Analysis Overview
SHA256
1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99
Threat Level: Known bad
The file 7z2401.msi was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Enumerates connected drives
Modifies Windows Firewall
Drops file in Program Files directory
Drops file in Windows directory
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 07:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 07:02
Reported
2024-05-10 07:13
Platform
win7-20240419-en
Max time kernel
275s
Max time network
617s
Command Line
Signatures
PrivateLoader
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\7-Zip\Lang\fur.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\eu.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\si.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.sfx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\en.ttt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\gu.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\id.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ta.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ne.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\da.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\eo.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\gl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lij.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7zCon.sfx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ky.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ru.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7-zip.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\cs.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sa.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ug.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\af.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\io.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lv.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ro.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\History.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\de.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ps.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\is.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pt.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7-zip.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ca.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\cy.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\va.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\descript.ion | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sq.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\et.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\uz.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\kk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pa-in.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ga.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hy.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tt.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\yo.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hu.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ka.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mng2.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\an.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ext.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sv.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sw.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fa.txt | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f7657a3.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f7657a2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7657a7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7657a3.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7657a2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI588C.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Complete | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\PackageName = "7z2401.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Version = "402718720" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Program = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\PackageCode = "96F071321C0410724210000020000000" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\LanguageFiles = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\ProductName = "7-Zip 24.01" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2401.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003D4" "0000000000000594"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4a99758,0x7fef4a99768,0x7fef4a99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3772 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=816 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2324 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2336 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3952 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4064 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4248 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2600 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3968 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4228 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4220 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4352 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2332 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4468 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4496 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4448 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4940 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Users\Admin\Downloads\RapeLay_hM-nGX1.exe
"C:\Users\Admin\Downloads\RapeLay_hM-nGX1.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-K703H.tmp\RapeLay_hM-nGX1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-K703H.tmp\RapeLay_hM-nGX1.tmp" /SL5="$110178,13564377,780800,C:\Users\Admin\Downloads\RapeLay_hM-nGX1.exe"
C:\Windows\SysWOW64\netsh.exe
"netsh" firewall add allowedprogramC:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe "qBittorrent" ENABLE
C:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe
"C:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe" magnet:?xt=urn:btih:14FCB2E55188541ED55ACF6D89C2800F8033C187
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.fosshub.com/qBittorrent.html?dwl=qbittorrent_4.6.4_x64_setup.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4816 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4396 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4088 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4260 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4732 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4812 --field-trial-handle=1400,i,997032029731185669,208200969132622202,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | gamefabrique.com | udp |
| US | 172.67.210.149:443 | gamefabrique.com | tcp |
| US | 172.67.210.149:443 | gamefabrique.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 172.67.210.149:443 | gamefabrique.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | d1pdf4c3hchi80.cloudfront.net | udp |
| GB | 18.244.183.189:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | forhavingartistic.info | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | yonatallcolum.info | udp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 104.21.10.43:443 | forhavingartistic.info | tcp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| GB | 18.245.218.128:443 | yonatallcolum.info | tcp |
| GB | 18.244.183.189:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| ES | 142.250.178.163:443 | id.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 172.67.210.149:443 | gamefabrique.com | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 104.21.10.43:443 | forhavingartistic.info | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | av.prod.archive.org | udp |
| US | 207.241.239.241:443 | av.prod.archive.org | tcp |
| US | 8.8.8.8:53 | ia600504.us.archive.org | udp |
| US | 207.241.227.184:443 | ia600504.us.archive.org | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | m.happymod.com | udp |
| US | 104.21.64.156:443 | m.happymod.com | tcp |
| US | 104.21.64.156:443 | m.happymod.com | tcp |
| US | 8.8.8.8:53 | image.winudf.com | udp |
| US | 104.21.64.156:443 | m.happymod.com | udp |
| US | 104.26.9.22:443 | image.winudf.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | f95zone.to | udp |
| BZ | 190.115.31.182:443 | f95zone.to | tcp |
| BZ | 190.115.31.182:443 | f95zone.to | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | assets.mediacandy.ai | udp |
| US | 172.67.202.37:443 | assets.mediacandy.ai | tcp |
| BZ | 190.115.31.182:443 | f95zone.to | tcp |
| US | 172.67.202.37:443 | assets.mediacandy.ai | tcp |
| US | 172.67.202.37:443 | assets.mediacandy.ai | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 172.67.202.37:443 | assets.mediacandy.ai | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c73.gcp.gvt2.com | udp |
| PL | 34.0.245.166:443 | e2c73.gcp.gvt2.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| BZ | 190.115.31.182:443 | f95zone.to | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 172.67.202.37:443 | assets.mediacandy.ai | tcp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 8.8.8.8:53 | attachments.f95zone.to | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| NL | 209.237.141.109:443 | attachments.f95zone.to | tcp |
| NL | 209.237.141.109:443 | attachments.f95zone.to | tcp |
| NL | 209.237.141.109:443 | attachments.f95zone.to | tcp |
| NL | 209.237.141.109:443 | attachments.f95zone.to | tcp |
| NL | 209.237.141.109:443 | attachments.f95zone.to | tcp |
| NL | 209.237.141.109:443 | attachments.f95zone.to | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| CH | 172.217.168.67:443 | beacons2.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| CH | 172.217.168.67:443 | beacons2.gvt2.com | udp |
| BZ | 190.115.31.182:443 | f95zone.to | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6nsr.gvt1.com | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.gvt1.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| CH | 172.217.168.67:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 104.21.64.156:443 | m.happymod.com | udp |
| US | 104.21.64.156:443 | m.happymod.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c46.gcp.gvt2.com | udp |
| BR | 35.215.235.162:443 | e2c46.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c56.gcp.gvt2.com | udp |
| ES | 34.0.206.140:443 | e2c56.gcp.gvt2.com | tcp |
| CH | 172.217.168.67:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | i.happymod.com | udp |
| US | 104.21.64.156:443 | i.happymod.com | tcp |
| US | 104.21.64.156:443 | i.happymod.com | tcp |
| US | 104.21.64.156:443 | i.happymod.com | tcp |
| US | 104.21.64.156:443 | i.happymod.com | tcp |
| US | 104.21.64.156:443 | i.happymod.com | tcp |
| US | 104.21.64.156:443 | i.happymod.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | ia800504.us.archive.org | udp |
| US | 207.241.230.54:443 | ia800504.us.archive.org | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 207.241.227.184:443 | ia600504.us.archive.org | tcp |
| US | 172.67.210.149:443 | gamefabrique.com | udp |
| US | 172.67.210.149:443 | gamefabrique.com | tcp |
| US | 104.21.10.43:443 | forhavingartistic.info | udp |
| US | 104.21.10.43:443 | forhavingartistic.info | tcp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d2k42xg1i2ns90.cloudfront.net | udp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| GB | 18.239.238.54:443 | d2k42xg1i2ns90.cloudfront.net | tcp |
| GB | 18.239.238.54:443 | d2k42xg1i2ns90.cloudfront.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | ztjru.dwhitdoedsrag.org | udp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| US | 8.8.8.8:53 | file.myfontastic.com | udp |
| DE | 116.202.16.124:443 | file.myfontastic.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| DE | 116.202.16.124:443 | file.myfontastic.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 163.181.154.234:443 | g.alicdn.com | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | ae04.alicdn.com | udp |
| US | 8.8.8.8:53 | time-ae.akamaized.net | udp |
| US | 2.18.190.82:443 | time-ae.akamaized.net | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 163.181.154.234:443 | g.alicdn.com | tcp |
| US | 163.181.154.234:443 | g.alicdn.com | tcp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | login.aliexpress.ru | udp |
| US | 8.8.8.8:53 | login.aliexpress.us | udp |
| NL | 23.62.61.58:443 | ae04.alicdn.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| DE | 47.246.146.200:443 | acs.aliexpress.com | tcp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| RU | 47.246.133.88:443 | login.aliexpress.ru | tcp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | fourier.aliexpress.com | udp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| DE | 47.246.146.223:443 | fourier.aliexpress.com | tcp |
| US | 8.8.8.8:53 | login.aliexpress.com | udp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| DE | 47.246.146.12:443 | wp.aliexpress.com | tcp |
| BE | 104.68.85.7:443 | login.aliexpress.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | de-wum.aliexpress.com | udp |
| US | 8.8.8.8:53 | img.alicdn.com | udp |
| DE | 47.246.146.193:443 | us.ynuf.aliapp.org | tcp |
| DE | 47.246.146.200:443 | acs.aliexpress.com | tcp |
| US | 163.181.154.234:443 | img.alicdn.com | tcp |
| US | 163.181.154.234:443 | img.alicdn.com | tcp |
| US | 163.181.154.234:443 | img.alicdn.com | tcp |
| US | 8.8.8.8:53 | 45wgq3.tdum.alibaba.com | udp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| DE | 47.246.146.223:443 | fourier.aliexpress.com | tcp |
| US | 8.8.8.8:53 | pcookie.aliexpress.com | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| DE | 47.254.175.252:443 | 45wgq3.tdum.alibaba.com | tcp |
| US | 47.246.136.175:443 | pcookie.aliexpress.com | tcp |
| US | 47.246.136.175:443 | pcookie.aliexpress.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | d3aqanlsy9rdqp.cloudfront.net | udp |
| GB | 108.156.32.198:443 | d3aqanlsy9rdqp.cloudfront.net | tcp |
| DE | 47.246.146.193:443 | us.ynuf.aliapp.org | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| GB | 108.156.32.198:443 | d3aqanlsy9rdqp.cloudfront.net | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | dht.libtorrent.org | udp |
| N/A | 10.127.0.1:5351 | udp | |
| US | 8.8.8.8:53 | download.db-ip.com | udp |
| US | 8.8.8.8:53 | router.bittorrent.com | udp |
| US | 8.8.8.8:53 | router.utorrent.com | udp |
| US | 104.26.5.15:443 | download.db-ip.com | tcp |
| US | 8.8.8.8:53 | dht.transmissionbt.com | udp |
| US | 8.8.8.8:53 | dht.aelitis.com | udp |
| US | 34.229.89.117:6881 | dht.aelitis.com | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| IS | 82.221.103.244:6881 | router.utorrent.com | udp |
| FR | 87.98.162.88:6881 | dht.transmissionbt.com | udp |
| SE | 185.157.221.247:25401 | dht.libtorrent.org | udp |
| RU | 178.71.33.7:44307 | udp | |
| RU | 95.190.74.255:6881 | udp | |
| HU | 176.77.152.87:61382 | udp | |
| DZ | 105.99.69.54:6881 | udp | |
| CN | 183.134.38.18:6890 | udp | |
| GB | 94.13.84.31:27375 | udp | |
| NL | 178.162.173.149:28001 | udp | |
| KR | 211.194.234.13:33316 | udp | |
| FR | 91.121.75.217:58004 | udp | |
| IT | 93.33.22.87:49453 | udp | |
| HU | 217.116.43.47:49011 | udp | |
| KR | 211.119.72.223:21402 | udp | |
| TR | 176.232.224.127:34148 | udp | |
| US | 8.8.8.8:53 | www.fosshub.com | udp |
| NL | 45.136.230.98:55935 | udp | |
| NL | 46.232.211.130:18159 | udp | |
| NL | 45.158.186.49:12565 | udp | |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| CA | 51.79.69.9:10291 | udp | |
| ZA | 196.210.28.235:63641 | udp | |
| US | 70.110.28.198:6881 | udp | |
| US | 47.160.101.36:50288 | udp | |
| CN | 223.109.185.81:6889 | udp | |
| ES | 193.177.211.14:33655 | udp | |
| BG | 89.106.97.184:59193 | udp | |
| ZA | 197.89.62.106:24388 | udp | |
| CA | 135.19.185.23:38331 | udp | |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | cdn.thisiswaldo.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| US | 104.20.227.61:443 | www.fosshub.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| GB | 18.245.218.122:443 | cdn.thisiswaldo.com | tcp |
| CN | 42.230.213.231:11268 | udp | |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.fosshub.com | udp |
| US | 104.20.227.61:443 | api.fosshub.com | tcp |
| US | 8.8.8.8:53 | download.fosshub.com | udp |
| US | 205.234.175.175:443 | download.fosshub.com | tcp |
| US | 205.234.175.175:443 | download.fosshub.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | askdomainad.com | udp |
| GB | 18.244.155.17:443 | askdomainad.com | tcp |
| US | 8.8.8.8:53 | img.cdn.house | udp |
| DE | 46.4.115.66:443 | img.cdn.house | tcp |
| DE | 46.4.115.66:443 | img.cdn.house | tcp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| RU | 5.44.7.118:2079 | udp | |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| BE | 104.68.85.7:443 | www.aliexpress.com | tcp |
| N/A | 239.192.152.143:6771 | udp | |
| NL | 212.7.202.40:28030 | udp | |
| TH | 122.155.0.70:10388 | udp | |
| RU | 5.182.25.156:8080 | udp | |
| NL | 178.162.173.217:28007 | udp | |
| FR | 195.154.172.169:24367 | udp | |
| KR | 121.137.59.15:7504 | udp | |
| PL | 89.64.3.96:9662 | udp | |
| CA | 157.208.36.157:22529 | udp | |
| US | 159.203.72.134:51413 | udp | |
| JP | 131.147.3.41:17179 | udp | |
| NL | 46.232.210.129:20259 | udp | |
| FI | 65.21.128.232:50000 | udp | |
| FR | 54.38.47.95:21019 | udp | |
| NL | 89.149.200.93:28005 | udp | |
| FR | 195.154.181.225:54969 | udp | |
| DE | 213.136.79.238:51430 | udp | |
| MX | 177.245.153.102:5685 | udp | |
| NL | 45.91.209.19:50838 | udp | |
| US | 3.141.48.235:6880 | udp | |
| MX | 177.245.152.30:8165 | udp | |
| JP | 180.94.207.248:16913 | udp | |
| JP | 138.64.96.181:54230 | udp | |
| UA | 176.111.181.112:11296 | udp | |
| US | 71.105.62.182:6881 | udp | |
| PL | 89.191.226.71:32000 | udp | |
| HK | 42.2.84.115:14454 | udp | |
| NO | 84.52.226.24:6881 | udp | |
| KR | 61.255.228.98:60507 | udp | |
| MX | 187.251.110.220:37430 | udp | |
| RU | 95.25.160.86:35349 | udp | |
| CA | 65.95.166.129:50321 | udp | |
| KR | 59.4.72.3:40911 | udp | |
| FI | 95.216.100.173:34917 | udp | |
| RU | 95.71.195.47:14991 | udp | |
| KZ | 95.57.235.40:22947 | udp | |
| US | 69.16.145.126:6881 | udp | |
| RU | 78.110.151.57:38277 | udp | |
| CN | 121.8.25.9:51413 | udp | |
| RU | 37.146.76.55:20633 | udp | |
| MY | 14.192.208.126:19019 | udp | |
| PH | 49.148.249.161:51905 | udp | |
| US | 66.76.243.130:50399 | udp | |
| US | 84.239.7.11:57679 | udp | |
| KR | 84.247.102.9:36055 | udp | |
| KR | 84.247.102.9:50338 | udp | |
| SG | 86.48.10.42:21862 | udp | |
| RU | 89.148.235.68:45682 | udp | |
| DE | 91.7.0.129:63123 | udp | |
| SE | 95.140.186.37:4934 | udp | |
| SG | 103.252.201.68:53219 | udp | |
| TH | 110.169.231.211:1286 | udp | |
| PH | 136.158.57.249:20837 | udp | |
| US | 146.70.115.139:62775 | udp | |
| CA | 174.116.204.76:15982 | udp | |
| ID | 182.253.89.72:21706 | udp | |
| ID | 182.253.89.72:45561 | udp | |
| CA | 184.75.221.171:15982 | udp | |
| NL | 185.162.184.13:56839 | udp | |
| NO | 185.243.217.228:30002 | udp | |
| NL | 188.227.86.220:45682 | udp | |
| BR | 207.248.5.252:18453 | udp | |
| PH | 210.23.169.79:58613 | udp | |
| KR | 220.72.131.167:13328 | udp | |
| BR | 43.135.195.47:60021 | udp | |
| DE | 51.75.78.69:6893 | udp | |
| NL | 195.170.172.38:10240 | udp | |
| FI | 65.108.78.54:6881 | udp | |
| CN | 113.1.88.155:57210 | udp | |
| RU | 93.157.255.55:34337 | udp | |
| RU | 176.52.100.105:4445 | udp | |
| KE | 41.81.133.248:1554 | udp | |
| NZ | 118.92.43.241:52667 | udp | |
| IE | 54.194.124.68:6881 | udp | |
| BR | 181.224.2.189:20025 | udp | |
| US | 18.220.82.190:6881 | udp | |
| DE | 139.162.168.10:6881 | udp | |
| PH | 119.94.176.43:1025 | udp | |
| PH | 49.145.5.248:17545 | udp | |
| US | 54.214.62.55:6881 | udp | |
| CN | 61.185.211.82:57210 | udp | |
| CN | 117.32.139.63:20022 | udp | |
| DZ | 197.202.56.118:55181 | udp | |
| RU | 217.107.127.51:7946 | udp | |
| BR | 177.128.66.189:61016 | udp | |
| US | 18.223.137.220:6881 | udp | |
| CN | 222.131.245.236:11982 | udp | |
| MX | 201.145.7.27:44222 | udp | |
| BR | 179.167.52.12:6881 | udp | |
| RU | 178.252.105.89:26666 | udp | |
| US | 72.234.195.87:6881 | udp | |
| US | 74.111.96.134:6889 | udp | |
| ZA | 152.110.13.127:55806 | udp | |
| CA | 70.54.123.74:51000 | udp | |
| CA | 174.94.13.34:51540 | udp | |
| JP | 58.146.71.21:20331 | udp | |
| MX | 189.230.203.160:51413 | udp | |
| NL | 185.21.216.153:49483 | udp | |
| IT | 79.25.203.57:6881 | udp | |
| RU | 176.106.252.85:60844 | udp | |
| NL | 86.81.233.98:51413 | udp | |
| CA | 64.229.198.110:51413 | udp | |
| ZA | 197.90.44.157:61477 | udp | |
| BG | 212.21.148.185:52674 | udp | |
| US | 162.0.161.12:51413 | udp | |
| CA | 142.179.244.211:51413 | udp | |
| BG | 78.130.208.238:41783 | udp | |
| TW | 114.40.177.107:14327 | udp | |
| NL | 46.232.210.213:64161 | udp | |
| NL | 95.98.155.102:6999 | udp | |
| ES | 77.231.14.160:29096 | udp | |
| TW | 36.225.72.123:23767 | udp | |
| US | 150.195.20.146:64069 | udp | |
| BG | 212.233.245.162:26264 | udp | |
| LT | 176.223.138.1:51413 | udp | |
| US | 107.161.26.147:51413 | udp | |
| NL | 95.211.140.135:28000 | udp | |
| RU | 46.191.183.82:2877 | udp | |
| GB | 81.96.50.232:60481 | udp | |
| KR | 114.206.248.126:7649 | udp | |
| GB | 86.10.66.178:6881 | udp | |
| GB | 51.148.150.33:6881 | udp | |
| RU | 185.106.59.102:34048 | udp | |
| NL | 5.79.77.14:59945 | udp | |
| BY | 86.57.193.70:4838 | udp | |
| CN | 117.30.83.196:5597 | udp | |
| RU | 77.220.131.243:32000 | udp | |
| RU | 192.162.251.109:40535 | udp | |
| CH | 81.6.60.225:53982 | udp | |
| RU | 195.19.40.177:8084 | udp | |
| UA | 213.200.58.16:51413 | udp | |
| DE | 91.25.215.154:34847 | udp | |
| BG | 87.247.248.75:7881 | udp | |
| KR | 121.130.225.7:64887 | udp | |
| TW | 36.224.28.95:1252 | udp | |
| DO | 200.88.239.50:53250 | udp | |
| HU | 92.249.162.172:49337 | udp | |
| AU | 123.243.68.248:51413 | udp | |
| JP | 60.65.95.3:51413 | udp | |
| FR | 62.210.122.224:5270 | udp | |
| RU | 46.138.29.11:1569 | udp | |
| NL | 178.162.174.46:28014 | udp | |
| TW | 61.30.133.44:7466 | udp | |
| KR | 115.139.230.58:40922 | udp | |
| RU | 79.174.34.0:44728 | udp | |
| RU | 178.163.104.90:49001 | udp | |
| NL | 95.211.212.31:51413 | udp | |
| SE | 188.150.97.98:26187 | udp | |
| KR | 218.50.49.214:7984 | udp | |
| ZA | 105.233.110.207:32878 | udp | |
| FR | 195.154.168.106:5370 | udp | |
| KR | 175.113.104.30:51413 | udp | |
| CN | 120.230.76.0:21007 | udp | |
| US | 168.75.184.224:11519 | udp | |
| RU | 77.50.48.205:51413 | udp | |
| RU | 194.1.251.186:10641 | udp | |
| CN | 123.187.27.190:9988 | udp | |
| NL | 37.48.118.89:28016 | udp | |
| RU | 193.201.88.12:15220 | udp | |
| FR | 54.38.47.74:51413 | udp | |
| HU | 94.21.106.73:59597 | udp | |
| SE | 78.82.210.171:35092 | udp | |
| BG | 212.39.78.40:48737 | udp | |
| NC | 202.22.144.14:56881 | udp | |
| NL | 169.150.223.215:64094 | udp | |
| FR | 152.228.134.240:57008 | udp | |
| IN | 117.204.196.245:56370 | udp | |
| US | 3.132.219.151:6880 | udp | |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| DK | 131.164.162.30:49165 | udp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| CH | 172.217.168.67:443 | beacons2.gvt2.com | udp |
| CH | 172.217.168.67:443 | beacons2.gvt2.com | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| CN | 27.202.189.192:27095 | udp | |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| NL | 185.203.56.56:52816 | udp | |
| SI | 92.37.85.160:11307 | udp | |
| GB | 18.244.155.17:443 | askdomainad.com | tcp |
| DE | 46.4.115.66:443 | img.cdn.house | tcp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 3.160.150.67:443 | getrunkhomuto.info | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| CN | 122.51.10.196:6000 | udp | |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| US | 24.90.203.81:19489 | udp | |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | forhavingartistic.info | udp |
| US | 172.67.189.235:443 | forhavingartistic.info | udp |
| US | 172.67.189.235:443 | forhavingartistic.info | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 69.245.102.39:25799 | udp | |
| AE | 217.165.193.237:49001 | udp | |
| GB | 18.244.155.17:443 | askdomainad.com | tcp |
| DE | 46.4.115.66:443 | img.cdn.house | tcp |
| US | 3.160.150.67:443 | getrunkhomuto.info | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| HU | 37.76.117.233:17050 | udp | |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| KR | 119.56.249.114:41174 | udp | |
| US | 54.225.185.110:443 | ztjru.dwhitdoedsrag.org | tcp |
| RU | 91.132.20.129:2070 | udp | |
| BR | 201.25.173.59:6881 | udp | |
| US | 8.8.8.8:53 | gamefabrique.com | udp |
| US | 104.21.37.165:443 | gamefabrique.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | udp |
| US | 104.21.37.165:443 | gamefabrique.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | d1pdf4c3hchi80.cloudfront.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 3.160.150.67:443 | getrunkhomuto.info | tcp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 172.67.189.235:443 | forhavingartistic.info | udp |
| US | 8.8.8.8:53 | yonatallcolum.info | udp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 13.224.189.63:443 | yonatallcolum.info | tcp |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| RU | 109.195.87.240:6881 | udp | |
| RO | 81.196.5.110:39982 | udp | |
| GB | 217.42.36.244:6881 | udp | |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| US | 13.224.189.63:443 | yonatallcolum.info | tcp |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| US | 3.160.150.67:443 | getrunkhomuto.info | tcp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| US | 3.160.150.67:443 | getrunkhomuto.info | tcp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| IQ | 151.236.162.35:54485 | udp | |
| IN | 49.42.36.244:52450 | udp | |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| US | 13.224.189.63:443 | yonatallcolum.info | tcp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| GB | 18.244.183.71:443 | d1pdf4c3hchi80.cloudfront.net | tcp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| FR | 52.222.201.9:443 | getrunkhomuto.info | tcp |
| RU | 85.249.173.59:8678 | udp | |
| MX | 189.216.42.126:50647 | udp | |
| US | 54.70.28.180:6881 | udp | |
| BR | 177.130.208.181:14211 | udp | |
| US | 35.163.251.58:6881 | udp | |
| US | 13.58.27.33:6881 | udp | |
| AU | 223.252.34.35:13502 | udp | |
| IN | 223.236.34.35:32819 | udp | |
| IN | 43.252.34.35:6881 | udp | |
| US | 35.167.186.212:6881 | udp |
Files
C:\Config.Msi\f7657a4.rbs
| MD5 | 6704d9014162b38951022a44c6a4096c |
| SHA1 | e8bc46d1510b2d163e2252a66d8dcfc0c27dca73 |
| SHA256 | 6ceea61600b2a9b2721ad82c75132f630893f584a7919434145ceb710dc8d808 |
| SHA512 | 8b34a1fc185da4c754e86bbc3813b52e949950170d3bf8bd8fe0f9fdf7d67ac8d05ac5182536759ce5ead9053effac07b0b0813a1de39a7effead63bf6ffcae3 |
C:\Windows\Installer\f7657a2.msi
| MD5 | a141303fe3fd74208c1c8a1121a7f67d |
| SHA1 | b55c286e80a9e128fbf615da63169162c08aef94 |
| SHA256 | 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99 |
| SHA512 | 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8 |
\??\pipe\crashpad_2184_DUNINTUXOSXDAKAR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 23808c76470aad381eba66da6bac4f1f |
| SHA1 | d0714c7fd541959b9d672f51c00bbbd3ed95f61a |
| SHA256 | 7c9e2a04f996c3765c85ddd1c1941859e10f71bf9e705b9029256dbc99d554d4 |
| SHA512 | caf55e2aaab6565d1733a51939dddb83dc8c0d305cb3afb08cf01dc83b714fe1f62f65bb4b85eaf7dd6967168180643ae4c397b7b59d2efc4f22ad4ef732d050 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | adb49258b62925d6b884da526e0a323c |
| SHA1 | c5a54358e848a095c18049bf68da1ce5f437ab80 |
| SHA256 | 752ab730e92a4e0ae67ea2115cf2eb3a414ec4186c435506a86accaae25d3cfa |
| SHA512 | a417300376e3847b048e4eeb7fd6769f3ea78e63ad90064e5bc41d483da8f3aeb7e28c21b69c5bf50b46efb0e714dad57b7659dae2031f480a95729efd644f8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9917d55e18953a1a97e7eb8b2f18d5a |
| SHA1 | 682784493085cf54e38a36aa1cf4288801917601 |
| SHA256 | 62284da23f043ec9020729e16ce68dd10626e3cb8c8d0afbafeba8a94d47d69e |
| SHA512 | 4694eb280efe614269579cd1a2cf3d95939d8802ccf827b76c7eaaddfa7ce2a7c107cc189c4841bea78252b3367bd9cd2a7fe212f429e6e25bf34299cacabc51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2d0bbf250e53f3848262f21b2e5061c |
| SHA1 | ae556acdf2cb6740341a0b807881a5c9f6f9d05a |
| SHA256 | 2cf3dd2af597d45d3d25d6f4fe306ddd0787a9cfcdf99cc6a1dc0efc88e4e5be |
| SHA512 | 4b4bc4b97167fa43d69e08c48a78580c3d813d3e57c6ae383405959a03cfef1acc1ef28f7d8adfae358470c3815a13e35a7f5c7a1c9c5795074cad419e516f36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 677637a8cf66ecbb289f92375985196a |
| SHA1 | b656e21128c5be8530df6118b59f804d1450602f |
| SHA256 | aed5c213e28516364ca1d426d3ef848c98f59bc314f364623b3c2aadc4384a95 |
| SHA512 | 750dc65d55099e49eb71092f88e5bebc0d0de95d29d3fb95254b8dbb5dcbc1259401631d139b9b840f5dddf5115bddc2b98e9e9be95e067b6055348fefe1bfcd |
C:\Users\Admin\AppData\Local\Temp\Cab1289.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar12F9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5682aaf9f1d9816e7b9f418ebc14e68b |
| SHA1 | d02f860880fd0f6a0c52ea1c831080a23740e37a |
| SHA256 | 6e36d3a7c996a835735aa3de0285eec45ad231cc0bdffc6ec19d4f848805ecb9 |
| SHA512 | 9dae98407ec61ab5c46c7c9f1b28b7f6129fd91f1b061772a6e6828aa5af540fc8859373c64f15f604b8424d1df61e64bb5b189b1b92d89544e3770b3660abed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 5ce7bdeeea547dc5e395554f1de0b179 |
| SHA1 | 3dba53fa4da7c828a468d17abc09b265b664078a |
| SHA256 | 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9 |
| SHA512 | 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7b790024729b3dddca9325702f492d2f |
| SHA1 | 870f31a059434424a0081f7867a97ecafe936e99 |
| SHA256 | 0d75a1d451a85bf2058293a6debcbfacd8f82152e8eb3ce050b88313e61b1a5a |
| SHA512 | 3b6c4949a080c97ad1d840e00c5a5ea27da3d2a27d9a3cb41b6a4ae8634f57462435851abe0a1a83c4ba53cf9d65c8a3e227f6a2d731c364bf308dcca00dd07a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 197978579686f93e8be4c8dd51852bb4 |
| SHA1 | e95f66aba493c917c15c730fa12374cded2da9b0 |
| SHA256 | 4dd89cd9991e88521ea92feae9bbeb3104a14816ea9699f0feaf0bf5fb3fe19f |
| SHA512 | 917363ac853c787012ccca7d0946ee8310984d59ae29bbfa2ddf4d26b2370acf682c63d73287bcfa47071378a424dc11314e4b086e0b7d6ae8a8c07ba7656ce6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 07af72763a2f280cd3934fe41b563a9e |
| SHA1 | e64523bd4431d22d5261da251ea3ae66db5ee397 |
| SHA256 | 510cf52d7c3680e6d534f94849c42fe5d34ebdaa2e9174402c2d4950206a2145 |
| SHA512 | 461f53b0f8235915433c8a42bd8ba8f968b0df13fa153f6cec73f03ae0b164a49327061716d550c7f53fe16f67cf6cea3d2dae86deb7af3068e2570d57de95d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0eadfcce9aeb2f768cea34765ca525fa |
| SHA1 | 3179517da67bc093c1c82692cd0528176a11a840 |
| SHA256 | 6b9f5f93bc631e4f9e2e25314764c41999b7b7d375a0a03831453c6c23bfa11a |
| SHA512 | 2ea7d9ff1875ad49ed2b811774ff469b951d1441d8060f1d3bd7abc5d461b691866dca104059064a26c91875dd53d0de0d13c48261455c5fc6e450f9a25d1885 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 618a1b88fa4fee2f5405c8c8cd0ebc8b |
| SHA1 | bba8bf3a3c088d2f72b8704cad2640314e636347 |
| SHA256 | db864c002f85d045d10fcc982a7b45a800440fb63cd6076e5d9b93b7a295953e |
| SHA512 | 229cb5ea47d2c7be687f7d0d67086f89873e49303dcb9e5428efc8f9548ccc41570eda47f2d1c31e4b0f5252f62ac00883a403dbc15021a6de0b086a7d3890f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0972b971b4578bfca07828254679b648 |
| SHA1 | 91269d867f7a61d85194ae9637ffb1ea9e70790c |
| SHA256 | 93284a36abd66b0ce8ed7e8f3a4fd34e7b5f00368c0c382318f6ead8c7cc3e1a |
| SHA512 | 03c9451fc39659c790bd4f36890f849ba145e7703c6a78367ce6429aa0f148edba8d9e3ff3d81bde363e60721f7e0fc1b219501cc27ee94730086e2fc92e2c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a448fd95dc7894fce3bf9e849430c878 |
| SHA1 | e7d6839ad88d8ee2666c85c18135cf4346aed916 |
| SHA256 | 99e6be4740d3ce220deded341d1585a7300c2d3221e610d900f0a678661ad1a1 |
| SHA512 | 650566f8418b3d9b60b0a52dbf4ce4d0238a8a128649e4b79686947c63c1b7da7d972b95381bf702074a98106579b8ccc176f980cf931a9ef5e7618ed67c7628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa4872ac865f6b14ab18e48a1118a053 |
| SHA1 | 3c19e710c73aecc6424e1163fe479f2c277d0dec |
| SHA256 | 008b1ad6831aa319933bb55037d4185ff66f08546ade6a2d71830fff4e2f1999 |
| SHA512 | ecdcb2de05f1e76d9cb602a41fd00b38252570854f1ae0287cfddbfccdcc9c2de0f7b9ac8482d222efa370f2af0572f705a3646f15c0cfdc0cea6d5315b334e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae0d88278a94356af6fd5a981087abe6 |
| SHA1 | f3f7e60db0793780e3f5663acc092bfce6565eb9 |
| SHA256 | 48014be32ef1f943958b1dd269d877bd2ecc09e3d1fe8e7ac55d506673edc7d0 |
| SHA512 | 70212a4813be87536a91e3995a44b2892f16934171329a73f12de5077dd3fe63a65019f3f16aaaefce93bf05b12194f8fe3be401b2a3e6ae1caef9f491e4375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2f2ca2b84ec449706cec0e856ede8d3c |
| SHA1 | 3ac7c02da5ef975da8330e587ffa97ae3f2f9124 |
| SHA256 | 0a2e559a7623663f862d6d8cc58bbc3dd8834c1e73b88dd1ce9257dfb9e08f54 |
| SHA512 | 343931e8801beed47e6b439cbf6fe07f0bd57304e7a13b8bee1fc0777c1d4bfa7f9c6e00f3a9c927b1d3ce23d585a98816fdb40dd4768a152d12e70c8ddd80e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 55a8ad019104315aa18eff2e98aa8c0d |
| SHA1 | 46d358652df5ce0b5e2af5f7916125e3b1b8533d |
| SHA256 | ea0e48c43ad8eb13ffb724124441b8aa61622244a8f7d015dba5fa1f0df1b776 |
| SHA512 | b2be58610b5f5bfed375520f2cbfea59e1a8af71ec18c88966d70b9a317c7893384c9c621de853af90b6bb82f39f181bd32be00966951e0a690991ba34897bd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97641fc794adcd0870e96af789ffff94 |
| SHA1 | 81000cbbd9026ea07f7c1ec387002768da511c39 |
| SHA256 | ea8624beddcbca6aad0ee8bd9f895dd519320274bec12d40a4d324b396e78103 |
| SHA512 | ba60c6941a5b7da29b033989c24eedf6125804f25ad579aea91c4c3038f73e0d71952580ce5741f085b5bd64b5a1216988393575951cae277256bf1c81abf628 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4dbf5a7acfbfbd92341c64bf5e143872 |
| SHA1 | 9028d4173a71283ff92ab849db34cf3712b13de1 |
| SHA256 | 222ce668c3e0c652ac2c9a416a3e6b4c8be1d0c7c205680c74c2f3a1c09379c2 |
| SHA512 | 297b529bf8688dbfe16eaad7040515bd856103886d447dd4bffcc7781093020830ccd9fbf23d1d00aa9bdb563441c36b18ec2b03f30879d702c6ff71eb640938 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f60240690f5b74a8299f19a798fc8d9f |
| SHA1 | cd3509bbd3b71b48cea41b9c60e63329d92676f9 |
| SHA256 | 54f59b94701520a1edd544eb292b6958c8ab33c99871932aadcdb418b24af169 |
| SHA512 | 8a9f572eef7e6594c86f6a794da4b609dc8d17b81fabd74a3a18bbbcf27973a42ef8e1566d120d53922781137d07e326f903a356bdc7d7949127da107c5b09e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd09fcdfb3446ce72cf97896c67e9fcf |
| SHA1 | a053dac35a2039b0cc5cb4e03ad19a3c4f5ef0cf |
| SHA256 | 951b55d16262621213ee1424b0d4e25ee4da4f71caedc5d03eb243fdc67b5cbb |
| SHA512 | ff4cceac5e66982c5ffc8e8dc4abd435edc355d8e11db1c25f45bf60d5124208357826173538f17d5f95f759b99fb5e2da2d64ab3fa35ff910eb3b81dffbc4aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a8e15f32bde8d554fa9f699add8def1 |
| SHA1 | f049b3a161f8e2417d94209e1c72ccfc9ee44dca |
| SHA256 | 20c0cbfc52ed1df2f9e07132d46b7ab951a80dea78af65cc84d1fb3c30834073 |
| SHA512 | facbc629e7756e60d5b710f6c4ef6d90461ee59f51e1de049519e1205283865a62638c991399df47f3c3aafe8390008fb94e5ffb11ed5cd77e7400e0745226ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33957554f8b53d11fff09baecc033387 |
| SHA1 | 9773a9018e16e8f7d86b7019f23be6d31dcdbf52 |
| SHA256 | 0be1c6d66be740b064777e0bf7551f5ec743c98acdf13b130f6a8455438f4ae2 |
| SHA512 | 990639efe760fc8f6a994f9ece07f3590abcea6f2bd1d1baba73320d3648a1d98124d41b1e4f9b062d6e6f218b050ee39aa062f6cf16dd5f80727728c14b0cd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a2f41660a59eab16d05d999385398b3e |
| SHA1 | 03ae484c4931f12b00cc6dbe217fd51347ec6ea1 |
| SHA256 | 5209178dc985281c24429de78776b3a0451d860aa13a61fceea32f0620aa3bd0 |
| SHA512 | d7a850accfdf8b07d72c9af465b9d6eb22cc7e727736f8ec314dfc17488df2f21e56266659ce82f86ad2c18984c086be971b5aa463bb8ce6af28b352e37a4209 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
| MD5 | 585ac11a4e8628c13c32de68f89f98d6 |
| SHA1 | bcea01f9deb8d6711088cb5c344ebd57997839db |
| SHA256 | d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6 |
| SHA512 | 76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5c14514c32ddaee0942b30a98c595be4 |
| SHA1 | f32868f67d597e2029bc1cff2f7a0f514b2c2a25 |
| SHA256 | 84e1a2555a3d1eb35fc7427a33f56d70c503b6af72d6f9ad3e5b8db1b0c54f1a |
| SHA512 | 215e3f0a7b90caf6f91bc8a60a0a8a54097e455ea57d595c4fb5c348237ba6e7bcdb103c484da545eb5f3aaab77c819410e4da6c614052df0ec2ae1477cf613a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f366a8e819f292702992df83a93d1266 |
| SHA1 | e2f71ded881ce7b70a2c4376d9c929bc1927e22a |
| SHA256 | dba35473932aeb2e77a6ff24f0f0bebcc27f3f38f076a0c141ace285f090ff3a |
| SHA512 | a5d73e21eb9e3cbd7f94f16d7d29d79addc3c43cc1a6897a2d8c1479653a92c7d8781a42adf1281c2c0fd62aa86f970809ca287172a399fb23929e8a3a4205bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 03474e397060c16440d26f72af71ccb5 |
| SHA1 | ab8b7f2a14f773a7d0eb7ac6608303e751f0cb81 |
| SHA256 | cd392c083787519872bf902aaa90d828e13fb49164ebd0ae0e719b3bee22295b |
| SHA512 | 81039b040e603b0e56eb79d0044721d024e884b98b92ff055f6da9b4e97a29eca981598240ed0ff0ff0fbf2383a683a36b6b497d56c0ea6bcad4c3374d4e31d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1a59c2b75e8e416e7575d76f648b5746 |
| SHA1 | cfdca6c5ff55b8d3126342a94a96e9c355d5b5b4 |
| SHA256 | 8905828d69272e24d00d6b0d1426486ce9319bce679c721957b24c891ea74b73 |
| SHA512 | 92879f79b1b8beffe953e9c503e81294f71d7bd4a3ebd9ccaa1a77f5b1af5b80279e9063477f46c1b861f873df71026e1634af42f6a89c42bcb2a3a4a2a50ccd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 172a4a852a8a3625daec8406a6e63699 |
| SHA1 | 8c2e9d9ca6062eed2419259c2790fa7cf86bc5cc |
| SHA256 | f14a8d04614336ae9c67be198a2a148c34f589a1f3754767b269e6e32d110f8f |
| SHA512 | 7121836b063d76ae9516bb85fc64098dd6d100dbc5969a468c074432b13788224d00772c18cb09792fb2ac39496a2bb99bbeb14fbab6c2af3753e917e307a5f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
| MD5 | f782de7f00a1e90076b6b77a05fa908a |
| SHA1 | 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1 |
| SHA256 | d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968 |
| SHA512 | 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7742d032d618c4903e292e47f86d111e |
| SHA1 | f8ec1b9ff7ead89acc78cd80d4c7661051e4bb18 |
| SHA256 | 648e8c0fa7ee4170f9486391d636205fc9b4d48dc5640d92ed501538331f0cf2 |
| SHA512 | 658d82541029eb27021d9ed3140bbdaa48f043a0611c96a94a0547c11086a408314407cc541b1de2de0072e7d62c1d3b9f4b80df21d6151e7d74f778fbb89369 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6b1dbaff98d96fcd6fefbc3bb27df34 |
| SHA1 | 701c6acc41c3c9cebf7776a5e154523c115a2369 |
| SHA256 | d6d97f0086d6b63f5a5a49d6c5b461461de11a1ce4f46b1fdbd5a12c8bdc811a |
| SHA512 | 2549d0ddbbdde3d6c86c095dabfb7568797f038a030179f72932ed1a2489cc5b55bfc4c2ed201774f3527cc7559fba10d1eed6b95d462bc5066d11ef7fc12e2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3895431ae5047b34ff2d5909313f6824 |
| SHA1 | 031b3e7a17aa15b9cb6669362216ead8f65c86bf |
| SHA256 | 1092bf69222ccb8e728ad2503e251815ab7777b0b715267e7e82214ddb8357f1 |
| SHA512 | 5f647493715f2abaa4c6d9bc656a1720feec398456752fb4c0465deffa37722b6ccd07ab09bc0599cd98605bec37cd1d9dc41a81552370b93d782f077e04f034 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2abb72263d992b4e8136d4212787014e |
| SHA1 | 5c3a6c3de275c839f63879d1486c47328dedee0a |
| SHA256 | ec86e3343322d361a14f171ff06c5c7037b9ab89c576022cbfd38e42e1a26bab |
| SHA512 | fccbf8b90a9d302d3c38a09eb3539d07af7de79310951937d3fa56c49ceff88ee3ecebf2a19c5eb521f74e9b17341adebc6e8108532eeba21fff1e8391a230df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f
| MD5 | 1e7a9bbdc9b3d1fb4e85e097ae2c5686 |
| SHA1 | b47336e3d428f19ee1b22c4f6095f0602338910b |
| SHA256 | a0d20a867f71349352b592f68b0b38f49eabc4f27628d98cb9e5bc73b95d6be6 |
| SHA512 | d273cdf129e753b43b4cb9a59b42916f920fd299e30bf89522f88eec32e46ca01560ec34910b7a71fbc567dd3487b90f42a057f52e3ea7415dc0be36ae190d1f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf7c2f6a.TMP
| MD5 | 71d182d55735cbb199e9f43a8fc09156 |
| SHA1 | 76d5166d888db129da5b9bd98bcb563cb39e05ef |
| SHA256 | d750d31f101ed02facaa1a53cb391a44fae7e677facf07578a504a66cf8917d2 |
| SHA512 | ab96550680b5c2c30f801e8a29f70c4054e6f8798e3ea542ec321e72fc325d23e7dd647de0b25c4b932800ca036b536ccefcf95ae3ed770993a8a95ce304dbcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7eca293fbedfc38cd9a78cf13a65755e |
| SHA1 | 5044c35713ad0f3f133068b199b5378587629888 |
| SHA256 | fed3b2818ce1d12ac190478c69cc691076e84ce6813fa1968d20d02d61e365b9 |
| SHA512 | a0963927e38c907ab7b52ebab8d0e8a40b90ccad49e366137be5c211ea41f787bb4a7f3586e25ecbfe86c2215a9fed31efb6eed0466e7ff8124e6d444dae1a56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 321eb7338ef1c925430210d295651815 |
| SHA1 | 9d63d89c1130ecfe0647dac9c61fe50f5457ce5f |
| SHA256 | e50d0e5c53fad750006c9fab8acb1df08b6ed369815b531ad982dbc6c36b1199 |
| SHA512 | 3d38369482a6ea8ad85dde20c9aff598cd803d6dcd9796d3e54d94bf5954c89e5baa54981285cc39674998d3717bf569a5425fba50eea3691c8e0695df6f3a28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf9f1cf903c0a4218f5c2ba917aaa6cc |
| SHA1 | cf957b5be1ce8a1f9691a61d61796383c8f8d472 |
| SHA256 | 93fbb8e6e430f3051a817ccd74f336405008b4b3283e52d1ef45f1a7f4576165 |
| SHA512 | 504d18827dd46e367fb040e2412c85ea92555ffa80cd720506628b762bdc71d061d3f8db845bb57d4dc9d60b273f8365e2e933d71eadc21a038127de088d840c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_ztjru.dwhitdoedsrag.org_0.indexeddb.leveldb\CURRENT~RFf7c3b6b.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Unconfirmed 420567.crdownload
| MD5 | 6f03b0ceb9f7a1b8b40d19a70ee09406 |
| SHA1 | 10e4741740a3ef1b8d43daaacfc04d33e7f8e500 |
| SHA256 | 93cdbf31856d18ad4d9dc1b98f5a0adaee379009d1b21274b08204d5fb196f43 |
| SHA512 | 1d11ef52164cb5f8503f4f043fac385a0dceb66cd463d7e30d163fb2f60eb83f6b477b362c5a493bdfc66538473cdfc73c7ef254b477bb34b87ae28c4ec2b50a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7def5fe585fb19a547a72281a8d1daaa |
| SHA1 | 3628c651eb9bcc0c28aa44f83e9012e96dbc6add |
| SHA256 | e8821b868da787bcfb9c738acde06269cc6f26ea17955109501f553f1d7c0acc |
| SHA512 | dc50f2c2b4375833042fc001067d5936d15b5d2f8a6e5cf1d20fac7d4a4b9e36aace30c842ec37ceb1612071b4c3fa0d9b9677c096f8365c46ea999bba78dbd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 726deadfedd2da43f45f49741b5e96f3 |
| SHA1 | 668d79046dd18f40558411cf966fc7cc4fdb8424 |
| SHA256 | df51f09aeef3c7fd0d0854b260d4eb9d561054bc1c95f82bd234e88f62c45b31 |
| SHA512 | 20cb3266694257a53db482ae9208ba6fdd5eb6c57e6a0345c9222cc00c20366816dd12ad8ebd30e40f949fee41dc9ebac591380f009d42f5d6ae0670d4a1471c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 17b5337b715fcd2975285033a2489914 |
| SHA1 | 1c7056c090d6b784b911d03b838a52f15c35ce81 |
| SHA256 | bbec208097d5395a4093bce068857f281bdb575b8a3afd596d89fd9361f0c450 |
| SHA512 | 4e1bf480e74f4c2735d80dfde602d71c6f87e68afd5e9b739a2dc2555396ca06a1a2ef815e6e7c8ec8827646520e5fb51117569c18ccd0c997214817efe37b8a |
memory/1952-1632-0x0000000000400000-0x00000000004CC000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-K703H.tmp\RapeLay_hM-nGX1.tmp
| MD5 | b15059611e9b9d91dfd555ab7522e374 |
| SHA1 | d72cabba4d7269de4cea1b635b3301f4bae13f12 |
| SHA256 | 02fe68b61b9ee12198e69daef4b64fe484514feed72ac020eb90abefbe6f9b60 |
| SHA512 | 2d823f8d531ff5a68ed38c257eededdf3af5febc6631bd199ee1bb46373fc93e5dfefda7d336d97e67447a7e1d8da9ee54eb2cf21d42bde334c544c73c033cec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c164a77c5aa81574d8f845f8e1a95905 |
| SHA1 | 9fe22bf7f7137bcc7ab7a8274b26e1d3255e103d |
| SHA256 | fe69ef9060ba6c22ca09d09591b6586abbaae18bfb297fd8f7ee250783620d5b |
| SHA512 | e01d7dd1dbb8fedc822919a16bd8a9bcbb605d3c5783550adfd8bea145ccf833e565b39f8bc73f426d0a1290272f05440174fe1be5a07579218a18ffe5b1b4da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c89df9e9f570f25973313171a5fe911f |
| SHA1 | 4b2bf43970aa617ca43ff04ff2789edaa39168e7 |
| SHA256 | 526026d8f8b9dce0aa6e547aebd8d4dbb9827d4fee9f907b62e17b9926f6eb4a |
| SHA512 | 2bff76e7f7cad6a4939cfff9146fcb188560bd13f3d440d4d37a227f96241cbd5d90708d493cb6dbc881b58accd9ec476399fbde89136e13068f4f6c48d74c51 |
\Users\Admin\AppData\Local\Temp\is-D396R.tmp\zbShieldUtils.dll
| MD5 | b83f5833e96c2eb13f14dcca805d51a1 |
| SHA1 | 9976b0a6ef3dabeab064b188d77d870dcdaf086d |
| SHA256 | 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401 |
| SHA512 | 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3083ee90beb9644653dd18ff89234391 |
| SHA1 | 2a562912f313d242963b0cb2709f875260feff51 |
| SHA256 | 3d01ab7ab67364b503e7956e1f6ef1279852b472e60d6630c63b3e5084295ea5 |
| SHA512 | 8a5b0edde3f90a2efa466694a4baeb88b85061d17ea883672f7a2e7268fa335ec4e0bfe8e291391d7e3f1e44870556d0128e27bfb67cd37438e6622efe4c4241 |
C:\Users\Admin\AppData\Local\Temp\is-D396R.tmp\AVG_AV.png
| MD5 | aee8e80b35dcb3cf2a5733ba99231560 |
| SHA1 | 7bcf9feb3094b7d79d080597b56a18da5144ca7b |
| SHA256 | 35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9 |
| SHA512 | dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976 |
memory/2336-1688-0x0000000003770000-0x00000000038B0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b162ee7f86221a22b607da96969cdef0 |
| SHA1 | a0471c09dfa7a4dca95b3421ab7c64304464ca5e |
| SHA256 | e65594b74abefa22aef4630854cec5458d951159fa2c822dd7f40a9ec30aa99b |
| SHA512 | 7afdc6a55efdc8e8645ac14792112e4cc5c5718490ad528af88bf1f4ecc24bbd4279cbe806b86d8e636eeef6f5e9804f035c1357b82347ad663da37a4830ab86 |
memory/1952-1696-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/2336-1697-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/2336-1701-0x0000000003770000-0x00000000038B0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e19fe929-cd0f-4e60-8f64-741ecb3c7473.tmp
| MD5 | 4594bdc7ec753a50f424e07d6ba36853 |
| SHA1 | 8f164429f358f37405b960541c4aed3b13eab887 |
| SHA256 | 83ffb64ddc4186cb1487d089e3fcb719faec7d897001da5992950c50ca4aa04a |
| SHA512 | b4eef159c18d6e35c6da33a49ebff7793cf9cbd3b808e4fb9587ea3113e6a12ad91b5f95979f787bfbb8e1f664eac7ba8960c23f82d44b997653f9999a9fff1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 30f4925fb84a12c8aa0bfc1aac3a863b |
| SHA1 | 46c003800804cd1138bb8bc6f88a8cce1be86d30 |
| SHA256 | 5f80efc02a527ceb0dff78a1690c4ef13fc60477de1104b8f53074ef7c676ede |
| SHA512 | abf0c479936f966f9c5640bd6dbf68377195fb61cbef68cc55b98209f58607b026cb4fa845d3c98a152f5cc03130edf047cb03b92743e1a4fd08bf401465e23a |
\Users\Admin\AppData\Local\Temp\is-D396R.tmp\qbittorrent.exe
| MD5 | 22a34900ada67ead7e634eb693bd3095 |
| SHA1 | 2913c78bcaaa6f4ee22b0977be72333d2077191d |
| SHA256 | 3cec1e40e8116a35aac6df3da0356864e5d14bc7687c502c7936ee9b7c1b9c58 |
| SHA512 | 88d90646f047f86adf3d9fc5c04d97649b0e01bac3c973b2477bb0e9a02e97f56665b7ede1800b68edd87115aed6559412c48a79942a8c2a656dfae519e2c36f |
memory/608-1729-0x00000000001C0000-0x00000000001CA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 87568a672120190b94189bde936c8157 |
| SHA1 | 5b1e0f80cedab6e4fe83f445ec91222ceff9f079 |
| SHA256 | 6b90116e2f5f06c5a19a48bb90f9d15e7c843f936ddf87197568da71ca113d78 |
| SHA512 | 084284ba44a671c8b438610c4d359daf07146abeea7466a8fe9fd1e95237311b9cfc2f8706953c6b4fc4c46f2cf6705a05a64363a6814b532a812086ab43e4f8 |
memory/1952-1744-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/2336-1742-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.json
| MD5 | 5b76b0eef9af8a2300673e0553f609f9 |
| SHA1 | 0b56d40c0630a74abec5398e01c6cd83263feddc |
| SHA256 | d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817 |
| SHA512 | cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa1f2163b7aa1bf2883807be10ff228c |
| SHA1 | 5b2afc918f82affe275c1c422c47b16c878faf37 |
| SHA256 | 7d1d6d5f056aae91edf442846be4835c8ca0785c470d09fbde026fb55b5bfc13 |
| SHA512 | c8363cc86dac3e16162719088a6c84ec0e825baad4979bf3772ed52a9001f104b532b828fe59d8c3110aea9ef955a5838a6f6b935bbf20b71597ed64aabed60b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4974189afa4aef61039248e6a11aa1a3 |
| SHA1 | ad17c3af09cad2fcaa00847673bb32f379414330 |
| SHA256 | a3e210aa770840bee3971308de71d111613921947c1f91f78e7bc75338e12f6f |
| SHA512 | b2990db68d4a41b39d85ae0017c1c2193fe3b288bcba33b4797d6f8e0906f5af77e39b1bb475d319a1a9795eeb0ab29de778639ed65585524c9e23320b1be92b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d3b5158961bc1acc03c2aefc041c4f |
| SHA1 | 3ba0716bc25ef516210f8e721c2c96b08fd4572c |
| SHA256 | 9b5e2867c292839fec7509dfb4a4a754fa338a53e7dba30a1d8836a9f97d4dfe |
| SHA512 | 92d8bbc6e851058e0eb8f732add14c2a28bb18cf01c9876e3a8171930d67cb08386655db7cf6a33ce7238b5656549482fc0f92d1d699f00d81b7c7eee232f7f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
| MD5 | afae06d30a581605d00bafd66ae32680 |
| SHA1 | 1c00ebaad462001822d3cc49c4ce0df57b1b9a39 |
| SHA256 | 3a38a7c807def8b39da59e9f49a7a0b6fed6617417f7fe36bce213fbeb06088b |
| SHA512 | 49f258d6c103a76c5faa6740448676d3e53b73d26447218f27a82895848fe210bb099e7bb5c5517742be0a099b252ca23c201d9a3e9e4fb88f085ce42c506c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
| MD5 | 4ffafe74e18b35157300d55ed615d63d |
| SHA1 | a47a9e20b9a960f70ef43b836a44354a065117a2 |
| SHA256 | c04d6aa42dc433d78c6daa9d4104c7f98efa6db66013a70ae9d7763e92675dd6 |
| SHA512 | 91c1169bff92737ebfd68429b71cd871c6a1b812588ec4e432833ebb39950f31213f52f3db620009d92f4b3d3734ef25e850e3ee2955d9b290e03ddcf5f90410 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\favicon-32x32[1].png
| MD5 | 7524dbcd4080f3251c9387b4a4cff455 |
| SHA1 | 576a56ddb85d86f278016b27ac83f511dc36b82e |
| SHA256 | 55d2dcff47f9d8d2dacb9a17f076cb662fb555dd6848c9b0a8a6524c00ae7a50 |
| SHA512 | 88d0013594d58ac0bc9a6c54d5a35ac1952548c938c35ff10fb1f24a5fa6e9cc23eaae5fe24ffabde99a6791d76036739baca2fd37be2d4856f24d8b828214e0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat
| MD5 | 43b5a2b3ed14c93c15a36f3dc43ce505 |
| SHA1 | 490007a8b978baf687cd5331d4f92b6839145cce |
| SHA256 | af55a3c3a330771cbf6603a7595e3a408c0c7ca453fe77ebf8a56f6cf875e41d |
| SHA512 | d3628cddc6b89d40c54ce7cfd9037bdde94fbe05b983b833d9ebc39b66f7a58414babb337dd60f92372a177cb7cb0649865d6408b2c0bfbcec3392e005a4ef52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74fa1f3151a0a087f8d752a16a59d814 |
| SHA1 | 984c433c68388627e06db109f90dc03a85939127 |
| SHA256 | ee86fe747dc8c78b697150923292011b818c2d69d5e32cb7401b123061d18bd1 |
| SHA512 | 0cd2a2dfdc55a6e738d164ec8ecd2b4c92907be324d4e1738c001acd8f7c96e90d4347c05ab224cb481fdf658b74df22d9ebd952a0a9289f367bee9a334a53f6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc[1].woff
| MD5 | 3492b91f490c0715ce743e127ab70cf8 |
| SHA1 | 8c6342da3d69b5c44f530dbca25b3842fcc39337 |
| SHA256 | b78ee44977bb4716cdd8744be6a7e38d12f7128cd465ad6befec64c2fface275 |
| SHA512 | 95a6b71bd94b3a454466d2a34bb0ef6fd4ff66a5cab2a73f07067c0891e5279f2d4d01957269058a822a4e02c31d37c686067fb67b806963d9dd3455348e0c28 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc[1].woff
| MD5 | 05d0d73e537ee8cbad0f3c6f7337ba98 |
| SHA1 | c2560285df021449a4feca35fd721f5f75e670a2 |
| SHA256 | 56b41c96f2538671abcf257d4f2b9a85ab6dfcf151cc2d48c664a276ec5829ce |
| SHA512 | fa11a875d7cd63681810ccb27d87e43ab78a683f7c63abe118583896bdb95097e6ad8885a8df327145aeedcc3cfc5ba764eab5d591c0cd1516c5aadf42580770 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 337db02ce6050401fdcf84123b3ec066 |
| SHA1 | ebf1de472875f94762f69266d1c17c5e0e4b6aa1 |
| SHA256 | 8b878035ac79a86e8ff79419ab2d10858ff21188ca0850a7b24064139b8f22e8 |
| SHA512 | b4414c9aabb8f8a14b1f026b13742c11690d441d4f90a64b60437b7809d0161a7211ad424e2c926bd1e278a9f91b0be77067d679a551dbaa69dbf1e9056cb4cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a810ca7c82c269526a5c437549828d3c |
| SHA1 | 25d6f58b55787a855f82a03c25d2851315947229 |
| SHA256 | 77673b9364045b55f988e097f8ac79c9c7cd1c0a887866a80598dded40461113 |
| SHA512 | 2648020763f7e5dad9525137a76ea8f6049ca65eb1f0dadc8c5af036486929057f01c008c52cd1aee30f38291f91da7b8451406efee0d9085aafdbe7b7a08cae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8617bc055f6194fff068f45fe45abda |
| SHA1 | 4d605cf0f3e74b48b023135175722160e6cc14b0 |
| SHA256 | be1b8c645ba1ce7027f1437b2595cb94dfcdc16972abf9a50b3c490f45e08fdc |
| SHA512 | f47af02c385ba9d7bb3df1b330b8dac6dbe943324db8618776d7c7222cc3d667b96ea54bb0058bfd47c95ebbe70b0c4e9b50fc02f874d62d141111ab393a504a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9243617cedc835b8b200ffd9f30395bd |
| SHA1 | 30f561e41281906033b181b324261520a84b69cb |
| SHA256 | 5485df88a797e4090ddd17355978f817268942c82f6655cc4209aa8cd1490edb |
| SHA512 | 8c3c2542d3eedb45dc3e490df5eab2d4b1b3869d452997c606c3e236143eae71e6b1c4240a381ae849b2abe3895c447e11f55a08851a87dd886e52fe119952ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ce46e776f10065673227b25b6a910f8 |
| SHA1 | fb23d52fc5d8f38683eef8484da759983dca2d17 |
| SHA256 | 3ee65702d8823f2756e64b1c4384b99225b4f2f2fea287b65df3fed63b01b855 |
| SHA512 | 77e356ad6f1c0e7ced5cf6f4ef8040cc62f2685d469d5aca252507e1a7eed93b6d7b55c8930210a76b7268e51147a25c56beb088d4eab2c7f673aed391fdddfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaa3c25237503517a1ef4bc447813bde |
| SHA1 | 71406d98ad8345bd9693a664f642bb60d2a9b028 |
| SHA256 | 4543f1ea938cc739461b1d2e1022c86fec3144f0dba214c8b69a829949af7774 |
| SHA512 | 2fcc9b1ae03b67208182aafb841fcc773cf63a955feb0dbdd64ade666880c6bd5504f94d25c3514d1e83d599f60026a7ab7b220c1aa85ad586a5f0ed9e9d72ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afac5edcdcb97e3b2b0a4ca1ea3e14cb |
| SHA1 | 87b1e5bc7f32ce7547386f914437126ce37be800 |
| SHA256 | 62da70495b4e0e136908ce91196958f11ebd66e3f5301e6a44e8ca45dbc85945 |
| SHA512 | 66472b1ffbfbd31b4b597f04aa0bc697f856dafef27d05548592382b3dad8d31318d4ba258f8b8cf428f7063f868d41871444a464413971844f0660d8cd06803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc4ce5ee92eb8713da64059a44373042 |
| SHA1 | 8a933de2f208d63079cf42c3300838427cfa81d9 |
| SHA256 | 3abb199f78566c187823017f6e01d5879bf1765dfef61b18d8dfdb072233cc3a |
| SHA512 | 2b9d35c30467eb626ccb624ab479821808bcf130aafa16d4a590cb55849265b6da9aaf3b0bcfc5f02df43901ec7d074309bce052ff4597db90c2bebf6707ca66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9567ba156f3cda979e07dc7fc99b7d2a |
| SHA1 | 7d70194bcd097f435eb15c4c9cd47fda2865e1ec |
| SHA256 | 598aa160ad06437e4c7281007d6f5afebea71dac362c6ddfb462fec0cfd262ad |
| SHA512 | 958d36b4eff64c2f14b92ffa8ebb1d61e6014d2328f571b04a160daa9dc53ea9774f491d824d8a902a2068fc0380eae491da288a8dada8f846377e48c039ae59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9bf2bacf64d8ba052139eb97e6eb5e1 |
| SHA1 | a7e9228ebb150e0803be227d91b137631f6440d4 |
| SHA256 | 86aa57e6ec58f9bd6a7054779f8cc4bd2404a5ee8afad726af256a157b17bcd1 |
| SHA512 | 8a7fa6f95a21e9fdd2d3fff3eb6fc07fbfd3b0b9a7646da878f6614aba652749e5e819df7634f1d720f2d2377a588bd776c62c019d5aad7c836ee41bd57f189c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f0863c6be0295e1cf22483e9175c4e2 |
| SHA1 | e6704958f1525419a6cc77ce37a2e9cfc990a9b4 |
| SHA256 | 4563c5e4172759b8df76e141aef2364e87ce30781463979158aed299af1b0764 |
| SHA512 | a6cceb69bb7b21aac2134002e5ba2fad8f85420680a50b099cf7f4c508b3048ce09b2d1bc78f4531d9811b850f2aa1dd5a14462ca319c7554a977132619c3f42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9783c8c0e47576b0a5afc2c9b447684d |
| SHA1 | 148e060739b6ec009d0f370d685433f793ec1b66 |
| SHA256 | 5c7f7bd016236043a81d8e410d8b3c0390363bb5a533f16e99a88af0f7b9dcdd |
| SHA512 | 4ce040912df0a43c1e1b5a36df11196068257e98476b6f1cc7fbf2b67526aaa9011510fb086e9124a7a67b8ee41d7cfc5a4777e06fef2505532cb81f812aee7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 57834594fe22a973304c340249d18590 |
| SHA1 | 86d877f35b380bbfbfdbfa5413ca1626860eefdf |
| SHA256 | b05f8e66d596decad8c265dd679c2c175e962f37eaef121b99f0d4ed06e5147f |
| SHA512 | fbbb759924810b53cc1677f33dd14c8a59011d3c02a78d2590cb6c3aacefb55ac453f059d857fb86ff37b7cf76b30fe99999069734f3b39e4beac767c9cee0b4 |
C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent_new.ini
| MD5 | 49f568c6e74670df3ac28db2a2bd8592 |
| SHA1 | 58318fa9d65cf6e2dab24b85c6b2bf47a25ced35 |
| SHA256 | 3721dde8defd8a0fe5129048051d42b0f5f1395698033dfd0cbd0c664afbb043 |
| SHA512 | bf0bad5c9e7a054f52454fadd510c6e5f705a97e55b64f78cfb68c3ec0e62858eb06f6c95a3eedefeff6af3e5633eec3323ead9696de2aa3daf1bb0dd8a5e665 |
C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.ini
| MD5 | 36af81f09fe64bb64c28a738d65d018e |
| SHA1 | 2e2520f6fcfc6946084df9461171ae6ff329a074 |
| SHA256 | c55cbeb567e7fb6bc6b1bdded831fe9a0f19b064c8cb29874154cada4b7bc152 |
| SHA512 | a1d0b5d87f0342a53022d342507f453bd33c44998f9720b3f9f217b1b44fe8e3424c1b69bd649cf95655d8f4199d95a509a9af948c2e8fd84c454f9a0f766915 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 1ab7855c7da97684ec424f9d1ee31f1d |
| SHA1 | 44f49785f9cc64849188a68942478baecc3c9071 |
| SHA256 | 68a1299309ad3b7398603400daeeed7a47a2b7e61e5c5132ef58397cbb11ebe8 |
| SHA512 | 72f925968549422149792ab806ce6cc86ce0d24b2236b45019b7e504df1566892861f80449c115a04e6497104759241fa1aba4b2a0dbb69316e1c89ed01e7f5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 64d7011f5f43c120e047cf0e5cf7d0e4 |
| SHA1 | f4d0d339ffe1d3e5f64cba61fff65977b67458ee |
| SHA256 | 25672badaf440654a80dd94d8ca0731f132e19526f9977d657f7c32c59063efb |
| SHA512 | 744e9127c1b428a1006e01dec5c88b63b3e8853d5b9e87bea64127f068654e42752639038242c5bd49846a81c90a277fd5f53b7e5c5eaaeda39c71ecc53d34b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6a04de6185abd4f23d04469aaab63555 |
| SHA1 | 6dcb063794ce71b908c62d60c277b9bd9334d885 |
| SHA256 | 05d9f581e83bf35db46c321761c275d8b173236ab758c16ef30f2e8a34f93bc1 |
| SHA512 | f623eec48041b05d1a682ac1fa8845eafa4a1173f4b006038aa9f721f806556c80fd7a9021116006463c3c9e5e7e3d68729dd677d85fac543d5613eed0adac76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e654a3d5b6cd56f9a19e4251f472edd9 |
| SHA1 | e65785b538563d8c65a8674e4dc4405f62e8a6ce |
| SHA256 | f6d95f87ccb2e91b8cd1fc974a06bde290d86a6d408e103a909e1b5fadb5ced3 |
| SHA512 | edb37113d9bbd15224b3d35ba5a7714c2693acd4309c5cc90af30aa13cba920567d54f1f1cfd61498120d1df5b2b3078cffdc6f6764b128a0da87273b31894b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ff861f22-9d36-4c6f-b958-90a213bdeac3.tmp
| MD5 | 1cd8283edd86a85d93c23161f9bb85c5 |
| SHA1 | 8f80ffe1938b8ba9dddccf683cacdce4ea599b1b |
| SHA256 | 2ca02caf9fb15fb81397d97fe094c65e1938ce53fa2d39d7075aa9d9693e93ba |
| SHA512 | 716ecfcbf73e26af357feba7ff48e6eacf16793bac5c95f9fe8d4b7238feda08c6f1f386a0dcd3411de0b72cfce3d7e36be6276c7d9ac810e2704c4a51671d63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0af75bc5b1b63ec9090ebed9333486a9 |
| SHA1 | 61c9a67a59cc976901a85e6db5191225107a52ae |
| SHA256 | 7ebe4ee6ab691a14de461c720d605ed3d31b8ea83600c7ad4436ac46111e9d1e |
| SHA512 | fc743e02043f7edef6536c7eadd2fe35d0e66169c7ae1af68984678a87979b2106dab4951577cfaa86c4f6b5b2f026abf2adc000db4edffe722c7da689ea9856 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | fca8af0dc8436b9952fdf961f8c7f401 |
| SHA1 | ac194f887a84a4538985ece94daf59cea48fe65b |
| SHA256 | 477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9 |
| SHA512 | ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 79efc86c875d88620ce3ed3b68b7ef94 |
| SHA1 | 89592cedacd93c8101738e0b838676d07d48e701 |
| SHA256 | 42739313a7472c62768ac4c96b7c05da0bfaa86fce5b8e3d98fa7a0202172fb6 |
| SHA512 | 972f936693d985f1831308d263f89a81bcc73e09da0743da71bd68ab521d4ca9f4a6d1dcdb7d1395598ae2291defa52d514dff8d7c6b5a3fa7c9735695db2ee0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 0b3a94b703a28b9c8b05e16337ab0ff0 |
| SHA1 | 6d9eafedf188b4ea35be690f670ca7ad3e4395d8 |
| SHA256 | 4450116c559bfdb6f8c799f62ae04bd670c782c6b08d6d32bf7c8228de65820a |
| SHA512 | 0b4050f03aa4b87c9aaac09669a856f7f486cd73dd5a4206d9ac1b9a094d73cdf5267fd4d8671a6104bfde15598cb2529368e03012468055421f6f0498bd15c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | e0fac9516b58f5257a239149cfd621e8 |
| SHA1 | 96eebb847bb5b1b3d408d471eea90a771d9b2452 |
| SHA256 | 23e116c9f36855b3f7a86ea1e4a6a32333e59bec8f2eb6833be4645a28e9ce9c |
| SHA512 | 56b1613ecad2703003d5ec42e7c178d59e39b7c821a06651ebcd5dea27571eb6fef7a84b9822cf79284249d937e6bcfcaf668a723407f321e00fa5a0768b5a61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 3847ecd364bc8a3650673e2c85d55add |
| SHA1 | f40a8723d0470bf5f81fee1a78067a6b7e7184f3 |
| SHA256 | 14e0e682d9d1e679cdf73016bb64e6c73ec45ecaaad04b8e69a113091851c263 |
| SHA512 | 18695de9966088c612b65118586639581ff4a57ea78017116629f013af1d1744a03aaaf5c581d4d85b1cbbdaa0750735b1d2eb2e37a74a0600f27ceb5e761ba0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000130
| MD5 | ca45f8643e8ef1308d315dabad653b8c |
| SHA1 | 16a48ca5b2395d2ff7e74d0195b325637ca0d80a |
| SHA256 | 7f7dd184575ccc53e80e77b647233a48246e1d161f89e3cef5b8cc462005e7cb |
| SHA512 | 0af5a62158885a0cc8a071efc7873e30930b40d31eef6f28a619a70501d9b6e8b142ecbc14c433d6a1c33e75c761581f589078a779312d2d88d645d6a67d3396 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000137
| MD5 | a4e28019d7d74fc9073d1a5d4d4c6aa9 |
| SHA1 | 17c04a6f5cf650853fbb9131ec4c3ceca15fe08e |
| SHA256 | 04f41f04c77b9440c88458f8cfa1389b81002b7370b1b0e670451608ae831cc1 |
| SHA512 | d329107ef49950c6020e5165c5526d9b043b1b02483cd8e718f42168d64afc17f9a3fa0a5d861cd3fc2cb4a8b0e43fe49d8e8ada13d3e0f3a3f530cb2be5a5d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000136
| MD5 | e753f1768510d0e072240463a033c245 |
| SHA1 | ae75931d937f5d0535032821a77c0302f795065c |
| SHA256 | 1e4e4068d57f3901d103110f9f156bf1a0ec9c15c3c27a4ea0025a1d9e7a46c5 |
| SHA512 | cc5b35b748781bc6056d0371f6a02f67d02141e8325602c1daf37df2c91bbe57f3ee056a42bc836b67bd9b71a6ae187f2d5cd1631c1bf0f1a110265ea254c384 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000141
| MD5 | d0a021c4cb77800df58bb328d00364ef |
| SHA1 | 759c27fdce867b945fda8ba1b4659aeb66fc0926 |
| SHA256 | 3dbf1d0cf2d87ce50196e64f7a2213c5a0b8547d947c0b25ff34c9751e71fb32 |
| SHA512 | efeafc978a9ab560acd79294db5d1a5929cf499bb70b6b1349b58673210ea4d20041501cf280c965aac925a4de3c4e64fc67e99d97275c1722663c91262b7a93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017e
| MD5 | f90d620814fccc82ff320a1430b8f2af |
| SHA1 | b060f9d869b9a69bf3f8a64952248fe7dc159d0a |
| SHA256 | c27b7f5b1f89d3831d32d3f064765787a04956a29beacd76442fa002e34b9ae8 |
| SHA512 | 6a8c88d0f7efc5b00ecdad4ba95a2a59869f6166cea68f3a7d8762a5b0b66ce5d5edd5d0578e51e3e88eddc9449c9bce4f1d73ccc14436226e0c4a8b36a15ea7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00018f
| MD5 | ecd8e509a29165de08369d0b26dd42a4 |
| SHA1 | ef7f9bf323fd4bf996de6d5ab434f3ab0f207562 |
| SHA256 | 7d22b7c0cbf0cf912b92948a9ba8a652a4e9e5f908a29789737b40eaf0ade4ba |
| SHA512 | ce51270d26ef2d322bc3737f6dadedcb9d3c6565f81e5f1796fad5459b51f41b8e78759f7eab2d9862503f25368b47a96f85389a32ce76d0a724efad73656c1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c4609e4e631cfcbd81b20d5d9947c3c1 |
| SHA1 | 284a889522feb50d1d449fccc9f07341400216d8 |
| SHA256 | d2890f268f17ef9b2167a7d198bd9b1006a3b4135d35b3b08a679d6a2cb353be |
| SHA512 | 2550ec240a7e78257125879e9465b7f8ee407f66b46e91526759213d47ec50fb494857fe806c666c39c1d077bc801a7d48130328e53799d8885e5676c64d479f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1dda48cc39ebce085c7a16588b2a5184 |
| SHA1 | c5b66201629042ac038ea4a048932618ac57ad1c |
| SHA256 | bf869b5339b4a8acf6e641ff7b5fec83cc0cbb772649ed7f645080457a6d7bec |
| SHA512 | 60863b629a967358abebbe1d7aaadcab174c696f326b4aa6cfe6b48758bdeda35851b0060fc47af6683d6ff8f87bebd4d065a0d753b3147687c21d5aac8df6f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c8cd236c0f9d9553f37030c895afea5c |
| SHA1 | d0caf6576a79968a88831559cb0cd37c31577d69 |
| SHA256 | 179f4ac61d62bb6f76c20a5bdea9523be1ae66330de46c9b12c02681cf7a762f |
| SHA512 | ae25d32295048ac5f63712dab507a040444e827b5f291a2fa4796d321181490ae4e5cc086d3cfb46fa7fd8ad6c3ba3187b31d47c75724cdd98ed1c5372c7a180 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 978436bb2ec2efbf502094638953afab |
| SHA1 | 8182c82113ce348821379836ecb3a9fe718c35eb |
| SHA256 | ca096c037780dc67e67d3b21720e8bcb6191863b877ccddc328ede0b9c3b05cf |
| SHA512 | ab58de351fa1b68ac0d90ecf277d0ff4e518d29ab05ec505181348567419cd31d3d11c102f41f8640b28bae51f780c4938f4e324b00ca44367a27af0679f7fb9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 07:02
Reported
2024-05-10 07:33
Platform
win10v2004-20240426-en
Max time kernel
1387s
Max time network
1179s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2401.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |