Malware Analysis Report

2025-01-02 07:34

Sample ID 240510-ht941shb9y
Target 7z2401.msi
SHA256 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99
Tags
privateloader evasion loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99

Threat Level: Known bad

The file 7z2401.msi was found to be: Known bad.

Malicious Activity Summary

privateloader evasion loader

PrivateLoader

Enumerates connected drives

Modifies Windows Firewall

Drops file in Program Files directory

Drops file in Windows directory

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 07:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 07:02

Reported

2024-05-10 07:13

Platform

win7-20240419-en

Max time kernel

275s

Max time network

617s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2401.msi

Signatures

PrivateLoader

loader privateloader

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\7-Zip\Lang\fur.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\eu.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\si.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.sfx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\en.ttt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\gu.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\id.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ta.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ne.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\da.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\eo.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\gl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\lij.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7zCon.sfx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ky.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ru.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7-zip.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\cs.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mr.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sa.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ug.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\af.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\fr.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\io.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\lv.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ro.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\History.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\de.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ps.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\is.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pt.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7-zip.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ca.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\cy.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tk.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\va.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\descript.ion C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sq.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\et.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\uz.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\kk.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pa-in.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ga.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hr.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hy.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tr.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tt.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\yo.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hu.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ka.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mng2.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\an.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ext.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sk.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sv.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sw.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\fa.txt C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f7657a3.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f7657a2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7657a7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7657a3.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\f7657a2.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI588C.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Complete C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\PackageName = "7z2401.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Version = "402718720" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Program = "Complete" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\PackageCode = "96F071321C0410724210000020000000" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\LanguageFiles = "Complete" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000\96F071321C0410724210000010000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\ProductName = "7-Zip 24.01" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2184 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2401.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003D4" "0000000000000594"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4a99758,0x7fef4a99768,0x7fef4a99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3772 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=816 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2324 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2336 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3952 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4064 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4248 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2600 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3968 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4228 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4220 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4352 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2332 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4468 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4496 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4448 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4940 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Users\Admin\Downloads\RapeLay_hM-nGX1.exe

"C:\Users\Admin\Downloads\RapeLay_hM-nGX1.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-K703H.tmp\RapeLay_hM-nGX1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-K703H.tmp\RapeLay_hM-nGX1.tmp" /SL5="$110178,13564377,780800,C:\Users\Admin\Downloads\RapeLay_hM-nGX1.exe"

C:\Windows\SysWOW64\netsh.exe

"netsh" firewall add allowedprogramC:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe "qBittorrent" ENABLE

C:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe

"C:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe" magnet:?xt=urn:btih:14FCB2E55188541ED55ACF6D89C2800F8033C187

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.fosshub.com/qBittorrent.html?dwl=qbittorrent_4.6.4_x64_setup.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4816 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4396 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4088 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4260 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4732 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4812 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 gamefabrique.com udp
US 172.67.210.149:443 gamefabrique.com tcp
US 172.67.210.149:443 gamefabrique.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 172.67.210.149:443 gamefabrique.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 d1pdf4c3hchi80.cloudfront.net udp
GB 18.244.183.189:443 d1pdf4c3hchi80.cloudfront.net tcp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 forhavingartistic.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 yonatallcolum.info udp
GB 143.204.176.11:443 getrunkhomuto.info tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 104.21.10.43:443 forhavingartistic.info tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 18.245.218.128:443 yonatallcolum.info tcp
GB 18.244.183.189:443 d1pdf4c3hchi80.cloudfront.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 id.google.com udp
ES 142.250.178.163:443 id.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 172.67.210.149:443 gamefabrique.com udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 104.21.10.43:443 forhavingartistic.info udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 av.prod.archive.org udp
US 207.241.239.241:443 av.prod.archive.org tcp
US 8.8.8.8:53 ia600504.us.archive.org udp
US 207.241.227.184:443 ia600504.us.archive.org tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 m.happymod.com udp
US 104.21.64.156:443 m.happymod.com tcp
US 104.21.64.156:443 m.happymod.com tcp
US 8.8.8.8:53 image.winudf.com udp
US 104.21.64.156:443 m.happymod.com udp
US 104.26.9.22:443 image.winudf.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 f95zone.to udp
BZ 190.115.31.182:443 f95zone.to tcp
BZ 190.115.31.182:443 f95zone.to tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 assets.mediacandy.ai udp
US 172.67.202.37:443 assets.mediacandy.ai tcp
BZ 190.115.31.182:443 f95zone.to tcp
US 172.67.202.37:443 assets.mediacandy.ai tcp
US 172.67.202.37:443 assets.mediacandy.ai tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 172.67.202.37:443 assets.mediacandy.ai udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c73.gcp.gvt2.com udp
PL 34.0.245.166:443 e2c73.gcp.gvt2.com tcp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 142.250.178.4:443 www.google.com udp
BZ 190.115.31.182:443 f95zone.to tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 172.67.202.37:443 assets.mediacandy.ai tcp
US 8.8.8.8:53 secure.gravatar.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 8.8.8.8:53 attachments.f95zone.to udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
NL 209.237.141.109:443 attachments.f95zone.to tcp
NL 209.237.141.109:443 attachments.f95zone.to tcp
NL 209.237.141.109:443 attachments.f95zone.to tcp
NL 209.237.141.109:443 attachments.f95zone.to tcp
NL 209.237.141.109:443 attachments.f95zone.to tcp
NL 209.237.141.109:443 attachments.f95zone.to tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
CH 172.217.168.67:443 beacons2.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
CH 172.217.168.67:443 beacons2.gvt2.com udp
BZ 190.115.31.182:443 f95zone.to tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.178.4:443 www.google.com udp
CH 172.217.168.67:443 beacons2.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 104.21.64.156:443 m.happymod.com udp
US 104.21.64.156:443 m.happymod.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c46.gcp.gvt2.com udp
BR 35.215.235.162:443 e2c46.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 e2c56.gcp.gvt2.com udp
ES 34.0.206.140:443 e2c56.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons2.gvt2.com udp
US 8.8.8.8:53 i.happymod.com udp
US 104.21.64.156:443 i.happymod.com tcp
US 104.21.64.156:443 i.happymod.com tcp
US 104.21.64.156:443 i.happymod.com tcp
US 104.21.64.156:443 i.happymod.com tcp
US 104.21.64.156:443 i.happymod.com tcp
US 104.21.64.156:443 i.happymod.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 207.241.224.2:443 archive.org tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 ia800504.us.archive.org udp
US 207.241.230.54:443 ia800504.us.archive.org tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 207.241.227.184:443 ia600504.us.archive.org tcp
US 172.67.210.149:443 gamefabrique.com udp
US 172.67.210.149:443 gamefabrique.com tcp
US 104.21.10.43:443 forhavingartistic.info udp
US 104.21.10.43:443 forhavingartistic.info tcp
US 8.8.8.8:53 getrunkhomuto.info udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 d2k42xg1i2ns90.cloudfront.net udp
GB 143.204.176.11:443 getrunkhomuto.info tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 143.204.176.11:443 getrunkhomuto.info tcp
GB 216.58.204.67:443 www.google.co.uk udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 18.239.238.54:443 d2k42xg1i2ns90.cloudfront.net tcp
GB 18.239.238.54:443 d2k42xg1i2ns90.cloudfront.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 ztjru.dwhitdoedsrag.org udp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
US 8.8.8.8:53 file.myfontastic.com udp
DE 116.202.16.124:443 file.myfontastic.com tcp
US 8.8.8.8:53 www.facebook.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
DE 116.202.16.124:443 file.myfontastic.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
GB 143.204.176.11:443 getrunkhomuto.info tcp
US 8.8.8.8:53 dukirliaon.com udp
NL 139.45.197.239:443 dukirliaon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 yonmewon.com udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
NL 139.45.197.239:443 dukirliaon.com tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
BE 104.68.85.7:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
US 8.8.8.8:53 acs.aliexpress.com udp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
US 163.181.154.234:443 g.alicdn.com tcp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 is.alicdn.com udp
BE 23.55.96.49:443 ae01.alicdn.com tcp
BE 23.55.96.49:443 ae01.alicdn.com tcp
BE 23.55.96.49:443 ae01.alicdn.com tcp
BE 23.55.96.49:443 ae01.alicdn.com tcp
US 8.8.8.8:53 ae04.alicdn.com udp
US 8.8.8.8:53 time-ae.akamaized.net udp
US 2.18.190.82:443 time-ae.akamaized.net tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 163.181.154.234:443 g.alicdn.com tcp
US 163.181.154.234:443 g.alicdn.com tcp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 login.aliexpress.ru udp
US 8.8.8.8:53 login.aliexpress.us udp
NL 23.62.61.58:443 ae04.alicdn.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
DE 47.246.146.200:443 acs.aliexpress.com tcp
CN 123.183.232.34:443 fourier.taobao.com tcp
RU 47.246.133.88:443 login.aliexpress.ru tcp
CN 123.183.232.34:443 fourier.taobao.com tcp
US 8.8.8.8:53 fourier.aliexpress.com udp
US 8.8.8.8:53 wp.aliexpress.com udp
DE 47.246.146.223:443 fourier.aliexpress.com tcp
US 8.8.8.8:53 login.aliexpress.com udp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
SG 47.246.110.42:443 ae.mmstat.com tcp
DE 47.246.146.12:443 wp.aliexpress.com tcp
BE 104.68.85.7:443 login.aliexpress.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 8.8.8.8:53 de-wum.aliexpress.com udp
US 8.8.8.8:53 img.alicdn.com udp
DE 47.246.146.193:443 us.ynuf.aliapp.org tcp
DE 47.246.146.200:443 acs.aliexpress.com tcp
US 163.181.154.234:443 img.alicdn.com tcp
US 163.181.154.234:443 img.alicdn.com tcp
US 163.181.154.234:443 img.alicdn.com tcp
US 8.8.8.8:53 45wgq3.tdum.alibaba.com udp
US 8.8.8.8:53 ynuf.aliapp.org udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 123.183.232.34:443 fourier.taobao.com tcp
DE 47.246.146.223:443 fourier.aliexpress.com tcp
US 8.8.8.8:53 pcookie.aliexpress.com udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
DE 47.254.175.252:443 45wgq3.tdum.alibaba.com tcp
US 47.246.136.175:443 pcookie.aliexpress.com tcp
US 47.246.136.175:443 pcookie.aliexpress.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
US 8.8.8.8:53 d3aqanlsy9rdqp.cloudfront.net udp
GB 108.156.32.198:443 d3aqanlsy9rdqp.cloudfront.net tcp
DE 47.246.146.193:443 us.ynuf.aliapp.org tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
GB 108.156.32.198:443 d3aqanlsy9rdqp.cloudfront.net tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 dht.libtorrent.org udp
N/A 10.127.0.1:5351 udp
US 8.8.8.8:53 download.db-ip.com udp
US 8.8.8.8:53 router.bittorrent.com udp
US 8.8.8.8:53 router.utorrent.com udp
US 104.26.5.15:443 download.db-ip.com tcp
US 8.8.8.8:53 dht.transmissionbt.com udp
US 8.8.8.8:53 dht.aelitis.com udp
US 34.229.89.117:6881 dht.aelitis.com udp
US 67.215.246.10:6881 router.bittorrent.com udp
IS 82.221.103.244:6881 router.utorrent.com udp
FR 87.98.162.88:6881 dht.transmissionbt.com udp
SE 185.157.221.247:25401 dht.libtorrent.org udp
RU 178.71.33.7:44307 udp
RU 95.190.74.255:6881 udp
HU 176.77.152.87:61382 udp
DZ 105.99.69.54:6881 udp
CN 183.134.38.18:6890 udp
GB 94.13.84.31:27375 udp
NL 178.162.173.149:28001 udp
KR 211.194.234.13:33316 udp
FR 91.121.75.217:58004 udp
IT 93.33.22.87:49453 udp
HU 217.116.43.47:49011 udp
KR 211.119.72.223:21402 udp
TR 176.232.224.127:34148 udp
US 8.8.8.8:53 www.fosshub.com udp
NL 45.136.230.98:55935 udp
NL 46.232.211.130:18159 udp
NL 45.158.186.49:12565 udp
US 104.20.227.61:443 www.fosshub.com tcp
CA 51.79.69.9:10291 udp
ZA 196.210.28.235:63641 udp
US 70.110.28.198:6881 udp
US 47.160.101.36:50288 udp
CN 223.109.185.81:6889 udp
ES 193.177.211.14:33655 udp
BG 89.106.97.184:59193 udp
ZA 197.89.62.106:24388 udp
CA 135.19.185.23:38331 udp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 104.20.227.61:443 www.fosshub.com tcp
US 104.20.227.61:443 www.fosshub.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 8.8.8.8:53 cdn.thisiswaldo.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.20.227.61:443 www.fosshub.com tcp
US 104.20.227.61:443 www.fosshub.com tcp
US 104.20.227.61:443 www.fosshub.com tcp
US 104.20.227.61:443 www.fosshub.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
GB 18.245.218.122:443 cdn.thisiswaldo.com tcp
CN 42.230.213.231:11268 udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 api.fosshub.com udp
US 104.20.227.61:443 api.fosshub.com tcp
US 8.8.8.8:53 download.fosshub.com udp
US 205.234.175.175:443 download.fosshub.com tcp
US 205.234.175.175:443 download.fosshub.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 askdomainad.com udp
GB 18.244.155.17:443 askdomainad.com tcp
US 8.8.8.8:53 img.cdn.house udp
DE 46.4.115.66:443 img.cdn.house tcp
DE 46.4.115.66:443 img.cdn.house tcp
GB 143.204.176.11:443 getrunkhomuto.info tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
RU 5.44.7.118:2079 udp
US 8.8.8.8:53 www.aliexpress.com udp
SG 47.246.110.42:443 ae.mmstat.com tcp
BE 23.55.96.49:443 ae01.alicdn.com tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
BE 104.68.85.7:443 www.aliexpress.com tcp
N/A 239.192.152.143:6771 udp
NL 212.7.202.40:28030 udp
TH 122.155.0.70:10388 udp
RU 5.182.25.156:8080 udp
NL 178.162.173.217:28007 udp
FR 195.154.172.169:24367 udp
KR 121.137.59.15:7504 udp
PL 89.64.3.96:9662 udp
CA 157.208.36.157:22529 udp
US 159.203.72.134:51413 udp
JP 131.147.3.41:17179 udp
NL 46.232.210.129:20259 udp
FI 65.21.128.232:50000 udp
FR 54.38.47.95:21019 udp
NL 89.149.200.93:28005 udp
FR 195.154.181.225:54969 udp
DE 213.136.79.238:51430 udp
MX 177.245.153.102:5685 udp
NL 45.91.209.19:50838 udp
US 3.141.48.235:6880 udp
MX 177.245.152.30:8165 udp
JP 180.94.207.248:16913 udp
JP 138.64.96.181:54230 udp
UA 176.111.181.112:11296 udp
US 71.105.62.182:6881 udp
PL 89.191.226.71:32000 udp
HK 42.2.84.115:14454 udp
NO 84.52.226.24:6881 udp
KR 61.255.228.98:60507 udp
MX 187.251.110.220:37430 udp
RU 95.25.160.86:35349 udp
CA 65.95.166.129:50321 udp
KR 59.4.72.3:40911 udp
FI 95.216.100.173:34917 udp
RU 95.71.195.47:14991 udp
KZ 95.57.235.40:22947 udp
US 69.16.145.126:6881 udp
RU 78.110.151.57:38277 udp
CN 121.8.25.9:51413 udp
RU 37.146.76.55:20633 udp
MY 14.192.208.126:19019 udp
PH 49.148.249.161:51905 udp
US 66.76.243.130:50399 udp
US 84.239.7.11:57679 udp
KR 84.247.102.9:36055 udp
KR 84.247.102.9:50338 udp
SG 86.48.10.42:21862 udp
RU 89.148.235.68:45682 udp
DE 91.7.0.129:63123 udp
SE 95.140.186.37:4934 udp
SG 103.252.201.68:53219 udp
TH 110.169.231.211:1286 udp
PH 136.158.57.249:20837 udp
US 146.70.115.139:62775 udp
CA 174.116.204.76:15982 udp
ID 182.253.89.72:21706 udp
ID 182.253.89.72:45561 udp
CA 184.75.221.171:15982 udp
NL 185.162.184.13:56839 udp
NO 185.243.217.228:30002 udp
NL 188.227.86.220:45682 udp
BR 207.248.5.252:18453 udp
PH 210.23.169.79:58613 udp
KR 220.72.131.167:13328 udp
BR 43.135.195.47:60021 udp
DE 51.75.78.69:6893 udp
NL 195.170.172.38:10240 udp
FI 65.108.78.54:6881 udp
CN 113.1.88.155:57210 udp
RU 93.157.255.55:34337 udp
RU 176.52.100.105:4445 udp
KE 41.81.133.248:1554 udp
NZ 118.92.43.241:52667 udp
IE 54.194.124.68:6881 udp
BR 181.224.2.189:20025 udp
US 18.220.82.190:6881 udp
DE 139.162.168.10:6881 udp
PH 119.94.176.43:1025 udp
PH 49.145.5.248:17545 udp
US 54.214.62.55:6881 udp
CN 61.185.211.82:57210 udp
CN 117.32.139.63:20022 udp
DZ 197.202.56.118:55181 udp
RU 217.107.127.51:7946 udp
BR 177.128.66.189:61016 udp
US 18.223.137.220:6881 udp
CN 222.131.245.236:11982 udp
MX 201.145.7.27:44222 udp
BR 179.167.52.12:6881 udp
RU 178.252.105.89:26666 udp
US 72.234.195.87:6881 udp
US 74.111.96.134:6889 udp
ZA 152.110.13.127:55806 udp
CA 70.54.123.74:51000 udp
CA 174.94.13.34:51540 udp
JP 58.146.71.21:20331 udp
MX 189.230.203.160:51413 udp
NL 185.21.216.153:49483 udp
IT 79.25.203.57:6881 udp
RU 176.106.252.85:60844 udp
NL 86.81.233.98:51413 udp
CA 64.229.198.110:51413 udp
ZA 197.90.44.157:61477 udp
BG 212.21.148.185:52674 udp
US 162.0.161.12:51413 udp
CA 142.179.244.211:51413 udp
BG 78.130.208.238:41783 udp
TW 114.40.177.107:14327 udp
NL 46.232.210.213:64161 udp
NL 95.98.155.102:6999 udp
ES 77.231.14.160:29096 udp
TW 36.225.72.123:23767 udp
US 150.195.20.146:64069 udp
BG 212.233.245.162:26264 udp
LT 176.223.138.1:51413 udp
US 107.161.26.147:51413 udp
NL 95.211.140.135:28000 udp
RU 46.191.183.82:2877 udp
GB 81.96.50.232:60481 udp
KR 114.206.248.126:7649 udp
GB 86.10.66.178:6881 udp
GB 51.148.150.33:6881 udp
RU 185.106.59.102:34048 udp
NL 5.79.77.14:59945 udp
BY 86.57.193.70:4838 udp
CN 117.30.83.196:5597 udp
RU 77.220.131.243:32000 udp
RU 192.162.251.109:40535 udp
CH 81.6.60.225:53982 udp
RU 195.19.40.177:8084 udp
UA 213.200.58.16:51413 udp
DE 91.25.215.154:34847 udp
BG 87.247.248.75:7881 udp
KR 121.130.225.7:64887 udp
TW 36.224.28.95:1252 udp
DO 200.88.239.50:53250 udp
HU 92.249.162.172:49337 udp
AU 123.243.68.248:51413 udp
JP 60.65.95.3:51413 udp
FR 62.210.122.224:5270 udp
RU 46.138.29.11:1569 udp
NL 178.162.174.46:28014 udp
TW 61.30.133.44:7466 udp
KR 115.139.230.58:40922 udp
RU 79.174.34.0:44728 udp
RU 178.163.104.90:49001 udp
NL 95.211.212.31:51413 udp
SE 188.150.97.98:26187 udp
KR 218.50.49.214:7984 udp
ZA 105.233.110.207:32878 udp
FR 195.154.168.106:5370 udp
KR 175.113.104.30:51413 udp
CN 120.230.76.0:21007 udp
US 168.75.184.224:11519 udp
RU 77.50.48.205:51413 udp
RU 194.1.251.186:10641 udp
CN 123.187.27.190:9988 udp
NL 37.48.118.89:28016 udp
RU 193.201.88.12:15220 udp
FR 54.38.47.74:51413 udp
HU 94.21.106.73:59597 udp
SE 78.82.210.171:35092 udp
BG 212.39.78.40:48737 udp
NC 202.22.144.14:56881 udp
NL 169.150.223.215:64094 udp
FR 152.228.134.240:57008 udp
IN 117.204.196.245:56370 udp
US 3.132.219.151:6880 udp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
DK 131.164.162.30:49165 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons2.gvt2.com udp
CH 172.217.168.67:443 beacons2.gvt2.com tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
CN 27.202.189.192:27095 udp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
NL 185.203.56.56:52816 udp
SI 92.37.85.160:11307 udp
GB 18.244.155.17:443 askdomainad.com tcp
DE 46.4.115.66:443 img.cdn.house tcp
US 8.8.8.8:53 getrunkhomuto.info udp
US 3.160.150.67:443 getrunkhomuto.info tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
CN 122.51.10.196:6000 udp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
US 24.90.203.81:19489 udp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 8.8.8.8:53 forhavingartistic.info udp
US 172.67.189.235:443 forhavingartistic.info udp
US 172.67.189.235:443 forhavingartistic.info tcp
SG 47.246.110.42:443 ae.mmstat.com tcp
US 69.245.102.39:25799 udp
AE 217.165.193.237:49001 udp
GB 18.244.155.17:443 askdomainad.com tcp
DE 46.4.115.66:443 img.cdn.house tcp
US 3.160.150.67:443 getrunkhomuto.info tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
HU 37.76.117.233:17050 udp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
KR 119.56.249.114:41174 udp
US 54.225.185.110:443 ztjru.dwhitdoedsrag.org tcp
RU 91.132.20.129:2070 udp
BR 201.25.173.59:6881 udp
US 8.8.8.8:53 gamefabrique.com udp
US 104.21.37.165:443 gamefabrique.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
GB 142.250.200.10:443 ajax.googleapis.com udp
US 104.21.37.165:443 gamefabrique.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 d1pdf4c3hchi80.cloudfront.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
US 3.160.150.67:443 getrunkhomuto.info tcp
US 8.8.8.8:53 ghabovethec.info udp
US 172.67.189.235:443 forhavingartistic.info udp
US 8.8.8.8:53 yonatallcolum.info udp
GB 18.244.140.79:443 ghabovethec.info tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 13.224.189.63:443 yonatallcolum.info tcp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
GB 163.70.151.35:443 www.facebook.com udp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
RU 109.195.87.240:6881 udp
RO 81.196.5.110:39982 udp
GB 217.42.36.244:6881 udp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
US 13.224.189.63:443 yonatallcolum.info tcp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
US 3.160.150.67:443 getrunkhomuto.info tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
US 3.160.150.67:443 getrunkhomuto.info tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
IQ 151.236.162.35:54485 udp
IN 49.42.36.244:52450 udp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
US 13.224.189.63:443 yonatallcolum.info tcp
US 8.8.8.8:53 getrunkhomuto.info udp
GB 18.244.183.71:443 d1pdf4c3hchi80.cloudfront.net tcp
GB 18.244.140.79:443 ghabovethec.info tcp
FR 52.222.201.9:443 getrunkhomuto.info tcp
RU 85.249.173.59:8678 udp
MX 189.216.42.126:50647 udp
US 54.70.28.180:6881 udp
BR 177.130.208.181:14211 udp
US 35.163.251.58:6881 udp
US 13.58.27.33:6881 udp
AU 223.252.34.35:13502 udp
IN 223.236.34.35:32819 udp
IN 43.252.34.35:6881 udp
US 35.167.186.212:6881 udp

Files

C:\Config.Msi\f7657a4.rbs

MD5 6704d9014162b38951022a44c6a4096c
SHA1 e8bc46d1510b2d163e2252a66d8dcfc0c27dca73
SHA256 6ceea61600b2a9b2721ad82c75132f630893f584a7919434145ceb710dc8d808
SHA512 8b34a1fc185da4c754e86bbc3813b52e949950170d3bf8bd8fe0f9fdf7d67ac8d05ac5182536759ce5ead9053effac07b0b0813a1de39a7effead63bf6ffcae3

C:\Windows\Installer\f7657a2.msi

MD5 a141303fe3fd74208c1c8a1121a7f67d
SHA1 b55c286e80a9e128fbf615da63169162c08aef94
SHA256 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99
SHA512 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8

\??\pipe\crashpad_2184_DUNINTUXOSXDAKAR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 23808c76470aad381eba66da6bac4f1f
SHA1 d0714c7fd541959b9d672f51c00bbbd3ed95f61a
SHA256 7c9e2a04f996c3765c85ddd1c1941859e10f71bf9e705b9029256dbc99d554d4
SHA512 caf55e2aaab6565d1733a51939dddb83dc8c0d305cb3afb08cf01dc83b714fe1f62f65bb4b85eaf7dd6967168180643ae4c397b7b59d2efc4f22ad4ef732d050

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 adb49258b62925d6b884da526e0a323c
SHA1 c5a54358e848a095c18049bf68da1ce5f437ab80
SHA256 752ab730e92a4e0ae67ea2115cf2eb3a414ec4186c435506a86accaae25d3cfa
SHA512 a417300376e3847b048e4eeb7fd6769f3ea78e63ad90064e5bc41d483da8f3aeb7e28c21b69c5bf50b46efb0e714dad57b7659dae2031f480a95729efd644f8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9917d55e18953a1a97e7eb8b2f18d5a
SHA1 682784493085cf54e38a36aa1cf4288801917601
SHA256 62284da23f043ec9020729e16ce68dd10626e3cb8c8d0afbafeba8a94d47d69e
SHA512 4694eb280efe614269579cd1a2cf3d95939d8802ccf827b76c7eaaddfa7ce2a7c107cc189c4841bea78252b3367bd9cd2a7fe212f429e6e25bf34299cacabc51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2d0bbf250e53f3848262f21b2e5061c
SHA1 ae556acdf2cb6740341a0b807881a5c9f6f9d05a
SHA256 2cf3dd2af597d45d3d25d6f4fe306ddd0787a9cfcdf99cc6a1dc0efc88e4e5be
SHA512 4b4bc4b97167fa43d69e08c48a78580c3d813d3e57c6ae383405959a03cfef1acc1ef28f7d8adfae358470c3815a13e35a7f5c7a1c9c5795074cad419e516f36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 677637a8cf66ecbb289f92375985196a
SHA1 b656e21128c5be8530df6118b59f804d1450602f
SHA256 aed5c213e28516364ca1d426d3ef848c98f59bc314f364623b3c2aadc4384a95
SHA512 750dc65d55099e49eb71092f88e5bebc0d0de95d29d3fb95254b8dbb5dcbc1259401631d139b9b840f5dddf5115bddc2b98e9e9be95e067b6055348fefe1bfcd

C:\Users\Admin\AppData\Local\Temp\Cab1289.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar12F9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5682aaf9f1d9816e7b9f418ebc14e68b
SHA1 d02f860880fd0f6a0c52ea1c831080a23740e37a
SHA256 6e36d3a7c996a835735aa3de0285eec45ad231cc0bdffc6ec19d4f848805ecb9
SHA512 9dae98407ec61ab5c46c7c9f1b28b7f6129fd91f1b061772a6e6828aa5af540fc8859373c64f15f604b8424d1df61e64bb5b189b1b92d89544e3770b3660abed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 5ce7bdeeea547dc5e395554f1de0b179
SHA1 3dba53fa4da7c828a468d17abc09b265b664078a
SHA256 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA512 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b790024729b3dddca9325702f492d2f
SHA1 870f31a059434424a0081f7867a97ecafe936e99
SHA256 0d75a1d451a85bf2058293a6debcbfacd8f82152e8eb3ce050b88313e61b1a5a
SHA512 3b6c4949a080c97ad1d840e00c5a5ea27da3d2a27d9a3cb41b6a4ae8634f57462435851abe0a1a83c4ba53cf9d65c8a3e227f6a2d731c364bf308dcca00dd07a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 197978579686f93e8be4c8dd51852bb4
SHA1 e95f66aba493c917c15c730fa12374cded2da9b0
SHA256 4dd89cd9991e88521ea92feae9bbeb3104a14816ea9699f0feaf0bf5fb3fe19f
SHA512 917363ac853c787012ccca7d0946ee8310984d59ae29bbfa2ddf4d26b2370acf682c63d73287bcfa47071378a424dc11314e4b086e0b7d6ae8a8c07ba7656ce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07af72763a2f280cd3934fe41b563a9e
SHA1 e64523bd4431d22d5261da251ea3ae66db5ee397
SHA256 510cf52d7c3680e6d534f94849c42fe5d34ebdaa2e9174402c2d4950206a2145
SHA512 461f53b0f8235915433c8a42bd8ba8f968b0df13fa153f6cec73f03ae0b164a49327061716d550c7f53fe16f67cf6cea3d2dae86deb7af3068e2570d57de95d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0eadfcce9aeb2f768cea34765ca525fa
SHA1 3179517da67bc093c1c82692cd0528176a11a840
SHA256 6b9f5f93bc631e4f9e2e25314764c41999b7b7d375a0a03831453c6c23bfa11a
SHA512 2ea7d9ff1875ad49ed2b811774ff469b951d1441d8060f1d3bd7abc5d461b691866dca104059064a26c91875dd53d0de0d13c48261455c5fc6e450f9a25d1885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 618a1b88fa4fee2f5405c8c8cd0ebc8b
SHA1 bba8bf3a3c088d2f72b8704cad2640314e636347
SHA256 db864c002f85d045d10fcc982a7b45a800440fb63cd6076e5d9b93b7a295953e
SHA512 229cb5ea47d2c7be687f7d0d67086f89873e49303dcb9e5428efc8f9548ccc41570eda47f2d1c31e4b0f5252f62ac00883a403dbc15021a6de0b086a7d3890f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0972b971b4578bfca07828254679b648
SHA1 91269d867f7a61d85194ae9637ffb1ea9e70790c
SHA256 93284a36abd66b0ce8ed7e8f3a4fd34e7b5f00368c0c382318f6ead8c7cc3e1a
SHA512 03c9451fc39659c790bd4f36890f849ba145e7703c6a78367ce6429aa0f148edba8d9e3ff3d81bde363e60721f7e0fc1b219501cc27ee94730086e2fc92e2c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a448fd95dc7894fce3bf9e849430c878
SHA1 e7d6839ad88d8ee2666c85c18135cf4346aed916
SHA256 99e6be4740d3ce220deded341d1585a7300c2d3221e610d900f0a678661ad1a1
SHA512 650566f8418b3d9b60b0a52dbf4ce4d0238a8a128649e4b79686947c63c1b7da7d972b95381bf702074a98106579b8ccc176f980cf931a9ef5e7618ed67c7628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa4872ac865f6b14ab18e48a1118a053
SHA1 3c19e710c73aecc6424e1163fe479f2c277d0dec
SHA256 008b1ad6831aa319933bb55037d4185ff66f08546ade6a2d71830fff4e2f1999
SHA512 ecdcb2de05f1e76d9cb602a41fd00b38252570854f1ae0287cfddbfccdcc9c2de0f7b9ac8482d222efa370f2af0572f705a3646f15c0cfdc0cea6d5315b334e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae0d88278a94356af6fd5a981087abe6
SHA1 f3f7e60db0793780e3f5663acc092bfce6565eb9
SHA256 48014be32ef1f943958b1dd269d877bd2ecc09e3d1fe8e7ac55d506673edc7d0
SHA512 70212a4813be87536a91e3995a44b2892f16934171329a73f12de5077dd3fe63a65019f3f16aaaefce93bf05b12194f8fe3be401b2a3e6ae1caef9f491e4375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2f2ca2b84ec449706cec0e856ede8d3c
SHA1 3ac7c02da5ef975da8330e587ffa97ae3f2f9124
SHA256 0a2e559a7623663f862d6d8cc58bbc3dd8834c1e73b88dd1ce9257dfb9e08f54
SHA512 343931e8801beed47e6b439cbf6fe07f0bd57304e7a13b8bee1fc0777c1d4bfa7f9c6e00f3a9c927b1d3ce23d585a98816fdb40dd4768a152d12e70c8ddd80e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 55a8ad019104315aa18eff2e98aa8c0d
SHA1 46d358652df5ce0b5e2af5f7916125e3b1b8533d
SHA256 ea0e48c43ad8eb13ffb724124441b8aa61622244a8f7d015dba5fa1f0df1b776
SHA512 b2be58610b5f5bfed375520f2cbfea59e1a8af71ec18c88966d70b9a317c7893384c9c621de853af90b6bb82f39f181bd32be00966951e0a690991ba34897bd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 97641fc794adcd0870e96af789ffff94
SHA1 81000cbbd9026ea07f7c1ec387002768da511c39
SHA256 ea8624beddcbca6aad0ee8bd9f895dd519320274bec12d40a4d324b396e78103
SHA512 ba60c6941a5b7da29b033989c24eedf6125804f25ad579aea91c4c3038f73e0d71952580ce5741f085b5bd64b5a1216988393575951cae277256bf1c81abf628

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4dbf5a7acfbfbd92341c64bf5e143872
SHA1 9028d4173a71283ff92ab849db34cf3712b13de1
SHA256 222ce668c3e0c652ac2c9a416a3e6b4c8be1d0c7c205680c74c2f3a1c09379c2
SHA512 297b529bf8688dbfe16eaad7040515bd856103886d447dd4bffcc7781093020830ccd9fbf23d1d00aa9bdb563441c36b18ec2b03f30879d702c6ff71eb640938

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f60240690f5b74a8299f19a798fc8d9f
SHA1 cd3509bbd3b71b48cea41b9c60e63329d92676f9
SHA256 54f59b94701520a1edd544eb292b6958c8ab33c99871932aadcdb418b24af169
SHA512 8a9f572eef7e6594c86f6a794da4b609dc8d17b81fabd74a3a18bbbcf27973a42ef8e1566d120d53922781137d07e326f903a356bdc7d7949127da107c5b09e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd09fcdfb3446ce72cf97896c67e9fcf
SHA1 a053dac35a2039b0cc5cb4e03ad19a3c4f5ef0cf
SHA256 951b55d16262621213ee1424b0d4e25ee4da4f71caedc5d03eb243fdc67b5cbb
SHA512 ff4cceac5e66982c5ffc8e8dc4abd435edc355d8e11db1c25f45bf60d5124208357826173538f17d5f95f759b99fb5e2da2d64ab3fa35ff910eb3b81dffbc4aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a8e15f32bde8d554fa9f699add8def1
SHA1 f049b3a161f8e2417d94209e1c72ccfc9ee44dca
SHA256 20c0cbfc52ed1df2f9e07132d46b7ab951a80dea78af65cc84d1fb3c30834073
SHA512 facbc629e7756e60d5b710f6c4ef6d90461ee59f51e1de049519e1205283865a62638c991399df47f3c3aafe8390008fb94e5ffb11ed5cd77e7400e0745226ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33957554f8b53d11fff09baecc033387
SHA1 9773a9018e16e8f7d86b7019f23be6d31dcdbf52
SHA256 0be1c6d66be740b064777e0bf7551f5ec743c98acdf13b130f6a8455438f4ae2
SHA512 990639efe760fc8f6a994f9ece07f3590abcea6f2bd1d1baba73320d3648a1d98124d41b1e4f9b062d6e6f218b050ee39aa062f6cf16dd5f80727728c14b0cd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a2f41660a59eab16d05d999385398b3e
SHA1 03ae484c4931f12b00cc6dbe217fd51347ec6ea1
SHA256 5209178dc985281c24429de78776b3a0451d860aa13a61fceea32f0620aa3bd0
SHA512 d7a850accfdf8b07d72c9af465b9d6eb22cc7e727736f8ec314dfc17488df2f21e56266659ce82f86ad2c18984c086be971b5aa463bb8ce6af28b352e37a4209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 585ac11a4e8628c13c32de68f89f98d6
SHA1 bcea01f9deb8d6711088cb5c344ebd57997839db
SHA256 d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6
SHA512 76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c14514c32ddaee0942b30a98c595be4
SHA1 f32868f67d597e2029bc1cff2f7a0f514b2c2a25
SHA256 84e1a2555a3d1eb35fc7427a33f56d70c503b6af72d6f9ad3e5b8db1b0c54f1a
SHA512 215e3f0a7b90caf6f91bc8a60a0a8a54097e455ea57d595c4fb5c348237ba6e7bcdb103c484da545eb5f3aaab77c819410e4da6c614052df0ec2ae1477cf613a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f366a8e819f292702992df83a93d1266
SHA1 e2f71ded881ce7b70a2c4376d9c929bc1927e22a
SHA256 dba35473932aeb2e77a6ff24f0f0bebcc27f3f38f076a0c141ace285f090ff3a
SHA512 a5d73e21eb9e3cbd7f94f16d7d29d79addc3c43cc1a6897a2d8c1479653a92c7d8781a42adf1281c2c0fd62aa86f970809ca287172a399fb23929e8a3a4205bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03474e397060c16440d26f72af71ccb5
SHA1 ab8b7f2a14f773a7d0eb7ac6608303e751f0cb81
SHA256 cd392c083787519872bf902aaa90d828e13fb49164ebd0ae0e719b3bee22295b
SHA512 81039b040e603b0e56eb79d0044721d024e884b98b92ff055f6da9b4e97a29eca981598240ed0ff0ff0fbf2383a683a36b6b497d56c0ea6bcad4c3374d4e31d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1a59c2b75e8e416e7575d76f648b5746
SHA1 cfdca6c5ff55b8d3126342a94a96e9c355d5b5b4
SHA256 8905828d69272e24d00d6b0d1426486ce9319bce679c721957b24c891ea74b73
SHA512 92879f79b1b8beffe953e9c503e81294f71d7bd4a3ebd9ccaa1a77f5b1af5b80279e9063477f46c1b861f873df71026e1634af42f6a89c42bcb2a3a4a2a50ccd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 172a4a852a8a3625daec8406a6e63699
SHA1 8c2e9d9ca6062eed2419259c2790fa7cf86bc5cc
SHA256 f14a8d04614336ae9c67be198a2a148c34f589a1f3754767b269e6e32d110f8f
SHA512 7121836b063d76ae9516bb85fc64098dd6d100dbc5969a468c074432b13788224d00772c18cb09792fb2ac39496a2bb99bbeb14fbab6c2af3753e917e307a5f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

MD5 f782de7f00a1e90076b6b77a05fa908a
SHA1 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1
SHA256 d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968
SHA512 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7742d032d618c4903e292e47f86d111e
SHA1 f8ec1b9ff7ead89acc78cd80d4c7661051e4bb18
SHA256 648e8c0fa7ee4170f9486391d636205fc9b4d48dc5640d92ed501538331f0cf2
SHA512 658d82541029eb27021d9ed3140bbdaa48f043a0611c96a94a0547c11086a408314407cc541b1de2de0072e7d62c1d3b9f4b80df21d6151e7d74f778fbb89369

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6b1dbaff98d96fcd6fefbc3bb27df34
SHA1 701c6acc41c3c9cebf7776a5e154523c115a2369
SHA256 d6d97f0086d6b63f5a5a49d6c5b461461de11a1ce4f46b1fdbd5a12c8bdc811a
SHA512 2549d0ddbbdde3d6c86c095dabfb7568797f038a030179f72932ed1a2489cc5b55bfc4c2ed201774f3527cc7559fba10d1eed6b95d462bc5066d11ef7fc12e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3895431ae5047b34ff2d5909313f6824
SHA1 031b3e7a17aa15b9cb6669362216ead8f65c86bf
SHA256 1092bf69222ccb8e728ad2503e251815ab7777b0b715267e7e82214ddb8357f1
SHA512 5f647493715f2abaa4c6d9bc656a1720feec398456752fb4c0465deffa37722b6ccd07ab09bc0599cd98605bec37cd1d9dc41a81552370b93d782f077e04f034

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2abb72263d992b4e8136d4212787014e
SHA1 5c3a6c3de275c839f63879d1486c47328dedee0a
SHA256 ec86e3343322d361a14f171ff06c5c7037b9ab89c576022cbfd38e42e1a26bab
SHA512 fccbf8b90a9d302d3c38a09eb3539d07af7de79310951937d3fa56c49ceff88ee3ecebf2a19c5eb521f74e9b17341adebc6e8108532eeba21fff1e8391a230df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f

MD5 1e7a9bbdc9b3d1fb4e85e097ae2c5686
SHA1 b47336e3d428f19ee1b22c4f6095f0602338910b
SHA256 a0d20a867f71349352b592f68b0b38f49eabc4f27628d98cb9e5bc73b95d6be6
SHA512 d273cdf129e753b43b4cb9a59b42916f920fd299e30bf89522f88eec32e46ca01560ec34910b7a71fbc567dd3487b90f42a057f52e3ea7415dc0be36ae190d1f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf7c2f6a.TMP

MD5 71d182d55735cbb199e9f43a8fc09156
SHA1 76d5166d888db129da5b9bd98bcb563cb39e05ef
SHA256 d750d31f101ed02facaa1a53cb391a44fae7e677facf07578a504a66cf8917d2
SHA512 ab96550680b5c2c30f801e8a29f70c4054e6f8798e3ea542ec321e72fc325d23e7dd647de0b25c4b932800ca036b536ccefcf95ae3ed770993a8a95ce304dbcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7eca293fbedfc38cd9a78cf13a65755e
SHA1 5044c35713ad0f3f133068b199b5378587629888
SHA256 fed3b2818ce1d12ac190478c69cc691076e84ce6813fa1968d20d02d61e365b9
SHA512 a0963927e38c907ab7b52ebab8d0e8a40b90ccad49e366137be5c211ea41f787bb4a7f3586e25ecbfe86c2215a9fed31efb6eed0466e7ff8124e6d444dae1a56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 321eb7338ef1c925430210d295651815
SHA1 9d63d89c1130ecfe0647dac9c61fe50f5457ce5f
SHA256 e50d0e5c53fad750006c9fab8acb1df08b6ed369815b531ad982dbc6c36b1199
SHA512 3d38369482a6ea8ad85dde20c9aff598cd803d6dcd9796d3e54d94bf5954c89e5baa54981285cc39674998d3717bf569a5425fba50eea3691c8e0695df6f3a28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf9f1cf903c0a4218f5c2ba917aaa6cc
SHA1 cf957b5be1ce8a1f9691a61d61796383c8f8d472
SHA256 93fbb8e6e430f3051a817ccd74f336405008b4b3283e52d1ef45f1a7f4576165
SHA512 504d18827dd46e367fb040e2412c85ea92555ffa80cd720506628b762bdc71d061d3f8db845bb57d4dc9d60b273f8365e2e933d71eadc21a038127de088d840c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_ztjru.dwhitdoedsrag.org_0.indexeddb.leveldb\CURRENT~RFf7c3b6b.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\Downloads\Unconfirmed 420567.crdownload

MD5 6f03b0ceb9f7a1b8b40d19a70ee09406
SHA1 10e4741740a3ef1b8d43daaacfc04d33e7f8e500
SHA256 93cdbf31856d18ad4d9dc1b98f5a0adaee379009d1b21274b08204d5fb196f43
SHA512 1d11ef52164cb5f8503f4f043fac385a0dceb66cd463d7e30d163fb2f60eb83f6b477b362c5a493bdfc66538473cdfc73c7ef254b477bb34b87ae28c4ec2b50a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7def5fe585fb19a547a72281a8d1daaa
SHA1 3628c651eb9bcc0c28aa44f83e9012e96dbc6add
SHA256 e8821b868da787bcfb9c738acde06269cc6f26ea17955109501f553f1d7c0acc
SHA512 dc50f2c2b4375833042fc001067d5936d15b5d2f8a6e5cf1d20fac7d4a4b9e36aace30c842ec37ceb1612071b4c3fa0d9b9677c096f8365c46ea999bba78dbd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 726deadfedd2da43f45f49741b5e96f3
SHA1 668d79046dd18f40558411cf966fc7cc4fdb8424
SHA256 df51f09aeef3c7fd0d0854b260d4eb9d561054bc1c95f82bd234e88f62c45b31
SHA512 20cb3266694257a53db482ae9208ba6fdd5eb6c57e6a0345c9222cc00c20366816dd12ad8ebd30e40f949fee41dc9ebac591380f009d42f5d6ae0670d4a1471c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 17b5337b715fcd2975285033a2489914
SHA1 1c7056c090d6b784b911d03b838a52f15c35ce81
SHA256 bbec208097d5395a4093bce068857f281bdb575b8a3afd596d89fd9361f0c450
SHA512 4e1bf480e74f4c2735d80dfde602d71c6f87e68afd5e9b739a2dc2555396ca06a1a2ef815e6e7c8ec8827646520e5fb51117569c18ccd0c997214817efe37b8a

memory/1952-1632-0x0000000000400000-0x00000000004CC000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-K703H.tmp\RapeLay_hM-nGX1.tmp

MD5 b15059611e9b9d91dfd555ab7522e374
SHA1 d72cabba4d7269de4cea1b635b3301f4bae13f12
SHA256 02fe68b61b9ee12198e69daef4b64fe484514feed72ac020eb90abefbe6f9b60
SHA512 2d823f8d531ff5a68ed38c257eededdf3af5febc6631bd199ee1bb46373fc93e5dfefda7d336d97e67447a7e1d8da9ee54eb2cf21d42bde334c544c73c033cec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c164a77c5aa81574d8f845f8e1a95905
SHA1 9fe22bf7f7137bcc7ab7a8274b26e1d3255e103d
SHA256 fe69ef9060ba6c22ca09d09591b6586abbaae18bfb297fd8f7ee250783620d5b
SHA512 e01d7dd1dbb8fedc822919a16bd8a9bcbb605d3c5783550adfd8bea145ccf833e565b39f8bc73f426d0a1290272f05440174fe1be5a07579218a18ffe5b1b4da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c89df9e9f570f25973313171a5fe911f
SHA1 4b2bf43970aa617ca43ff04ff2789edaa39168e7
SHA256 526026d8f8b9dce0aa6e547aebd8d4dbb9827d4fee9f907b62e17b9926f6eb4a
SHA512 2bff76e7f7cad6a4939cfff9146fcb188560bd13f3d440d4d37a227f96241cbd5d90708d493cb6dbc881b58accd9ec476399fbde89136e13068f4f6c48d74c51

\Users\Admin\AppData\Local\Temp\is-D396R.tmp\zbShieldUtils.dll

MD5 b83f5833e96c2eb13f14dcca805d51a1
SHA1 9976b0a6ef3dabeab064b188d77d870dcdaf086d
SHA256 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401
SHA512 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3083ee90beb9644653dd18ff89234391
SHA1 2a562912f313d242963b0cb2709f875260feff51
SHA256 3d01ab7ab67364b503e7956e1f6ef1279852b472e60d6630c63b3e5084295ea5
SHA512 8a5b0edde3f90a2efa466694a4baeb88b85061d17ea883672f7a2e7268fa335ec4e0bfe8e291391d7e3f1e44870556d0128e27bfb67cd37438e6622efe4c4241

C:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\AVG_AV.png

MD5 aee8e80b35dcb3cf2a5733ba99231560
SHA1 7bcf9feb3094b7d79d080597b56a18da5144ca7b
SHA256 35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9
SHA512 dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976

memory/2336-1688-0x0000000003770000-0x00000000038B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b162ee7f86221a22b607da96969cdef0
SHA1 a0471c09dfa7a4dca95b3421ab7c64304464ca5e
SHA256 e65594b74abefa22aef4630854cec5458d951159fa2c822dd7f40a9ec30aa99b
SHA512 7afdc6a55efdc8e8645ac14792112e4cc5c5718490ad528af88bf1f4ecc24bbd4279cbe806b86d8e636eeef6f5e9804f035c1357b82347ad663da37a4830ab86

memory/1952-1696-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/2336-1697-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/2336-1701-0x0000000003770000-0x00000000038B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e19fe929-cd0f-4e60-8f64-741ecb3c7473.tmp

MD5 4594bdc7ec753a50f424e07d6ba36853
SHA1 8f164429f358f37405b960541c4aed3b13eab887
SHA256 83ffb64ddc4186cb1487d089e3fcb719faec7d897001da5992950c50ca4aa04a
SHA512 b4eef159c18d6e35c6da33a49ebff7793cf9cbd3b808e4fb9587ea3113e6a12ad91b5f95979f787bfbb8e1f664eac7ba8960c23f82d44b997653f9999a9fff1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30f4925fb84a12c8aa0bfc1aac3a863b
SHA1 46c003800804cd1138bb8bc6f88a8cce1be86d30
SHA256 5f80efc02a527ceb0dff78a1690c4ef13fc60477de1104b8f53074ef7c676ede
SHA512 abf0c479936f966f9c5640bd6dbf68377195fb61cbef68cc55b98209f58607b026cb4fa845d3c98a152f5cc03130edf047cb03b92743e1a4fd08bf401465e23a

\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe

MD5 22a34900ada67ead7e634eb693bd3095
SHA1 2913c78bcaaa6f4ee22b0977be72333d2077191d
SHA256 3cec1e40e8116a35aac6df3da0356864e5d14bc7687c502c7936ee9b7c1b9c58
SHA512 88d90646f047f86adf3d9fc5c04d97649b0e01bac3c973b2477bb0e9a02e97f56665b7ede1800b68edd87115aed6559412c48a79942a8c2a656dfae519e2c36f

memory/608-1729-0x00000000001C0000-0x00000000001CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 87568a672120190b94189bde936c8157
SHA1 5b1e0f80cedab6e4fe83f445ec91222ceff9f079
SHA256 6b90116e2f5f06c5a19a48bb90f9d15e7c843f936ddf87197568da71ca113d78
SHA512 084284ba44a671c8b438610c4d359daf07146abeea7466a8fe9fd1e95237311b9cfc2f8706953c6b4fc4c46f2cf6705a05a64363a6814b532a812086ab43e4f8

memory/1952-1744-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/2336-1742-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.json

MD5 5b76b0eef9af8a2300673e0553f609f9
SHA1 0b56d40c0630a74abec5398e01c6cd83263feddc
SHA256 d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817
SHA512 cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa1f2163b7aa1bf2883807be10ff228c
SHA1 5b2afc918f82affe275c1c422c47b16c878faf37
SHA256 7d1d6d5f056aae91edf442846be4835c8ca0785c470d09fbde026fb55b5bfc13
SHA512 c8363cc86dac3e16162719088a6c84ec0e825baad4979bf3772ed52a9001f104b532b828fe59d8c3110aea9ef955a5838a6f6b935bbf20b71597ed64aabed60b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4974189afa4aef61039248e6a11aa1a3
SHA1 ad17c3af09cad2fcaa00847673bb32f379414330
SHA256 a3e210aa770840bee3971308de71d111613921947c1f91f78e7bc75338e12f6f
SHA512 b2990db68d4a41b39d85ae0017c1c2193fe3b288bcba33b4797d6f8e0906f5af77e39b1bb475d319a1a9795eeb0ab29de778639ed65585524c9e23320b1be92b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16d3b5158961bc1acc03c2aefc041c4f
SHA1 3ba0716bc25ef516210f8e721c2c96b08fd4572c
SHA256 9b5e2867c292839fec7509dfb4a4a754fa338a53e7dba30a1d8836a9f97d4dfe
SHA512 92d8bbc6e851058e0eb8f732add14c2a28bb18cf01c9876e3a8171930d67cb08386655db7cf6a33ce7238b5656549482fc0f92d1d699f00d81b7c7eee232f7f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C

MD5 afae06d30a581605d00bafd66ae32680
SHA1 1c00ebaad462001822d3cc49c4ce0df57b1b9a39
SHA256 3a38a7c807def8b39da59e9f49a7a0b6fed6617417f7fe36bce213fbeb06088b
SHA512 49f258d6c103a76c5faa6740448676d3e53b73d26447218f27a82895848fe210bb099e7bb5c5517742be0a099b252ca23c201d9a3e9e4fb88f085ce42c506c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C

MD5 4ffafe74e18b35157300d55ed615d63d
SHA1 a47a9e20b9a960f70ef43b836a44354a065117a2
SHA256 c04d6aa42dc433d78c6daa9d4104c7f98efa6db66013a70ae9d7763e92675dd6
SHA512 91c1169bff92737ebfd68429b71cd871c6a1b812588ec4e432833ebb39950f31213f52f3db620009d92f4b3d3734ef25e850e3ee2955d9b290e03ddcf5f90410

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\favicon-32x32[1].png

MD5 7524dbcd4080f3251c9387b4a4cff455
SHA1 576a56ddb85d86f278016b27ac83f511dc36b82e
SHA256 55d2dcff47f9d8d2dacb9a17f076cb662fb555dd6848c9b0a8a6524c00ae7a50
SHA512 88d0013594d58ac0bc9a6c54d5a35ac1952548c938c35ff10fb1f24a5fa6e9cc23eaae5fe24ffabde99a6791d76036739baca2fd37be2d4856f24d8b828214e0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat

MD5 43b5a2b3ed14c93c15a36f3dc43ce505
SHA1 490007a8b978baf687cd5331d4f92b6839145cce
SHA256 af55a3c3a330771cbf6603a7595e3a408c0c7ca453fe77ebf8a56f6cf875e41d
SHA512 d3628cddc6b89d40c54ce7cfd9037bdde94fbe05b983b833d9ebc39b66f7a58414babb337dd60f92372a177cb7cb0649865d6408b2c0bfbcec3392e005a4ef52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74fa1f3151a0a087f8d752a16a59d814
SHA1 984c433c68388627e06db109f90dc03a85939127
SHA256 ee86fe747dc8c78b697150923292011b818c2d69d5e32cb7401b123061d18bd1
SHA512 0cd2a2dfdc55a6e738d164ec8ecd2b4c92907be324d4e1738c001acd8f7c96e90d4347c05ab224cb481fdf658b74df22d9ebd952a0a9289f367bee9a334a53f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc[1].woff

MD5 3492b91f490c0715ce743e127ab70cf8
SHA1 8c6342da3d69b5c44f530dbca25b3842fcc39337
SHA256 b78ee44977bb4716cdd8744be6a7e38d12f7128cd465ad6befec64c2fface275
SHA512 95a6b71bd94b3a454466d2a34bb0ef6fd4ff66a5cab2a73f07067c0891e5279f2d4d01957269058a822a4e02c31d37c686067fb67b806963d9dd3455348e0c28

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc[1].woff

MD5 05d0d73e537ee8cbad0f3c6f7337ba98
SHA1 c2560285df021449a4feca35fd721f5f75e670a2
SHA256 56b41c96f2538671abcf257d4f2b9a85ab6dfcf151cc2d48c664a276ec5829ce
SHA512 fa11a875d7cd63681810ccb27d87e43ab78a683f7c63abe118583896bdb95097e6ad8885a8df327145aeedcc3cfc5ba764eab5d591c0cd1516c5aadf42580770

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 337db02ce6050401fdcf84123b3ec066
SHA1 ebf1de472875f94762f69266d1c17c5e0e4b6aa1
SHA256 8b878035ac79a86e8ff79419ab2d10858ff21188ca0850a7b24064139b8f22e8
SHA512 b4414c9aabb8f8a14b1f026b13742c11690d441d4f90a64b60437b7809d0161a7211ad424e2c926bd1e278a9f91b0be77067d679a551dbaa69dbf1e9056cb4cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a810ca7c82c269526a5c437549828d3c
SHA1 25d6f58b55787a855f82a03c25d2851315947229
SHA256 77673b9364045b55f988e097f8ac79c9c7cd1c0a887866a80598dded40461113
SHA512 2648020763f7e5dad9525137a76ea8f6049ca65eb1f0dadc8c5af036486929057f01c008c52cd1aee30f38291f91da7b8451406efee0d9085aafdbe7b7a08cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8617bc055f6194fff068f45fe45abda
SHA1 4d605cf0f3e74b48b023135175722160e6cc14b0
SHA256 be1b8c645ba1ce7027f1437b2595cb94dfcdc16972abf9a50b3c490f45e08fdc
SHA512 f47af02c385ba9d7bb3df1b330b8dac6dbe943324db8618776d7c7222cc3d667b96ea54bb0058bfd47c95ebbe70b0c4e9b50fc02f874d62d141111ab393a504a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9243617cedc835b8b200ffd9f30395bd
SHA1 30f561e41281906033b181b324261520a84b69cb
SHA256 5485df88a797e4090ddd17355978f817268942c82f6655cc4209aa8cd1490edb
SHA512 8c3c2542d3eedb45dc3e490df5eab2d4b1b3869d452997c606c3e236143eae71e6b1c4240a381ae849b2abe3895c447e11f55a08851a87dd886e52fe119952ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ce46e776f10065673227b25b6a910f8
SHA1 fb23d52fc5d8f38683eef8484da759983dca2d17
SHA256 3ee65702d8823f2756e64b1c4384b99225b4f2f2fea287b65df3fed63b01b855
SHA512 77e356ad6f1c0e7ced5cf6f4ef8040cc62f2685d469d5aca252507e1a7eed93b6d7b55c8930210a76b7268e51147a25c56beb088d4eab2c7f673aed391fdddfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eaa3c25237503517a1ef4bc447813bde
SHA1 71406d98ad8345bd9693a664f642bb60d2a9b028
SHA256 4543f1ea938cc739461b1d2e1022c86fec3144f0dba214c8b69a829949af7774
SHA512 2fcc9b1ae03b67208182aafb841fcc773cf63a955feb0dbdd64ade666880c6bd5504f94d25c3514d1e83d599f60026a7ab7b220c1aa85ad586a5f0ed9e9d72ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afac5edcdcb97e3b2b0a4ca1ea3e14cb
SHA1 87b1e5bc7f32ce7547386f914437126ce37be800
SHA256 62da70495b4e0e136908ce91196958f11ebd66e3f5301e6a44e8ca45dbc85945
SHA512 66472b1ffbfbd31b4b597f04aa0bc697f856dafef27d05548592382b3dad8d31318d4ba258f8b8cf428f7063f868d41871444a464413971844f0660d8cd06803

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc4ce5ee92eb8713da64059a44373042
SHA1 8a933de2f208d63079cf42c3300838427cfa81d9
SHA256 3abb199f78566c187823017f6e01d5879bf1765dfef61b18d8dfdb072233cc3a
SHA512 2b9d35c30467eb626ccb624ab479821808bcf130aafa16d4a590cb55849265b6da9aaf3b0bcfc5f02df43901ec7d074309bce052ff4597db90c2bebf6707ca66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9567ba156f3cda979e07dc7fc99b7d2a
SHA1 7d70194bcd097f435eb15c4c9cd47fda2865e1ec
SHA256 598aa160ad06437e4c7281007d6f5afebea71dac362c6ddfb462fec0cfd262ad
SHA512 958d36b4eff64c2f14b92ffa8ebb1d61e6014d2328f571b04a160daa9dc53ea9774f491d824d8a902a2068fc0380eae491da288a8dada8f846377e48c039ae59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9bf2bacf64d8ba052139eb97e6eb5e1
SHA1 a7e9228ebb150e0803be227d91b137631f6440d4
SHA256 86aa57e6ec58f9bd6a7054779f8cc4bd2404a5ee8afad726af256a157b17bcd1
SHA512 8a7fa6f95a21e9fdd2d3fff3eb6fc07fbfd3b0b9a7646da878f6614aba652749e5e819df7634f1d720f2d2377a588bd776c62c019d5aad7c836ee41bd57f189c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f0863c6be0295e1cf22483e9175c4e2
SHA1 e6704958f1525419a6cc77ce37a2e9cfc990a9b4
SHA256 4563c5e4172759b8df76e141aef2364e87ce30781463979158aed299af1b0764
SHA512 a6cceb69bb7b21aac2134002e5ba2fad8f85420680a50b099cf7f4c508b3048ce09b2d1bc78f4531d9811b850f2aa1dd5a14462ca319c7554a977132619c3f42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9783c8c0e47576b0a5afc2c9b447684d
SHA1 148e060739b6ec009d0f370d685433f793ec1b66
SHA256 5c7f7bd016236043a81d8e410d8b3c0390363bb5a533f16e99a88af0f7b9dcdd
SHA512 4ce040912df0a43c1e1b5a36df11196068257e98476b6f1cc7fbf2b67526aaa9011510fb086e9124a7a67b8ee41d7cfc5a4777e06fef2505532cb81f812aee7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 57834594fe22a973304c340249d18590
SHA1 86d877f35b380bbfbfdbfa5413ca1626860eefdf
SHA256 b05f8e66d596decad8c265dd679c2c175e962f37eaef121b99f0d4ed06e5147f
SHA512 fbbb759924810b53cc1677f33dd14c8a59011d3c02a78d2590cb6c3aacefb55ac453f059d857fb86ff37b7cf76b30fe99999069734f3b39e4beac767c9cee0b4

C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent_new.ini

MD5 49f568c6e74670df3ac28db2a2bd8592
SHA1 58318fa9d65cf6e2dab24b85c6b2bf47a25ced35
SHA256 3721dde8defd8a0fe5129048051d42b0f5f1395698033dfd0cbd0c664afbb043
SHA512 bf0bad5c9e7a054f52454fadd510c6e5f705a97e55b64f78cfb68c3ec0e62858eb06f6c95a3eedefeff6af3e5633eec3323ead9696de2aa3daf1bb0dd8a5e665

C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.ini

MD5 36af81f09fe64bb64c28a738d65d018e
SHA1 2e2520f6fcfc6946084df9461171ae6ff329a074
SHA256 c55cbeb567e7fb6bc6b1bdded831fe9a0f19b064c8cb29874154cada4b7bc152
SHA512 a1d0b5d87f0342a53022d342507f453bd33c44998f9720b3f9f217b1b44fe8e3424c1b69bd649cf95655d8f4199d95a509a9af948c2e8fd84c454f9a0f766915

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 1ab7855c7da97684ec424f9d1ee31f1d
SHA1 44f49785f9cc64849188a68942478baecc3c9071
SHA256 68a1299309ad3b7398603400daeeed7a47a2b7e61e5c5132ef58397cbb11ebe8
SHA512 72f925968549422149792ab806ce6cc86ce0d24b2236b45019b7e504df1566892861f80449c115a04e6497104759241fa1aba4b2a0dbb69316e1c89ed01e7f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64d7011f5f43c120e047cf0e5cf7d0e4
SHA1 f4d0d339ffe1d3e5f64cba61fff65977b67458ee
SHA256 25672badaf440654a80dd94d8ca0731f132e19526f9977d657f7c32c59063efb
SHA512 744e9127c1b428a1006e01dec5c88b63b3e8853d5b9e87bea64127f068654e42752639038242c5bd49846a81c90a277fd5f53b7e5c5eaaeda39c71ecc53d34b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6a04de6185abd4f23d04469aaab63555
SHA1 6dcb063794ce71b908c62d60c277b9bd9334d885
SHA256 05d9f581e83bf35db46c321761c275d8b173236ab758c16ef30f2e8a34f93bc1
SHA512 f623eec48041b05d1a682ac1fa8845eafa4a1173f4b006038aa9f721f806556c80fd7a9021116006463c3c9e5e7e3d68729dd677d85fac543d5613eed0adac76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e654a3d5b6cd56f9a19e4251f472edd9
SHA1 e65785b538563d8c65a8674e4dc4405f62e8a6ce
SHA256 f6d95f87ccb2e91b8cd1fc974a06bde290d86a6d408e103a909e1b5fadb5ced3
SHA512 edb37113d9bbd15224b3d35ba5a7714c2693acd4309c5cc90af30aa13cba920567d54f1f1cfd61498120d1df5b2b3078cffdc6f6764b128a0da87273b31894b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ff861f22-9d36-4c6f-b958-90a213bdeac3.tmp

MD5 1cd8283edd86a85d93c23161f9bb85c5
SHA1 8f80ffe1938b8ba9dddccf683cacdce4ea599b1b
SHA256 2ca02caf9fb15fb81397d97fe094c65e1938ce53fa2d39d7075aa9d9693e93ba
SHA512 716ecfcbf73e26af357feba7ff48e6eacf16793bac5c95f9fe8d4b7238feda08c6f1f386a0dcd3411de0b72cfce3d7e36be6276c7d9ac810e2704c4a51671d63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0af75bc5b1b63ec9090ebed9333486a9
SHA1 61c9a67a59cc976901a85e6db5191225107a52ae
SHA256 7ebe4ee6ab691a14de461c720d605ed3d31b8ea83600c7ad4436ac46111e9d1e
SHA512 fc743e02043f7edef6536c7eadd2fe35d0e66169c7ae1af68984678a87979b2106dab4951577cfaa86c4f6b5b2f026abf2adc000db4edffe722c7da689ea9856

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fca8af0dc8436b9952fdf961f8c7f401
SHA1 ac194f887a84a4538985ece94daf59cea48fe65b
SHA256 477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9
SHA512 ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 79efc86c875d88620ce3ed3b68b7ef94
SHA1 89592cedacd93c8101738e0b838676d07d48e701
SHA256 42739313a7472c62768ac4c96b7c05da0bfaa86fce5b8e3d98fa7a0202172fb6
SHA512 972f936693d985f1831308d263f89a81bcc73e09da0743da71bd68ab521d4ca9f4a6d1dcdb7d1395598ae2291defa52d514dff8d7c6b5a3fa7c9735695db2ee0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 0b3a94b703a28b9c8b05e16337ab0ff0
SHA1 6d9eafedf188b4ea35be690f670ca7ad3e4395d8
SHA256 4450116c559bfdb6f8c799f62ae04bd670c782c6b08d6d32bf7c8228de65820a
SHA512 0b4050f03aa4b87c9aaac09669a856f7f486cd73dd5a4206d9ac1b9a094d73cdf5267fd4d8671a6104bfde15598cb2529368e03012468055421f6f0498bd15c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 e0fac9516b58f5257a239149cfd621e8
SHA1 96eebb847bb5b1b3d408d471eea90a771d9b2452
SHA256 23e116c9f36855b3f7a86ea1e4a6a32333e59bec8f2eb6833be4645a28e9ce9c
SHA512 56b1613ecad2703003d5ec42e7c178d59e39b7c821a06651ebcd5dea27571eb6fef7a84b9822cf79284249d937e6bcfcaf668a723407f321e00fa5a0768b5a61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 3847ecd364bc8a3650673e2c85d55add
SHA1 f40a8723d0470bf5f81fee1a78067a6b7e7184f3
SHA256 14e0e682d9d1e679cdf73016bb64e6c73ec45ecaaad04b8e69a113091851c263
SHA512 18695de9966088c612b65118586639581ff4a57ea78017116629f013af1d1744a03aaaf5c581d4d85b1cbbdaa0750735b1d2eb2e37a74a0600f27ceb5e761ba0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000130

MD5 ca45f8643e8ef1308d315dabad653b8c
SHA1 16a48ca5b2395d2ff7e74d0195b325637ca0d80a
SHA256 7f7dd184575ccc53e80e77b647233a48246e1d161f89e3cef5b8cc462005e7cb
SHA512 0af5a62158885a0cc8a071efc7873e30930b40d31eef6f28a619a70501d9b6e8b142ecbc14c433d6a1c33e75c761581f589078a779312d2d88d645d6a67d3396

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000137

MD5 a4e28019d7d74fc9073d1a5d4d4c6aa9
SHA1 17c04a6f5cf650853fbb9131ec4c3ceca15fe08e
SHA256 04f41f04c77b9440c88458f8cfa1389b81002b7370b1b0e670451608ae831cc1
SHA512 d329107ef49950c6020e5165c5526d9b043b1b02483cd8e718f42168d64afc17f9a3fa0a5d861cd3fc2cb4a8b0e43fe49d8e8ada13d3e0f3a3f530cb2be5a5d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000136

MD5 e753f1768510d0e072240463a033c245
SHA1 ae75931d937f5d0535032821a77c0302f795065c
SHA256 1e4e4068d57f3901d103110f9f156bf1a0ec9c15c3c27a4ea0025a1d9e7a46c5
SHA512 cc5b35b748781bc6056d0371f6a02f67d02141e8325602c1daf37df2c91bbe57f3ee056a42bc836b67bd9b71a6ae187f2d5cd1631c1bf0f1a110265ea254c384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000141

MD5 d0a021c4cb77800df58bb328d00364ef
SHA1 759c27fdce867b945fda8ba1b4659aeb66fc0926
SHA256 3dbf1d0cf2d87ce50196e64f7a2213c5a0b8547d947c0b25ff34c9751e71fb32
SHA512 efeafc978a9ab560acd79294db5d1a5929cf499bb70b6b1349b58673210ea4d20041501cf280c965aac925a4de3c4e64fc67e99d97275c1722663c91262b7a93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017e

MD5 f90d620814fccc82ff320a1430b8f2af
SHA1 b060f9d869b9a69bf3f8a64952248fe7dc159d0a
SHA256 c27b7f5b1f89d3831d32d3f064765787a04956a29beacd76442fa002e34b9ae8
SHA512 6a8c88d0f7efc5b00ecdad4ba95a2a59869f6166cea68f3a7d8762a5b0b66ce5d5edd5d0578e51e3e88eddc9449c9bce4f1d73ccc14436226e0c4a8b36a15ea7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00018f

MD5 ecd8e509a29165de08369d0b26dd42a4
SHA1 ef7f9bf323fd4bf996de6d5ab434f3ab0f207562
SHA256 7d22b7c0cbf0cf912b92948a9ba8a652a4e9e5f908a29789737b40eaf0ade4ba
SHA512 ce51270d26ef2d322bc3737f6dadedcb9d3c6565f81e5f1796fad5459b51f41b8e78759f7eab2d9862503f25368b47a96f85389a32ce76d0a724efad73656c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c4609e4e631cfcbd81b20d5d9947c3c1
SHA1 284a889522feb50d1d449fccc9f07341400216d8
SHA256 d2890f268f17ef9b2167a7d198bd9b1006a3b4135d35b3b08a679d6a2cb353be
SHA512 2550ec240a7e78257125879e9465b7f8ee407f66b46e91526759213d47ec50fb494857fe806c666c39c1d077bc801a7d48130328e53799d8885e5676c64d479f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1dda48cc39ebce085c7a16588b2a5184
SHA1 c5b66201629042ac038ea4a048932618ac57ad1c
SHA256 bf869b5339b4a8acf6e641ff7b5fec83cc0cbb772649ed7f645080457a6d7bec
SHA512 60863b629a967358abebbe1d7aaadcab174c696f326b4aa6cfe6b48758bdeda35851b0060fc47af6683d6ff8f87bebd4d065a0d753b3147687c21d5aac8df6f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c8cd236c0f9d9553f37030c895afea5c
SHA1 d0caf6576a79968a88831559cb0cd37c31577d69
SHA256 179f4ac61d62bb6f76c20a5bdea9523be1ae66330de46c9b12c02681cf7a762f
SHA512 ae25d32295048ac5f63712dab507a040444e827b5f291a2fa4796d321181490ae4e5cc086d3cfb46fa7fd8ad6c3ba3187b31d47c75724cdd98ed1c5372c7a180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 978436bb2ec2efbf502094638953afab
SHA1 8182c82113ce348821379836ecb3a9fe718c35eb
SHA256 ca096c037780dc67e67d3b21720e8bcb6191863b877ccddc328ede0b9c3b05cf
SHA512 ab58de351fa1b68ac0d90ecf277d0ff4e518d29ab05ec505181348567419cd31d3d11c102f41f8640b28bae51f780c4938f4e324b00ca44367a27af0679f7fb9

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 07:02

Reported

2024-05-10 07:33

Platform

win10v2004-20240426-en

Max time kernel

1387s

Max time network

1179s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2401.msi

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2401.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A