHA512 | 08086965c4ef607926e5dc33db1aac7ffd529040d4fad3015d1ca466b2854d345dee079bb1cb84f852ecdc007c694c8436985207b5878d063eafb6875a27b72d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4bd6c43bf90b7f84821fe8912909d3a |
| SHA1 | 88daf3c8f70a582252d8804ba55b2049476f018f |
| SHA256 | 92dbe9c83a1263107be6318d9a29e550343dc973f8d3e144fc832387b0e0c9cf |
| SHA512 | be4055a83a224fb048a4dae949c17827b41c373ac124ed003f0f38ae0189a7f80b7cef1ba91120955488942cf17d72ce5e4d8fe49d3b3987f08b4a3a61d2cfed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | e1f573dd1be4c28839166fad04f60176 |
| SHA1 | b051e6dee2cfd2ca171f6388fe7d4b336728cd52 |
| SHA256 | 26c540b2a929190d0aeb27d41d456bd72e2dd7b6208b18c47725b18804332f3e |
| SHA512 | 18e88ea4f27de36560860f3e926885025c8ef791ba58227518b7bd3ce6929c826a3264d915de89f38d05589016aa39c0654008df5cf266085916539ba59ef6ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | 9c12ec41b948e46a5108b7dbfaf1d16c |
| SHA1 | 860c5126809bae1950aa06800c5c1bcdf05f6c53 |
| SHA256 | 34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004 |
| SHA512 | a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57d273.TMP
| MD5 | a1d32b4581aa2b1ad1f4a52b99560a1b |
| SHA1 | 07914afc2793b80739d9a9dd655ddbe483aa4b1b |
| SHA256 | a021288acb18fb9cf4fd8094bde7c9af31a54c5cd7e84aec53fce8db194a3930 |
| SHA512 | b5c9e5a99c197d6a4315b3c928c884e5d529221959f6c5eef58dd638d39d530912ce88eb9a13767143c3fc6f9ce9082807fc93bf1f4a7513b4810532703c528b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7bd76587fdd498b5877360ae3bb3738d |
| SHA1 | 21fedff6d0810578dce0c66c01d10495f4f5f96e |
| SHA256 | f0769278a5e3c60f994d05ab79e23380ac7ea5e0e75a462333f32c5852038c49 |
| SHA512 | 8fdbf474cf0ec209721ff9479c8f0cdfe041ebfd493971184d714af8e983e86f68653d02228c6aa2ede2080b1bced8900f46d0973399679f911afa7e48e36e1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fccd649ef80c4b8812b43469875e2505 |
| SHA1 | 4aa8de2d99c6d2a8a1b27813c3045a170d4573c7 |
| SHA256 | 722ff87ec647234222c4a1967cdb75e4de96a16e5b0f79e8ffe73813dd1fafa2 |
| SHA512 | 758312ab85e6f5164fd722be046ed9e51dea7c21a650900c48f6b35723ec6315e464d8604bf0886abf6a3cf6ea084b47bc26c5fe5c5eb82251e76de415c60b0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 918a4ed480f9e29562d4e13099e6a980 |
| SHA1 | e04c8c1b8ff67f46332ad35a5ccc23a86a77d879 |
| SHA256 | 30dd7a714b2cf09881db4ec4105eacb8f4b117c8c349e28557b04a6545a23575 |
| SHA512 | 13c53bbb6895d0253a2035f3fc70ab01c25e0a511d6546b040a652839ed6083d2e7cde14d13ce4e4db2181edcd75b3e72b5e709d03f8e9231b7300774fd9e52e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 339f5f27b694004ba5503613a88d90c3 |
| SHA1 | 73c924c18399b21ade65e44ecf3ac59720cc259a |
| SHA256 | a2ce1d1752c24f3bd2cfc012528d1245619e483bb520aad9c5beee6aea0a0f91 |
| SHA512 | 8ad4273260d3b4cc8403d2ddea5e7fa5e41d3dcf4984d76dfd78f79babe54f0be3e7c99b96ef711059439292e4e4c59bd60a35df61ffdf1fe215b84deea2f0cb |
C:\Users\Admin\Downloads\ColorBug.zip
| MD5 | 34071c621da9508f92696709d71bb30a |
| SHA1 | 5817a14b8da5da5aecd59f5016c2b02fbbe2f631 |
| SHA256 | ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd |
| SHA512 | eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f4fc9f9c6c2e7f13e1341b5c8d95c88f |
| SHA1 | 1ce9ff2806666bf1eff76f2ab1cf61592ea753bf |
| SHA256 | 1d8d91409a9b602031a9ef961a3dc46a321008f9098551b77a541d93602b797c |
| SHA512 | 037239959b9a6aa2ed2d8dacf45fc90eb662580055689d2205c80dbfca235f43413b0b5ef3adcd52c7d2c14e289d4d144385d0e98c1310005e95086add677147 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7dba7a1a7f6fd4c640f0ff149a01b78b |
| SHA1 | 2e43e76c1f9cfdc8dbc950d05a0605464cd8bb92 |
| SHA256 | b60134674985394f5d2fdd76e4c2c61bf703ac209c452c31d30d9215c3fe5de6 |
| SHA512 | ebaeacd450099f2f781b28e280eadccd8cbc8fbddfdcc6fd8ae4d12a15f50e03bc5d56a17ace56e8750f4e359a7ef515fda4305b4ba46d662be005b9512cf381 |
memory/5168-463-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a0a9043dd460f09808e0fbe087272ef4 |
| SHA1 | da2f20893e70600f579943052a5154565ec33d86 |
| SHA256 | c23ec554ae3028d8915667926452d30e6f5ecbe57ecd2cd54e6d92549e837283 |
| SHA512 | 6d292a37504a1803cd6f4458cf66247b3370a2fabff3aed6c91868f463e4953ae2527bafb9f32eb51c71762d92f0a65cee4ba31d1b07d442cbe7ae9843780b6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2fe6d02dcef8c4ebbfa907eebcf6f6dd |
| SHA1 | 19c9ccd764122405bf96d9535c9f35bbd62c465a |
| SHA256 | 67a59737399b42d471f5ea7f3b4f837fbacf8d512c52fcd4a4e8f38c75cb603f |
| SHA512 | 8f01caba694d9d535688d3615826d27dc264cd036d85b7d288f8333aa2e1c5b7f1b6fbf23c560f554ee00041881bf863e6a57318a5da66a6c179feb6fcbb0067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aca787cb008041b54f1c1b8c84bed948 |
| SHA1 | 13dede05b628b4a95b869b35b166d4ceac020249 |
| SHA256 | a4532bdb16951579803f581c2218628a4c25f0d3d7d25743e5b8e14947202fb7 |
| SHA512 | 3d44ca17631e5dd27ddccee1a5033a3afc61e019144ed9cafa6c1ed477135e252c6dd9f58f449a61a0f2002b6c50cd27699f6c4bf4284501aa02f72f0e90b931 |
memory/2800-483-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3560-484-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c9ac9bc0717639a50a286930584daff |
| SHA1 | 431d0982eb47e23c781f9d6616c5c035b3754921 |
| SHA256 | 833dec70e114db006f56c2374846868ec6b571754f8b133a4c4fba9220ca14f0 |
| SHA512 | 5d81ccaaeb8490cd09235ce38200b92d21bd2d6e58bb421fc09d5ff4d66e6b1858117829aed3d2942b4048d121f9d3cbd93fe1ff26b021feafdbd1664d1bb844 |
C:\Users\Admin\Downloads\000.zip
| MD5 | d113bd83e59586dd8f1843bdb9b98ee0 |
| SHA1 | 6c203d91d5184dade63dbab8aecbdfaa8a5402ab |
| SHA256 | 9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8 |
| SHA512 | 0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8b94593f22d6a1fe07729498016651f0 |
| SHA1 | bffeaff9074dca445e8de9b13bd2f06a8c3a791e |
| SHA256 | b236dcbf142c25397263662446fc6f80b9567ba30d45afa4bd8f3a8d5b6c928f |
| SHA512 | ddf2763c4c2e8e9550ff277c1ab0eb4084e070a9db91e46a3b5a714f212f94fbb6aef9732448f5c2ac89cc05a6fab79d87464fb31616a9af0fa6b5b4d38c8c59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba538f4a8a4651ced8eae097ec5cc0a3 |
| SHA1 | fe8963dad79fd522ccfd4dae6a4e03e19e70e714 |
| SHA256 | f9dca89bd2a46640a0c4b57b24e7fa7447bc0202b903a2d9f3494193a99a070f |
| SHA512 | ce2bada184e4729198f0678211fe3c5fe73b4e0bfb6bc9c9d3b3e1233ae64ff4bffcd36d3777872084c0f36a037e3eacfdab94baf934e41240a4a4e3c85c28f9 |
memory/6124-520-0x00000000000C0000-0x000000000076E000-memory.dmp
memory/6124-521-0x0000000005840000-0x0000000005DE4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\windl.bat
| MD5 | a9401e260d9856d1134692759d636e92 |
| SHA1 | 4141d3c60173741e14f36dfe41588bb2716d2867 |
| SHA256 | b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7 |
| SHA512 | 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/6124-539-0x000000000BC00000-0x000000000BC38000-memory.dmp
memory/6124-540-0x000000000BBD0000-0x000000000BBDE000-memory.dmp
memory/6124-543-0x000000000BE70000-0x000000000BE80000-memory.dmp
memory/6124-544-0x000000000BE70000-0x000000000BE80000-memory.dmp
memory/6124-546-0x000000000BE70000-0x000000000BE80000-memory.dmp
memory/6124-545-0x000000000BE70000-0x000000000BE80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rniw.exe
| MD5 | 9232120b6ff11d48a90069b25aa30abc |
| SHA1 | 97bb45f4076083fca037eee15d001fd284e53e47 |
| SHA256 | 70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be |
| SHA512 | b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877 |
memory/6124-550-0x000000000BE30000-0x000000000BE40000-memory.dmp
memory/6124-554-0x000000000BE30000-0x000000000BE40000-memory.dmp
memory/6124-553-0x000000000BE70000-0x000000000BE80000-memory.dmp
memory/6124-552-0x000000000BE70000-0x000000000BE80000-memory.dmp
memory/6124-551-0x000000000BE30000-0x000000000BE40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | de708a6fced82eac2670ef85188abbbe |
| SHA1 | 6e3445aaec4c000a9371672d454a0ae5a35f7631 |
| SHA256 | a01ff1d989e2904396fb5f44488dcc4dff4cbb66a328c5c062f706e35be129ce |
| SHA512 | 0d27c9dcf78c04f5d43e8b198ace4d1c005691673f0d9d44f5fa10ebcea1812635ffe5f80dca4b3c37f387a7d7c6229a386c727a5bb07ba039c81618aa240464 |
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
| MD5 | 9037ebf0a18a1c17537832bc73739109 |
| SHA1 | 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60 |
| SHA256 | 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48 |
| SHA512 | 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f |
C:\Users\Admin\AppData\Local\Temp\one.rtf
| MD5 | 6fbd6ce25307749d6e0a66ebbc0264e7 |
| SHA1 | faee71e2eac4c03b96aabecde91336a6510fff60 |
| SHA256 | e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690 |
| SHA512 | 35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e02ca2c26f1822f2a8b9cd106c6922f6 |
| SHA1 | a12aaa2bd6d20438e57d53307f0db31dfa3ebaa4 |
| SHA256 | b6a14df28a90e1c5d42164426e4aca1fd1a49f4302455138e40db3fb29f216c9 |
| SHA512 | fa5fc7045454abfe8ed1ef1a17d4054e3d45bfd32aeb75b205013238bf1feb7e97d08f0e78aaf2008f73d9009143b4e5525b8add0a16ea191b7d967bc6b583a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b9159e83a4b067c4112533e81495ec44 |
| SHA1 | 0cccefc4eaa93b8e425aa4f2ba21ec5bd1727eae |
| SHA256 | 0064d08607a42244b1539e30e7faff64f064251be1ad19b03d08836719d30bb3 |
| SHA512 | 99d6176bb3fd7eff3df634af375bb89c3afa006f7408fa3d7795da7d189a0a781e42456ec1473b6b58a1838eb449ae5a8879054b71ae925df462a362478d440c |