Analysis Overview
SHA256
43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee
Threat Level: Known bad
The file dugga_848274.seb was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Possible privilege escalation attempt
Downloads MZ/PE file
Executes dropped EXE
Modifies file permissions
UPX packed file
Enumerates connected drives
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Drops file in System32 directory
AutoIT Executable
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Views/modifies file attributes
System policy modification
Kills process with taskkill
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-22 09:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 09:35
Reported
2024-05-22 09:39
Platform
win10v2004-20240508-en
Max time kernel
177s
Max time network
171s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CookieClickerHack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Melting.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608442420540881" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe96ecab58,0x7ffe96ecab68,0x7ffe96ecab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4956 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5204 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=884 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3376 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3900 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
C:\Users\Admin\Downloads\Melting.exe
"C:\Users\Admin\Downloads\Melting.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3804_GDTMEIBILDSIHZOJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2706c173326f95b5825374a07338f313 |
| SHA1 | b4752c836fa5214294b6c3f09ee34cba3b8d76f4 |
| SHA256 | c8653f91a754e5aa544793710ff071f2fd4f27b9ff44af87deb79292e71a07b5 |
| SHA512 | f1cdb5cdf1de1a673e616fdce0877b00a70f8fccee6bbf12141c65884affd76c8c8d39d92dfb649225f8ed8e766d89cdb1b9635e44013be0a39d474ce5e8c91a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28dc3de3df2fb9e8c1ea6eefa06ba1d5 |
| SHA1 | 5129c99586c138d34d20d91e417abd007086104e |
| SHA256 | f7e841a2090fadc966bc59540aa78c7cea6e306afb7e4bde045756d2f1c8502d |
| SHA512 | 98b80b709be4b0b33f13a100452f78c2f0c1a0e651c65189426e350236844101d099b8099d84cf943f1674fe7ad68060197ed99de46859dac916f9456d2ff74a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bf3ccf5de920d828f7e067d22485633 |
| SHA1 | 142072309c5033f271b29a80b5fbb31035fa085a |
| SHA256 | 288e7f264a784ac86fbc79476db1a854dc7008b464cce492cfc4b2b4b862d184 |
| SHA512 | 8b2e1a16d9b721966a5c1d9badeb40aa0185de2d3b170e08b493c86d3121092af91340b07d9d3c7b0d00205b5497fd7701e65ea990fbf93544b27b0b6350e1b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 12976d9e34de36891cf1cc43135f76a7 |
| SHA1 | 34d8c17583eacb926829ac3228034b04477361aa |
| SHA256 | c04f0c96be474ac11e3d187181caae4a920537ad023d2118850b14698b5b2b9b |
| SHA512 | 32ae6dfa70a78e32e0a7398458be72d3f361edf4878a0e17189d61f6e20d4bbcb5674a64ab272c53dbef6663ff674179820b06e3ab27aa9b0b48114b42decb18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c09ee2bdf388f08e76194cb3c943f42f |
| SHA1 | e42a83fceb7735e9f4c623703aefd4f9b2dd5700 |
| SHA256 | 8f9fd5126b0014c406d854979926413c6272b69cbc62cadf26429117957c25ee |
| SHA512 | 8b478c202d9867ae667523db1c85c712d17eee07ef357566bc147d363d5389a1f173f2afc56f1c3beb7ee2700f087814f606bc8e19ad33216ca7d8cf0e3dd9e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 15ffb43ae7dd5c2ead91e1849af8dbdd |
| SHA1 | 0e39598a69c526b596179d439415b9a682ed0a83 |
| SHA256 | 7ef50f2b7e894a50cb106635c423eda812219b1dfe7365e442a7fd75035cb2a4 |
| SHA512 | abe877bb7e4e2a52c5fe818427fcca62b03894d587bab160d605b47a810b0936c96647c73cc369cd248969823945617bfe552c86f47867a1eb6261ee8bd692e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ee5d95ca549a5bf0b37448d6ea3c9302 |
| SHA1 | e8c04d0c03e912965b8f414fc70651340914938b |
| SHA256 | 0fb729817e0f66c54a969552a058bb3c4dfaead381edba2ea1e13adda769daa5 |
| SHA512 | 8291f7a9db6e03d9bc0946c5eee4b1e364c92cfebe61c2ead5e470195cd49e4c63ee6834c3c42b764b0fdc15537eae165b69fcf20ea0728e599ffa3dd76bb75d |
C:\Users\Admin\Downloads\Unconfirmed 723485.crdownload
| MD5 | bc1e7d033a999c4fd006109c24599f4d |
| SHA1 | b927f0fc4a4232a023312198b33272e1a6d79cec |
| SHA256 | 13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401 |
| SHA512 | f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276 |
memory/1924-341-0x000000001B690000-0x000000001B736000-memory.dmp
memory/1924-342-0x000000001BC10000-0x000000001C0DE000-memory.dmp
memory/1924-343-0x000000001C1B0000-0x000000001C24C000-memory.dmp
memory/1924-344-0x0000000001060000-0x0000000001068000-memory.dmp
memory/1924-345-0x000000001C310000-0x000000001C35C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 174059a3c64d9cc96668c843acf0cf52 |
| SHA1 | 5e1e23972a9dcf91524dd86c16d8ea151631e5f4 |
| SHA256 | 496fabc0f8d8fb4676107a411ecbe6b88c62de95a55bb3d8d02619f1145ea263 |
| SHA512 | 938ac7802ce0bfe87d0cf966907e89c1a8d63ce413972b76c209895f6ac0cc6b367b15e4f2b233940bda6e09cc194fb49568d5755cde398f98506c17b826b446 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e13ff23d9251b08e3baec32f72535da1 |
| SHA1 | 89fe4ec2440d8d198c41b1de1088b21f8e5283ae |
| SHA256 | 9649b8845797d9c7610fd7ee63908d343af06d9ff066a3297ffd40c72e68086b |
| SHA512 | b6af0052a5b487852f8f2bdf2fb182cd186831236383fb0aed5bd4f49a648e9ec843b1e09fe58eb4298608f5d85547c4120f99f37177137afc60eadb40503884 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\361a9299-98b7-4377-849b-52a402aa2e5c.tmp
| MD5 | 87b345a78be5dc936801c1905c4871d0 |
| SHA1 | 11018fefc15f8aae543952b30e6e065db1f9a147 |
| SHA256 | 9d1d0164f73a854ad8d33d80e74de49e56184191a08df74c3f026e063e87941c |
| SHA512 | 7d01f4d5763991c3f18f8e0d5b3ab8a89f1c5701b39a9fd0bb9340f2cff00c765bb8fdb8bec4c9cafc1240317949e873e0ea1c66603e618d793ecf4ff3295996 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58abbc.TMP
| MD5 | 88b620fc27117199e88e8a00e9fab558 |
| SHA1 | c1468f534b86297cffe0b2f667a5eddf1ca7e88d |
| SHA256 | 791d35775517c9dd0091035813e4f078317ac78e0b2f04d1d8df65bcb624607a |
| SHA512 | ccd34d70f1e2f7e40d6114eb63d270ede6492ad39a24ccea69c3c19ed469161f3964f5d8b1ba3c02249c597a760fab5688cb60754f2fab51645a14e8347a0a86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 17669df4d94bc536b31da6c6950a0fc2 |
| SHA1 | 81ecaeb14704f1d6240263059384eee51a07d31a |
| SHA256 | 9ed613632ced67d12b344cb1fe1a951764486ad9ce9e7d7b7babaf7caa17078d |
| SHA512 | 195b6320712d0f1a3e528ab7f41173e2cd01350fec3187a99e45fab6f6164b9ec68766b5e7ee3cd1dc8daf7d9e1542ce9465ae21c3d98256f0fb22e335c2bc1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0701c7d8d9da6751e6456549034a117a |
| SHA1 | dc09f5976f6e6d46b19cf166369fab34d88a2e78 |
| SHA256 | 67a097e2a7fda2aee816117f1eb4fcddda6268e697162e14be9c2207b948ee0a |
| SHA512 | c95451923d52e470afed57e5cfeb9439fa06667b608a55303452c5afb0c24b28af7b9f1c779d12a4874df406233b7f98750943c14366cda0aa52c0940c481813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 48957ed397e58b12ab4b2e8accd678e8 |
| SHA1 | 96e01b79a8287922682e3f279348840734ea0a67 |
| SHA256 | 202ff4ff1ebfcbf419023934179f833b6b5001d2638f05e05873b90bdbf18a11 |
| SHA512 | 8473d57fbdd0b431b81ceb2663fe89006b758c59bace93218e204b655e741c6c8d762d01351860a0d810276ef41fe8acb2e3e4b209a0abb2a3f3c16357e9dc54 |
C:\Users\Admin\Downloads\Melting.exe
| MD5 | 833619a4c9e8c808f092bf477af62618 |
| SHA1 | b4a0efa26f790e991cb17542c8e6aeb5030d1ebf |
| SHA256 | 92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76 |
| SHA512 | 4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c73d8e76daa9bcebf3a8230cf0f2136 |
| SHA1 | d13300698158e7480c04b9bc4fe76fdc1caa0996 |
| SHA256 | f10cc8ab204cdbf45e1c954750acf6e2e1f2ea0c52da219d42a7a2fee15a0624 |
| SHA512 | 180da63837adb56a41f811a028d62d27d9bbad4d9418102286afe919fe6a2f0472cd6009138e4067a5f90092cb4cd45617a89df71a807944849dd57821b4428b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d94bda214c43805f2c30d455bb31de17 |
| SHA1 | b6dd19a4ae64d648eca8feaf668c53c28be9d282 |
| SHA256 | 73d3010b2a8ebe39d070ef73c0e14adea686bca7efa4e774477c2f552c027aa7 |
| SHA512 | c9a45a8dd5a24ad1e7134e0c0edf7bc49bbe6bb3b75deee6519da9f2e207cc0fe29da5aba672fc9562e638d57166f6993b9c222885c6422f8f1d296da45c1d67 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 09:35
Reported
2024-05-22 09:47
Platform
win11-20240419-en
Max time kernel
604s
Max time network
599s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Gas.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\PCToaster.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\PCToaster.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\VeryFun.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\SYSTEM32\takeown.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SYSTEM32\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5628 set thread context of 2672 | N/A | C:\Users\Admin\Downloads\VeryFun.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 5628 set thread context of 2448 | N/A | C:\Users\Admin\Downloads\VeryFun.exe | C:\Windows\SysWOW64\cmd.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System.ini | C:\Users\Admin\Downloads\VeryFun.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608444015911963" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\desktop.ini\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\ResumeConfirm.htm\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\StopMove.rar\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\CompressDeny.M2TS\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\DebugAdd.asp\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\Gas.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\Grave.apk\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\SkipUndo.mid\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\StepUpdate.html\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\ConvertToStep.txt\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\RepairJoin.pptx\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\RestoreUndo.xltm\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\SkipSearch.dxf\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\UseConvertTo.pptm\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Illerka.C.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\ExpandGrant.temp\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\GroupDeny.kix\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\RestartExport.mpv2\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\TaskILL.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\CompareResize.lnk\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\CopyStep.docx\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\HideUpdate.vst\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\ReadNew.ods\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\TestDeny.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Grave.apk:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\EnterUnblock.vstx\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\EnterWrite.ram\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\ExitConnect.midi\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\MountLimit.i64\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\RedoInitialize.png\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\RedoResize.emz\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\SendAssert.vstx\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 (1):Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 (1)\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\AddClose.jfif\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\DenyTrace.htm\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\DisconnectNew.ps1\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\LimitReceive.rtf\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\SendExpand.inf\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\VeryFun.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff2328cc40,0x7fff2328cc4c,0x7fff2328cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4784 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4300,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4608 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4608,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4952,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5192,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3380,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5320,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3324,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3352 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5344,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5624,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5780,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5952,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6056,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6052 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e26608a-827a-495b-9d04-ff203722e6bc} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {501ac4eb-f046-4e9a-8856-f70c50aacfcd} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3136 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b513e4-58a3-4f10-84be-6a9124b410d6} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 2 -isForBrowser -prefsHandle 3808 -prefMapHandle 2728 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc3ba9d8-ae74-4b4a-8a36-97874eb6b4e6} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4680 -prefMapHandle 4676 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7494b849-f3e7-4259-b2ab-086a28848c4e} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5252 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9fc336-5382-420e-996e-12013f5dc546} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33dea4aa-57cf-4ece-ada7-2e328e0340a4} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbebda64-63d7-4659-a108-870c28e48d90} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1164,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -childID 6 -isForBrowser -prefsHandle 6288 -prefMapHandle 6292 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7abac9d-df16-4b3d-8ac7-ceb240174af7} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6000,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5880,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5872 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6308,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6256,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6132,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3520 /prefetch:8
C:\Users\Admin\Downloads\Gas.exe
"C:\Users\Admin\Downloads\Gas.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5836,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5728,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6248,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5804,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5864,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3748 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5944,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5652,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6092,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6788,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6904,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7008,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6240,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7112,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5956,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6528 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5812,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6888,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5288,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6576 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6884,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4296 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=4356,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3240,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6592 /prefetch:8
C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6252,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7076,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7080,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6280,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6344 /prefetch:8
C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Windows\SYSTEM32\attrib.exe
attrib +h C:\Users\Admin\Downloads\scr.txt
C:\Windows\SYSTEM32\diskpart.exe
diskpart /s C:\Users\Admin\Downloads\scr.txt
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Boot /r
C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Recovery /r
C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=3824,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6832,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5876,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5704,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6424,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7044 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5608,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6948 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3376,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:8
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4944,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6120,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7092,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6992,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6436 /prefetch:8
C:\Windows\SYSTEM32\taskkill.exe
taskkill /im lsass.exe /f
C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
C:\Users\Admin\Downloads\VeryFun.exe
"C:\Users\Admin\Downloads\VeryFun.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SYSTEM32\mountvol.exe
mountvol c:\ /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol c:\ /d
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | chrome.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | chrome.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 104.16.113.74:443 | static.mediafire.com | tcp |
| US | 104.16.113.74:443 | static.mediafire.com | tcp |
| US | 104.16.113.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| PL | 18.66.233.32:443 | cdn.amplitude.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | tcp |
| US | 35.82.224.55:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.233.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.133.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.74:443 | translate-pa.googleapis.com | tcp |
| BE | 74.125.133.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| N/A | 127.0.0.1:50308 | tcp | |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 35.164.250.149:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| N/A | 127.0.0.1:50316 | tcp | |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| PL | 18.66.233.94:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.187.234:443 | translate.googleapis.com | tcp |
| GB | 142.250.187.234:443 | translate.googleapis.com | udp |
| US | 35.82.224.55:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.233.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 52.12.172.42:443 | locprod2-elb-us-west-2.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 2.18.121.197:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1---sn-aigl6n6s.gvt1.com | tcp |
| GB | 173.194.3.70:443 | r1---sn-aigl6n6s.gvt1.com | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.194.173.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 172.217.169.74:443 | translate-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.202:443 | translate-pa.googleapis.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.238:443 | img.youtube.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 142.250.179.238:443 | img.youtube.com | udp |
| GB | 142.250.179.238:443 | img.youtube.com | udp |
| FR | 5.35.253.150:443 | bonzi-buddy.updatestar.com | tcp |
| FR | 5.35.253.150:443 | bonzi-buddy.updatestar.com | tcp |
| FR | 5.35.253.150:443 | bonzi-buddy.updatestar.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
\??\pipe\crashpad_476_JBDGVFWVENADCCZE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cd1d0074-38c9-4deb-a160-3fb64a9a5e60.tmp
| MD5 | 235184e2c8b4b09e57c06e8039c34b52 |
| SHA1 | a548122133da5589c8f0d643051ba9e8c78798f2 |
| SHA256 | c16fc83e8d28c534915fe0ab954401e46663ed309e21408d786eb344d0cfc225 |
| SHA512 | 7d68aee2a5399337459d4391ac08fab9840417e785c35fed64f80ae27c9a4bd71a36bbbe14961ddbf1d437f4c751af1dc0631ae86fb33edd3ae33f2689520255 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5748291a0ff5455be4516847b7df12d8 |
| SHA1 | 4d4e4589e994cee84f66509f6d7d943eb1d114f2 |
| SHA256 | 817c4649cb58f4f06d7d8ddf42fe7f13cf7182205e89479e7ac64eccb0049514 |
| SHA512 | 43183008f3bd9d4671dc8e069e0c95e523ba21b3f8a0feeee3b65723dd01358be4f780eb5cb20da5295c1556f9ede232343e09d043e52678c3edf10e6e0ea4dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3bdf8b17f068f344317c5766334798c1 |
| SHA1 | e435260c7ae2f98be9edec0ace87d6903774bf7a |
| SHA256 | c705bc411e5ad1e9bd80fb4ea574e04e5abe1d9dbf644db01f35734def047d20 |
| SHA512 | 7c36662f37e10274f2ba88442c1dacaea6f105d9ab2528f9028df6c099fd97701813472a32d05a6ec54aec970c235f1b2788a495c308516a883d6e87fa29cade |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c2864155563a23da2dd4933362177804 |
| SHA1 | a77b7cab3a805fbb1bc7bfb9f8b6b17f41a7973d |
| SHA256 | 243481773efc732abfb643afd120ff0f42c821a0cc28df8efe27d13d25758740 |
| SHA512 | ebdad0d1fbccee592d9339893ea3c6838b74dd009baa095a2f02174953e9874af465a0902b4ba223c1b5d078aa03291c9350a975cee1de70635464dde66160a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 63c19391f124576aec88758755710595 |
| SHA1 | e0960a2037c92a6f6d50e3de1a39c9dc1b77c2d5 |
| SHA256 | 7db539a50338c463dce40d818710859ab021f6d7d4152d7aba670da0be25e815 |
| SHA512 | 4e277f8fe52d882e75f48835091ccc61dd38f59b2f9dae26b0d6273334429b40f011581eaceade3900b4e3428c37e60d41e84e0c442faf427c46f958c3d7a980 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab2047d89bb95d1339c4670b2c27b193 |
| SHA1 | b4da11a94b38f4c455ff6136efaf22608e48e7e3 |
| SHA256 | cd433e84063f13c6bbdd63f282ffb63bf515a451afcb3daf960c798c9d2aa360 |
| SHA512 | a95182b6b4b5c9fce15f7e3dc01bdddfe18220eac7376ba60e07ed5305634d715f90be0c5873216407efa7523d94ca49711fe85df3336ba40c90cb1ac4202c2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 016bdf753cb5ab49bfe9648c4672142e |
| SHA1 | d1688083f05ed07c207e10fb85d4c7916264f506 |
| SHA256 | 73c9a8807d27532ae7f64585f8a68042226a7c58ca20769e293b1092f5403924 |
| SHA512 | e872745fa7e8ae0970b893673262bcbe698df26f4bcf9ea99628920d13c5f6ddbda08ac93851075cf7d1739b1d58f8f1ec08faddeeb37965b7c13d8685d998ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 715060c4246323e71b0ddeb18fb378da |
| SHA1 | edbd516755c7eecd2f155f37c8ec05516c320f50 |
| SHA256 | c5a95cff896091b37ae85fcf02e9590e7ad14d55003cf2a7664bb9c403139643 |
| SHA512 | ef6a50541d9f6d83a76c3ad6444d6c02e1184515c6c6b4e1120c2fbcc61990215c3a2a3a0228e2ffc5455aaceb0a7a1882722d76c1cb0250215d4553d3b96847 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e34f3f60-d220-48a1-bf62-e071cd764127.tmp
| MD5 | c11763b8c3920d720fe037759e13cbbd |
| SHA1 | 04a7ba1ab981b15cb02fad624564446c7f398bad |
| SHA256 | 388c90d75e1c2b7bc19a249c534e31bbf4910004a395b5bb384f37a8704b2401 |
| SHA512 | 66b0e38baa8b5e244abc4a373e2ebf5970dbad225e502b8f971fadc9ce48ccb0234beea0c3e9cd8edb77729b337eceae8e844ccd9fb08be3627170cbdbb93e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | efeedffba255673f0e08d50b62e2f334 |
| SHA1 | d0d22ad89a3835cce36d103688ec5b400ebc6feb |
| SHA256 | 02fdcea7e41565cf2120d34b5992faf3646cc3b5d48432234e9fe3892d701f9a |
| SHA512 | 0a9083c62de76c12e50cefcc7e7dfe7220b82b4973253b74b6fb279e6a3acb0a5c07473b8684c2680459d24baf02c7c5e2525b284a354372de6af0834013292b |
C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619.crdownload
| MD5 | 682ac123d740321e6ba04d82e8cc4ed8 |
| SHA1 | 088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895 |
| SHA256 | 453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 |
| SHA512 | 26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad |
C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619:Zone.Identifier
| MD5 | baf051abc36be28a35549abfd0ac5abb |
| SHA1 | 02e02cdeab09f8319e6f50af1cd8723adc3a46a3 |
| SHA256 | 1c6b482f04d2f305c03cdec7e5bb11c9ef1704c38fb66d172b01f00a4684e1d4 |
| SHA512 | 77b89c29e25d3320871d4b59fff7f354c2e27f13af6d7ec208ce4e087c19611ff09a1f5c51aea1770c4b5e2c5b1a69b7e4e351fd618bf7873745cccc52655f0b |
C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 (1):Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a8469da3a1999baf7b3f150edb502286 |
| SHA1 | 70e7a05ac40113e21f0cbe4206a59191e8206bfb |
| SHA256 | 8d36e9b7e33cf94d252e8d721bbbcfdf029d5377b6f860fa0f376c0d35aaed37 |
| SHA512 | 9fddca07219c8725db7e7575c614542a3f614f3e50e13d54ca43c2d475eff8c7a47eaecdc3bf26f0f489e7bc9fcf4281fa28f1b6793d424842f5195311ad5a3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6ced2482789c5ec292152c8c9e50e420 |
| SHA1 | cc047e9a82c803aa359da0e180121308c19ccb53 |
| SHA256 | 83b837d73f2e5d673d43d2dabbdc77a5d345408088b96dc4aaab03191f6d0f5e |
| SHA512 | ca45961abc6f9fadba6c30e8896492ca2e091315d45bc8dfed5a3f0d0464231548674ea8681e7c260416e4945772653b356b5cff607dd3660c021ae47bab4ae4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 18181cbdef15ca303a41a36d69a3526f |
| SHA1 | 2665d56549652b3b73350ad90d1b763632d9f6ee |
| SHA256 | df4f96d67d3218260bc674fe29a1c510a42888f555d91b209a83940ad56073c0 |
| SHA512 | 7f17b82d25bb44c3d96dffef9517deaee90ecddfc8c515df85abd88aeeb0e26220fd4085fc3b849c4b7cb525b68053b5b1afae7f97383ef37ea79687123c51e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe138172ff240874f946de36e607b418 |
| SHA1 | 57c331f49a3539285a7a8b1680a3442935ba738d |
| SHA256 | 28394a57c3a16e40ae0a8a2ba4d5b602b6ed0d4db9c8471a33dc4045cad698ad |
| SHA512 | 959c66367d05db1c6064673bdb9fe56aa3f63552512ec9c7e2c3c636dc26ea6560a276b7379d65bf9eb3cae6809476d4a073b52a5979b048d1d68b8d2c53b2e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 72a5ba04911a42cac26215f445edeb0e |
| SHA1 | 76ba907dfc59c57c222ea3544e074d78d1ffe39e |
| SHA256 | 1309e0b927acd7000eaee47a626f50961ac1d5ef6cf5b03898f36702280e3daf |
| SHA512 | 767afc94509547c49f6404842b30871ce811b6c9c594c3d71b12c09312808c298b43e7335984b0373cd04feadebb2f3fc4829ea0ced225fbdd53869ea92bba4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32182c55aa33ddfb8785e73040f6767f |
| SHA1 | b4b0f1161a02771df067378e8b9019785495e679 |
| SHA256 | ba7969e76736b102c175a33885ba976bb8c907fe6f1fe49002c15213bddea357 |
| SHA512 | 6385ac687abe89014fb41ed54c84b2f10c6e1df12c872120b22b0cb9901e56166b12ca250888acf57a70c37d6fba510f2b0d9933bd42e3a1576af6e4b0602e40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03b00c296a4a8f48fd8403519454824a |
| SHA1 | 7de7bdbf4bf6f517000f5aa7fff30dced17054c6 |
| SHA256 | 345a003bc9d239e2b7ab759cd5a550fdd4120ae390ff35604a182e2b8989ab14 |
| SHA512 | ba707db432d845042a469c9f893ffdbc05e1af8534b7426fc2bccbc8ee9d6bf654ecf0e9ccc38a47d3d2fb323c0cda1abdddb81f359c5ade2866f53ce2456e50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d54ad5e60dff3d52cd318c6ec983fd1 |
| SHA1 | b581d3aa2d42cd4bf26201dd2479b71206ea356f |
| SHA256 | fe45c3a650dc66ce64d38f420bed6da8eadc9cf7ccff2dffbd8a958622416558 |
| SHA512 | dee156687465439a7705637f37db05eced57409793223afcd37bf338f21b5bb8124037714fb2f3531ef1b2e48372a5dc2a481980b6fbcb178a7d00c8de0cfae7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7d8e67bbd96581ebec7afe1ad4527d2d |
| SHA1 | 145a06cc60a741fe6382d9f214c9ea0f5ec5ec30 |
| SHA256 | c47cfcf4e16439d864446837a55c8efb1575ba9dd13e8f486485083ae32e3236 |
| SHA512 | a305f95018210134ec362aeb9305c89cea6565e2bcf3887964060fa99a0f1f531f6f20b3c0f49265004856861a34b4dac527a3145de8627a11331f1b687cc648 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0be0760742b7c58d39756f331f2b7a43 |
| SHA1 | 8e87a44fd47a9d62aae72c323c2b5f13a752890f |
| SHA256 | a3214b1a9544f8933e1c4684038ecc887bb2cca58a331fb4364cdbe73ce438ed |
| SHA512 | 48ee882e0f0eaa46ab960109d6ce23c09cb75d6aa13380cbe6f83de0da152671a9a2d05ea10b345df84f0f4357a6f47f6624c497cb8923926e17d0078488a4e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 811c842d30cc4e00785ef7195d5529d1 |
| SHA1 | 07bb13afa4d407300cff878c5ff15fff3ccf5f20 |
| SHA256 | 8a9038bfa4721ab47c0ea14d977860a7d8cf05ce8a0ceecec426b2cb5abaab9b |
| SHA512 | 5bc9983908e2cc88824251ed4853a815aae5c5208ab29d837af3d1feda26ba2ec4428f69a30c2e5ec350568a84f1800d30fc9dc48c4c39901f427dff9b808b0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ad142ddea418d147a4e19dbd9b478503 |
| SHA1 | 0b95a2065d514ed85b443d90b05256a87989c7f2 |
| SHA256 | 4cdb9e64a97efaca49624fd4aeb203753782785c3f360e5e820ec968540dd7cd |
| SHA512 | 93c60c8afe9624f4475fb26d032d7020ed95fd2c02fe3a44d3f82b48286cd3b35355a3998e7ecdc1ce5c6f435d8fce0f7ea42e45cdc69bd3db1d560595bbad57 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\ea7fd51c-3489-4103-89eb-dca022952506
| MD5 | 526deb8234738f9c371957d22f0f8bca |
| SHA1 | 37d1b83de222105fabac8a6cb6eb74b3b2dd8629 |
| SHA256 | 3f902aadc8b241babd1765e71e8367b435c51c7dd3ae19b3ddfc19463812c7a7 |
| SHA512 | 700c5548a2737793e5dc3f7c862540818fc2723cdd865f631341bf5b9108c96d2826bd97a02a71dd363d34716ffe35011dbda700bf376f755c15f88234c66834 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\c0e170ef-c3d2-43ca-9758-09471a9ea891
| MD5 | 492af9f129f69e7387b8888ab46d221f |
| SHA1 | bca4ac8ffdaf9641c1ebebecfbe238403b71e23c |
| SHA256 | 3ab5144f8d0b150e264da35a2532548bfa70e20e4fd3c38d7686ac3a23e03579 |
| SHA512 | 9d75f05845ce8e403ab7ff3426991a459bc12b81853f94104f0734cddfbda4b63b18adb610bdfb147d8abe3d034cf26de0f795666fb65b44cd9875750d5753c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\a19549cf-7887-4bd1-9740-5d4afb22e082
| MD5 | 0fd54cf58d82811daae2b9f6ce08d8fe |
| SHA1 | 3106984bff0b2842d25edd052b8a60b023d95f88 |
| SHA256 | bc515f55cfd1ed4fed7da1fbe09ea6b908ff431bd4360625cb1633b291a8559e |
| SHA512 | 174e18045133beccb3719e416559df753cf47a23828aac895f7448faa4c47fcdd75abf3aabd2f953ea2b118c6cd50bf3e5f44fde4ffc6656c539a75117afd0b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fb1f64e8d2d51b4fbc58c9d0ebf4c71c |
| SHA1 | 3839bc0ceca50f32647e570392f584b79e5ba8f2 |
| SHA256 | 93e1b52afc8629635456b594a3a5d7eb9b2541d80ebd7d21acd967e841636476 |
| SHA512 | 28d6c9b150f17f9249d3d665de68388a6cb55ef70e87e171ad20e1d22fe7d53afa0bc2db43ac127a3b4ab78df5f3a35f4c2828eb3f17542d9541d47f140f3621 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | b83df547d37bcabc298b7a7b1003e6fa |
| SHA1 | ae909905b4c879ad9ec92398e209e031e8009ced |
| SHA256 | 69d963e436b3f569a45a7c5f99a7e01d82950d19df8ddc318fa65a136203b643 |
| SHA512 | 5cf9aca8b5d8ebebf29f9297623d6d660beabe1eb2e7d99e8b4c8e9f0e5777d1e97cd1d2ede557cc123f6b7319772c42549a1acea909780dbd5fc6dab5713646 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cbb47781-c098-421d-9238-8f76a3064b8e.tmp
| MD5 | 1c442403e84ce28307856a793d33fac4 |
| SHA1 | c5b4fbea12e26c5e1ed7a6621e6e3e236627ce3c |
| SHA256 | af89c3b2f2abf8e9e77400022f2100688ab85963185001a1a4e91a92cdfb2542 |
| SHA512 | 1e824fb3ebae6d7490b6839e9877e764b09b8c38242d0d53bb4068a92bc29b050dc500234711e2339323049a81abe2b38f1517fc7a25bffb2d2f61245572a2e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | b502a561bad1b7c8707463aa9e54cd5d |
| SHA1 | b6cfa2744eb98b6226882e250a44e94fd308ee20 |
| SHA256 | 5993e868a2a7f0eb2a75b49948707b88f60d1595083bac613e12d36fd925cddf |
| SHA512 | 72a6a3ef007a1a65ccc12fce55b3c60be11572ef2419336789b4f72c3849f48947ecf53715bf1dc4ef42221e57427b79df5ba2f9b2e2af6617844b29634b414f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 25e4300c801bfbb00dae8ba999e0d755 |
| SHA1 | 06700161a74442f11b6b0950118dd670cdef8f44 |
| SHA256 | 5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90 |
| SHA512 | 8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
| MD5 | 8ac3c2f16c7adf2d941dcec2decbbd2a |
| SHA1 | ce15ad3a2e1e92ed7030a3b9a728759bf1fe4565 |
| SHA256 | d5aea9b209ee73b44fda1943615539c34a9aeb1ed87c0b8736323632d0031330 |
| SHA512 | 4c91516d8854561a97a6f901ca2a0f91a9b480964128256e4e2fc2d0de81b401a3268a605d81968b6eaa4277b366817550ae8e3581f6ea6b7af46dc59f8c76b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 17d327636cde455341f5829b63ef7402 |
| SHA1 | 7219e4ffe4c4ab9ad10ff9923d50a02aeb8ef4bd |
| SHA256 | 8924083ad1cc50cfe95121a12c4d015e745aff59bb561d8c052d99a15f9cb33f |
| SHA512 | 9fb2c8d5a1250e685a7ddc28de382cff56805bfc0ad3ca56934f8812e33ca33708f40135f368d164d809954208135740de08991df20092506d913fa4d0f53679 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f4e5990cd7628669d962d2b7f136bdcd |
| SHA1 | 350de3950d277496a185f295a13f099a1aa7eb22 |
| SHA256 | f29d50ee42a23164e63483cebcc548606210c120b965f22c38cbd9620826dba4 |
| SHA512 | 34c29ac87b8c31a4526106465de3afbef030451b0b95819ab54f4f141efef8a02fa486c05aad561d7a0ac89576e9cc8ac6b4724384550f1f174358de4a42a1e5 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a71e9f55a432a46536804da15c564b8 |
| SHA1 | f0c0d636782fa1903a7e30363fd69da826b7bc9b |
| SHA256 | b98f1d5ce9bbce3264ec55c8969e7cc2b54888cba44901f1c79c2e230d6a82b5 |
| SHA512 | 9921f87494a72f725d5436073a0262942c051c9a3d559d4aa07c313db9de3006ddc6ec81c963dd739039314860d3d2d5c69b5e27f843d6de8eca7ef3f90a7253 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0C18A63D07422C5BBF14C42DF4253232CC926410
| MD5 | 93ab8dfae384c7211a52fe777020e444 |
| SHA1 | ce3725d37eca16f990cbf5fbcba4f2db34887d4a |
| SHA256 | bd6d5921b9181b0bb5058f97e26fdaf0f72bea691f99ad4292599fc0f3f1c61b |
| SHA512 | 23b5f1ec3d0745c806a8acd51ca7860df031bb414ecd14f3becf4510722695c411c28d8610f870dc35ea84f1a1384b1b55e3d06c721d0b7616db0c1d6e83dffd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E6D1A2991276D9D4252EDDEDADA7FD348A02753A
| MD5 | 0ae863af95e76632ce6587d36e23fc69 |
| SHA1 | 87950650b10763f8afe195f52a50eac59933b346 |
| SHA256 | 7ce59a7b10f14b61103d81680fcfd4e88d13f08559b37984c99c3f91957ea171 |
| SHA512 | 714d6c97532304029b9f0093e559595a81e66f86fe3d018307dd9550db0a3536dc0e991cc8442349ae34c053ddb959283fc6ad4eba72794d39a301d256d8f856 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2c49df5b57239bb6a8cb32d457aaa6e |
| SHA1 | 651978f9097721a9ecc4929b1485003b9311c762 |
| SHA256 | 48612d1ff719b2408cb0acdff0fc312621b0f0f8bf509ac8e9f937e9bd1759bc |
| SHA512 | 36c7e2330fe86913e1e3ee36e43190e6817c6a665e0a5c96382af9164ce9ce7c517d7d01918960fa4713e68a0aa15f7bb833c09adfba42a506cffa804a055b21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | babb4f32baf11d3bbbd2e18094db4f62 |
| SHA1 | 8961f19333ef73331997839e33dbdd1fec99f9fa |
| SHA256 | bd673c13d5f11340c9d613a5f85f8e3e3790230b186c04347b37321022f1e64b |
| SHA512 | e0d8fbc40119c5c17f1865d9b2efd619fe60603154d2910fefcbb0c447d5ce62bd8a2a90ad58b43d5f0cd108828e31cfff952e376b2732399d6eb824f40570ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | a2c6841a68420f21513003d3520f58b4 |
| SHA1 | 90990b15eeeaafbb67ceecfbf0da016ecfe397ec |
| SHA256 | b44b25ebe55bd2860f0f14661a17fd4b9ac29dab21aa0137e42871f2d264bba8 |
| SHA512 | 03fea116b1e9640898398e388fbec628fe94c605d0d5684edff0638e9dcdb0ff4fe240f445fcfbce640f20d1df0e522dccb6951b1fd144229d5787578cf6ed40 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 74a8af0c8c2a44c53c5f0d1231bf7566 |
| SHA1 | 1d106b54ff179f9c3cce547a69b7c391259ebf5f |
| SHA256 | 489aa3d6a9f3f5cd330f1d95f9e8c246bdeeca621800edb15abf1403a35910dc |
| SHA512 | 619972e388745a205f54d9527c6fadbd55c5781fd78f1c18e9d32d136f34b7bdc512400aedf9cd59638c743e10aa229611385e43f43cbd5046b25935c00d4503 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json
| MD5 | a0821bc1a142e3b5bca852e1090c9f2c |
| SHA1 | e51beb8731e990129d965ddb60530d198c73825f |
| SHA256 | db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2 |
| SHA512 | 997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1c5cc5e337c9c398466433b4fdc6ee95 |
| SHA1 | 21f388c3e394f9455a68cb127aa48d399a837abf |
| SHA256 | 51cb6630f31d154fa1f9d8bff7dfd8dc448aa3add738868c507bea66da338e5e |
| SHA512 | 84618c9ff8819a174f1cd508f3dab743ca5ac4963aaa1ed019803d99d369f7ecae0f48ea6dfd3f43f92eb2429bc26ada41e9d3be1e8dfb0b206ae91e4e6a71b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c32f3837afaca25b85d1d734cd77e72a |
| SHA1 | e7690508bcdaa32404cdbf8f57152e7058787b5b |
| SHA256 | 31655d059d10708060955547f065afea5b913790ba653c93d54c82e7cb8fba94 |
| SHA512 | fabb042ca5d6048dc8e7653281f61ec1d61496dc366fd399539fb24eaf8ba74ecd543c64a29a990cc61fcaf7d9216cae39f7ca56c63e699ee4026c02447656a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 330b95a824374f752130a6f175ca072a |
| SHA1 | a1875a32d70f67783a9fff9496e23a292a89232e |
| SHA256 | ead3bbd4a596805c87a3f133d4ae4452b5903b1b875cbb4e85f6754133aa516a |
| SHA512 | 6e602c5f165b3636f6c7ae281513cfaa968381f72b3dd520683f12a6fcbaaa4646380b2c5514761c01a8b47f8b4e6a6a324968871819f4f049379ba84d4061dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3fe984ad2cf1510f4397e39a62ea9d54 |
| SHA1 | 8d56dcdcb4088739ee7ace6a36f0908f034c729a |
| SHA256 | 95aaf540a1ec68bfb9a3f651d641be779cae75f02dd774cc21c6c3de665bc7c3 |
| SHA512 | 1049b3d517dca710a8b8af05708fde3b44ec14becf2acd1d344dd463c53c234b38ab9e3ca9704082056724b586514d4f27f6a409671d142f36db82205d2e7e17 |
C:\Users\Admin\Downloads\Grave.apk.crdownload
| MD5 | 61b29201190909e848107d93063726ca |
| SHA1 | f6505a3b56fdbbc54e1624793581afe45010c890 |
| SHA256 | 64c874d0a67387d174fbf18811ef23e9d9b0f532ed7f805e542dacdf3c9d42f9 |
| SHA512 | a2e8fa752d62e77e20e6fd86b7c6de3e683e41932eef448164944bd5f5dbb91ccf4380b3c13943e5c0264b9127b7f5e471ece68753af541d408caefae1065930 |
C:\Users\Admin\Downloads\Grave.apk:Zone.Identifier
| MD5 | c609d7c10350569680dabfbcf2b405d4 |
| SHA1 | 18ef86e3d659f2f47505361b5ad4be415953ec6e |
| SHA256 | 3483cb7bba53b004fdfcfc4454484bb79db198d95886505503be8b57c1957f54 |
| SHA512 | 9b41a8f2f270705711428e29b555845d322a5196b99b2f7f0002a3e386a80145243eeacc8216c8a49ee8a9e23ab2df3945856761270e7bd726989ff3a0ce2a54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7de03ab2ccc69ff6d63b2a95987b39e5 |
| SHA1 | 48301eeeb57b30abca4e7c1004bdeff8557de93b |
| SHA256 | 287441fcf22eeecdb7e7a628e8ff300ccb6bf29931d005a01420d3de12ddb995 |
| SHA512 | dc7d6aa0a1b7cb2f249b94ab8045149dccf71c2cff47fa169f7f2f0236430617e7bdf56e1778307df3b0e09f936cdeda26402da4d725fe03839f68bd36617359 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 19492769efa799673163335b37aeb9da |
| SHA1 | f45d04831cc48e1ac68c9ef97f2fd06817446aef |
| SHA256 | 2b92694b6ff48b80b5a415c01d54f59670d3839e62e35ae922beb2bb4d86a855 |
| SHA512 | b56004132569fd2ab09ed5e6cdde6dc48be542243f813679f552af7f65301ba1cacace2fe11bc1365b2d65c5b7fbaf07e85a087bb44e8999c48ce4273efe4095 |
C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier
| MD5 | ec47bfc446c40efecb0e1cb883fbb8bb |
| SHA1 | 4e9906396ce388c0bb3a35be56ea18f0a1cbd956 |
| SHA256 | 3bb92500512b671162f465e2d9a58e6fb93fd6109ea739d68b5294b4200444ac |
| SHA512 | bf6d30e2da7037a0f0c5f7bb08deddc4abc813540d206c3a07cc53b328b973484907ebeaa1cb7138d4ea61554bc2bd3703eefb8297e2a3d8d578d33e3c469bb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df0f2c4b9a1a4e05cb71ce04466003f7 |
| SHA1 | a4e913bbec92119c193ab08d9a7b130fb732a25e |
| SHA256 | 02bdcf33d9c60865bdd7a51ce37d2ada6e8e2ad8588f0af524ae31345dfd4401 |
| SHA512 | 2fef9b6437448bf25e477420cf2f44d8a94fce1a0302596d4165df46c5ac5e67f3b426ce67a91bf861c1efe1a421893c15b514347114a00c81083285b1d40ab3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ba2d10a539c24c956bf8fdd7c9181dd2 |
| SHA1 | 1a477a3d6ff160afbaccf02f2f9d80a7b90de1ea |
| SHA256 | 549a0203ce8bdba6396621140fd78f79492e5f55e35a15c8b28eb8092a77145b |
| SHA512 | 65dcddfd6bc8d96183a0173594e13fbb8af9b08841a5841b3111a40c975b10046aef7f208d5d4970558caf1c198c0736daed69e7772259f0665047ee69480ca7 |
C:\Users\Admin\Downloads\Gas.exe
| MD5 | e7af185503236e623705368a443a17d9 |
| SHA1 | 863084d6e7f3ed1ba6cc43f0746445b9ad218474 |
| SHA256 | da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a |
| SHA512 | 8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | f785f43e3293564019ebb6507960fb45 |
| SHA1 | 100e4100693e84097f1e441e0aeac030af0d6e6d |
| SHA256 | e3321c1359990e75f29b8676c449719fae1b545d89506cca3c280de1ed5b2736 |
| SHA512 | d4d30c850657f9e5fea15d3f81cdf816ae5908f7678a91eb571cf9d95443f18517bfb2c4bb78cbc19196e65a5a01df52b35ada444f5450d5222d05e8aa3f7021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | d989f35706c62ce4a5c561586c55566e |
| SHA1 | d32e7958e5765609bf08dcdefd0b2c2a8714ce34 |
| SHA256 | 375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716 |
| SHA512 | 84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e83f4c8b42a738e85fb8c7c29bb7e8a |
| SHA1 | 75173b23410e5dd02958f45fbb5bbdef66c0ffc6 |
| SHA256 | 2a3377c35c4f55ea4f59cd88673e9e2e706cd2d4a3b99a25620e16a489ff42f5 |
| SHA512 | bcaf19013d527419d3b65e1ad786e7c80f1e5a08ae610c6b9574703d46a2c4ea484c36c715f6e18a903432df0e94153d1d76a01c0df269609f9c67c6f8171595 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | be4576d86b310308718b014834f5831a |
| SHA1 | bfd90a0ee5feb66d0e50c906f2f955a4a24eb4ef |
| SHA256 | e3ab38217a28f40bfe948a218d9e5e77baaf44a19b0bfdb87c787162fef31dee |
| SHA512 | 80f27a36a560dccdd4aa4fa7101a2051a35c378de15b22e957937b8e1a55fb56595bca786598ddcc126fc7f3f13019c76475c5ed0f081f303c208139820c4f41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e90bc9d8312198b42c0ece2a8ad97dd9 |
| SHA1 | 78a559c2f62b2e8c1655921d14469c8d78c0055c |
| SHA256 | ccd47ae6d48840185c45a3fbd265b57f96e3258a33dadc47e9806128e3000188 |
| SHA512 | f83ac9206cc1e00abaaed6c0a11589f1541df11d5ec586c79973f8567dbd392f6446cbc5735b46cd6194f93afe4d0c4a4589ef49b01f0aa91092b226831518e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3584b2e85cc7856d376a9c04115b9a77 |
| SHA1 | 5e20692be09b582200658b547f874068a655d25e |
| SHA256 | f7e9bfc1e12cfc1f67e93e5da4f26ddc75f8ffa2351dc7ef7f4988affcfa7a27 |
| SHA512 | 9d0bbcfc3b4a7695867c291e67a017161011e266a530b971d1ca52ffa6eab55c1a2e8ff5f5354c39290da0b17d17f98bded53b381877bd9b9436c5fbb4e7d45d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03e0451bef06be7ac155eb4cea3f4b37 |
| SHA1 | e4c569002df6dc1dc9c133303d6a1b426e270f1a |
| SHA256 | e290bf97faa83db7e6454548aa78a673df991659eb216faefdf32878af876022 |
| SHA512 | 028ee86e8232242f6fa20ddfe9bbfd248aba0de98ff396592e95661797ef04d3ac0b2525e902efa0664e4fd9e801106cb0598ec84cb3b4dfb478c032e6bfe5d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | a7a2f6dbe4e14a9267f786d0d5e06097 |
| SHA1 | 5513aebb0bda58551acacbfc338d903316851a7b |
| SHA256 | dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc |
| SHA512 | aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5d98a9.TMP
| MD5 | b4417e6298ecf214e76ba5efea401eec |
| SHA1 | 5f3377fd94036195e399173dfb5ebca8006ac14b |
| SHA256 | afbf9b5ac42f23d3146145ac77834d08bdbefee288c4282d49a3f4ceff430745 |
| SHA512 | 03ee8ea0b1430da3868099112bc329ea5d9c74fe20d4db6713682f7c45c534b2f5a7f5c280acf7aca76b8fdff2d6dae42550896740842c9a9095550bcb2f605d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d5dac8f60afc1e1cad279bfb7ed2ba6 |
| SHA1 | 59750c428e25ba049a712cd58091d38654b7f606 |
| SHA256 | 5aecfa567c1252ac76e62214248a2e67f8520d5977ebe5b9209b981c365b207d |
| SHA512 | e9e823a444251d6879c29bdb399633951f2f37d9b786f0c34ebe7495c506ab8230906fbd849432266ebb93ada4f9cf1751c89eb283179086906d3ce8429fa25f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68900fb8660e94ea39947f4277d7da39 |
| SHA1 | af0e645743c639ed04d76228587c03ad14ca80f5 |
| SHA256 | c03ceff301a50bdd02ba611942eb973bfa43f0edd9b7c3312bf9a8351df97377 |
| SHA512 | 33888ebbdaf87bacf43d5589174fa9b5ef25e1a7f16db1dc33519b2c7ded17a2a3c7f0c21c1b646422e7c27fe53c121a587016c58174f7f1c25544c514d17f69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0b95ff02118f0c67a851b28156dd7bdb |
| SHA1 | 463a2f53a7b328da2b85c425fcdf15f260bc043a |
| SHA256 | 4b96da8dbd1a1e390457cc6960133899052c78dcbd2db120dcf96b83095260f8 |
| SHA512 | ba537f05c569e3c480c868274ed05b4b7524b594f77837aa7c7f1e7da32f8881e697905f53e04486467bef056e2892f138d9241ff873044c4bb1c9a5b073075a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 7626aade5004330bfb65f1e1f790df0c |
| SHA1 | 97dca3e04f19cfe55b010c13f10a81ffe8b8374b |
| SHA256 | cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e |
| SHA512 | f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 5ce7bdeeea547dc5e395554f1de0b179 |
| SHA1 | 3dba53fa4da7c828a468d17abc09b265b664078a |
| SHA256 | 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9 |
| SHA512 | 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d46ebdf6aedb42042bf2701a6795cd5 |
| SHA1 | 12ec385e7180cbe8535440bc70d9768dbdedce10 |
| SHA256 | fd7bf126cac1c1f38fa6480fcfb0b199dadb67ccaf1d2ed7bb79937d177816cc |
| SHA512 | 69a2dd92705a4bbf8e5a57f6447750d6b95d674e28fff842ef94f317141d28fe1e5fc5aa01b6e22c82ef53b7ba65aab5b6546f94fee4430c8d06c02e2a13f462 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b7a4f9993917d458b6504291120769b |
| SHA1 | f35021e98c72e5fa2456d3e0cc77dbd32fd3305a |
| SHA256 | b1b5ed7452c683798d1979d52046faf8b54c88a0f08cffc898663a03743a81dc |
| SHA512 | 7bc993a115537cd43e2d3e19fd8fc9ef725d65a80160588545a5714f6c71b2f784ea86a9c49cbde50174ce4e161fdb3b444f8e0fe1d84469270d58d261f8d6ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 0ed8278b11742681d994e5f5b44b8d3d |
| SHA1 | 28711624d01da8dbd0aa4aad8629d5b0f703441e |
| SHA256 | 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2 |
| SHA512 | d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 4ab2ee5fa59e4fcb7ec5f84be4acbb0c |
| SHA1 | 595a00c4d39407e7313dbcaad336ae8769624525 |
| SHA256 | 895d37c1eccd7e893f1efb94c0dea15df057e25e6bf5fcda56ed6dce77625156 |
| SHA512 | 4205a8e731c8ad2f92c6f4b731001f2d61121f957d4a86578d116582867830ec87c16e7371d19f861862f82af0b9b1a45847723e1afff73fca528d783f4d6826 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 226e5fa924a01b4f6632abc495c63d58 |
| SHA1 | 783f430336661d2e023c770b8b49de5435fb33f6 |
| SHA256 | a29d0ce1eed3ff81cc6a816495948e52e6f49c412c5bf40afd37e07b39ef0fff |
| SHA512 | 904e88e1d09cacc67745b9e670dc6f58d303adbfb3d813f3f98e5ab275e7dcef19552b459124a724438af092a9da44464800a26bcc49996fa26830613f8a7dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9bc0b87e42b3a52e3c3ab6a886db3499 |
| SHA1 | 9744cb3ff9b84f26b07cdc9411279244653a0752 |
| SHA256 | 8e5db6c662d29d6d6733b7015625b248ba434c306ee29d94595b2ec852e4a84a |
| SHA512 | d2acd216fea9470a2caedece0de322157f0564c93e9b7203740a3e2560319895b2fc864d941162035e75eff0c8b76c674971a6582cdcba167694a69a3af7e5a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e677fb45c2f8b20973c8642ce87cd0a9 |
| SHA1 | 909ecc5ac26c16fec0be4b5c058c6e41b7ed760c |
| SHA256 | 447d56c8f98ebeee890f83560321536af2744fee780383f88461144b25d6ddee |
| SHA512 | fac34fc770d7b3150f4d4c30ac5d01be6c5b3790960ad18a6e8849bbd264d7eab753dff086accef44fc52c8998bc7d2ef4696df05fe8f4fe0a353259c12a3b57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c89be49fcf6ce23b51acc1d188434cb5 |
| SHA1 | 709f68fcf28c2249e599d073e9fb7e90a2f41f81 |
| SHA256 | 3530e450c3460f64183143f735e9254708d6da8f526efd42cf10e2117ff3e3ab |
| SHA512 | b60ace8ac1d69a7ed2ec54dcdf50f05b6e9c82a2dbbcd96a8219c1c6486873fd2e7a41e2148266e8319517350fc1ccae247d64b723287ec8be8122b8872a2fcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be475884b80d8bb900b29fd260e80959 |
| SHA1 | b928e3f90c395ba1f14de9e00ce78d75acf0e227 |
| SHA256 | daddb01ae7e323b552d28ce157438fdf814d5b7d06c37ff2fd02ac78c9ea29e9 |
| SHA512 | 0b121328ce4be4d949161b39382e8a9772a1ef605d5ba9d1ff9241baa81d2bedcae6479fb2fa8497447dcaaf6f9346eea2926802fef2fe32f9bc07e216c13c67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0ad41e78a1c1c433a5b8c69c5d467392 |
| SHA1 | 6f0271769fb9fa576d452f6593eeaa9423588847 |
| SHA256 | e880483ed0989eef9f739eabdf3408a3419e6cfecd6346eb2ab0f5ed2e531f82 |
| SHA512 | b3e7ccc4338015cd1d6a24920ac5982a52a6ee3370d3154975f5a5e3c8562ab1abb1b774ddf7e8f5b62ae333d5a5a6bca913395c5d72b43cf96e1bf4ae794b09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a4ee6a911948ad0061e4a24067bd662 |
| SHA1 | 5f231532cf3795790596d70f275b7035c2e3fe0f |
| SHA256 | 393043ed102f8d7dfb4766e694ac419fec7fa590699f267dea9a796fa7e5c3e9 |
| SHA512 | 360fae42d6c9176c8a556436dc1917a2885df36aacfa98054af77fba88aafbde42a383a0ecf635c5c2c88569176b2a054c193d6de61f9eb86f4eb49a32e3edd5 |
C:\Users\Admin\Downloads\Illerka.C.exe:Zone.Identifier
| MD5 | fd252ee744fcdb22ff89bfc6ec70cf64 |
| SHA1 | 336a5151837a6d34973d10abc440ab66849e2281 |
| SHA256 | 9518fe7f3912fab34d29682f1a4743018b78cde4c71d5fc234c035d6717c8c9e |
| SHA512 | ca97b12bc0c23b83232030853a408b9be4a9192f33e24cc39d1774299167d4dce87c2770b61f272e3712bf1d3c5daf0e6367bbb015f0e926dbddcf5116234d9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e678c484eecc7c7f3a86c543e6a8802 |
| SHA1 | 86e75b145ec21cb70b2a41a10ddb8cb84a6049a9 |
| SHA256 | d6e6e1a95c390374cf82ff3041ba4b1f45f321fd0b8d06aeff1267475514a324 |
| SHA512 | 7ca791af6fc59082b607940cd7eadf109d03bdbaa04b1fe767aaf7d41366f467dd07988e579a48dd444f502547a9f3bdc5e731d901e68b7755d59c8e985decc0 |
C:\Users\Admin\Downloads\Illerka.C.exe
| MD5 | c718a1cbf0e13674714c66694be02421 |
| SHA1 | 001d5370d3a7ee48db6caaecb1c213b5dfdf8e65 |
| SHA256 | cde188d6c4d6e64d6abfdea1e113314f9cdf9417bca36eb7201e6b766e5f5a7f |
| SHA512 | ba0ddff47b618740dfcb63024435c36d895889dd3cf6b4559969283ba8100e8063f5c7767e56dfab67a2b5c96e4ae22e141e5b09e81be5cec9aa7ca7827b4b8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f906ec848d7c712399cecef89bedbf6 |
| SHA1 | c57381a57e396be3abae6add932df54ad1f7f142 |
| SHA256 | ad61f8775ff146de2c505a34642009386e1d8ebadde1bf8fee121c4655d3c7f4 |
| SHA512 | d0245dcff61871388309a2e33017b2de707fa632ea3c6018e1c2b1b170e341d2c493785d851f879d90d1e054b723fe764598c7cce1cbcd272a6334ac96f17ef7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c71862644831a89479a272a83cf1fa75 |
| SHA1 | a5085f2949c79ead4a77712584417bad0dcdbcc4 |
| SHA256 | 87fda4db5b6c39ce354eca79d379c0a648bf9a068a0c5b89ed2c27dbb0df2572 |
| SHA512 | 990875428683200cdc10b2bc5b0d9bd73439e6751bd554226fc43cce62ed357b0a416a05e7282bb1a1524395dbd7bdba5f0215f965a1775d787d534541650bf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90d73eaad371108995d3f4fc56d29ce3 |
| SHA1 | 0cf8596eea210b76a42091339d8b4a9648040224 |
| SHA256 | d9cd1274c6e1d3ac9df9953c22b6b9e218992aa5408c107012c5976eb57422c4 |
| SHA512 | 8631e2bd8535fda1493ebb689f39f496c9ea6b5b5ade4a6f1a5ecbbe8f24ded17305e93d2edcc796de5a9b8a65a81ddc3f98aaa76b2d5154babea5170eb50703 |
C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier
| MD5 | c17503dbe48b304327eeeca339397a2c |
| SHA1 | 0f7a00cfbb8a2b4156316df1b42bc6063121406a |
| SHA256 | 11ed6ddf64497ea702eb56f4774dec5c63bd49546b0302440a50e3f7efba5451 |
| SHA512 | 1f8a181ee2c10648aa410ca1b5ebdd230d0d986a41766ccde93a4f90a287860951df8dd9004c77f1e7f6393e6a8ea961d37e2b26810b5052c4d0f0f0450d3b88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a3cba0a71454a6226d1da301bbd2d6c |
| SHA1 | 826d02424c71dab06329a2a24edefccfa87b2365 |
| SHA256 | d1654bb316433f8896d6f36c57ab75dc2c988044f1ac736d68eeada58ba7df72 |
| SHA512 | cea4dce72fa54dd648f3e6cd728eaa21a18197a188c94af0577819a2ab01ff281ab4bc7419b1b9667d2b0cc3c245e53d1f73f97736ad636b854bb1c246a9437f |
C:\Users\Admin\Downloads\PCToaster.exe
| MD5 | 04251a49a240dbf60975ac262fc6aeb7 |
| SHA1 | e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0 |
| SHA256 | 85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3 |
| SHA512 | 3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2 |
memory/5168-1803-0x0000000000400000-0x000000000046E000-memory.dmp
memory/5320-1824-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
memory/5320-1828-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b41d684ebc8fb502030b185073a44db |
| SHA1 | dafd70a2cd7caa54fd48a54b4bab331f81556f4a |
| SHA256 | 85063d859cc45c106cf08339fe28b18395e52755aa1d034249b2b810b78182c9 |
| SHA512 | b68e40d56b12cb45cab1e3b2cada3ab15208430169d49905d9abc70df4f7cf422249441b2c4bcfca4ea329d971f21275657c5764b85af0fe1ab5871ac802f95d |
memory/5320-1843-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
memory/5320-1851-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
memory/5320-1888-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
memory/5008-1889-0x0000000000400000-0x000000000046E000-memory.dmp
memory/1072-1907-0x000001A2A5730000-0x000001A2A5731000-memory.dmp
memory/1072-1911-0x000001A2A5730000-0x000001A2A5731000-memory.dmp
memory/1072-1914-0x000001A2A5730000-0x000001A2A5731000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d0d416f9ef76aa6adbcbe47d4bc4a08 |
| SHA1 | 3ddd118528e67b278c4a24e2413b1665c6fdc786 |
| SHA256 | cbaf87ae73e57b1f82a962bc151fa539cf4e8b7588f9bb82d90832421c9a2486 |
| SHA512 | a1e05aa23d9a25848406b14dd9cfd07c00346c80e1e27006ef48b469c304e1b221893803df8a2b0f3e29045cc16b6efb2a57fc5060d7d161fb83ad2832d1c187 |
memory/1072-1924-0x000001A2A5730000-0x000001A2A5731000-memory.dmp
memory/1588-1940-0x0000000000D50000-0x0000000000D5E000-memory.dmp
memory/5320-1943-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 575f5fb6556462b28f7f9eb11f05b244 |
| SHA1 | 8fe5bc22c1e12289dff216ca9667dc702a366121 |
| SHA256 | c0bb09b62bad23fdbe2c9249d270f3fbce40589a381efc514bbe1338e2fae8dc |
| SHA512 | e2816cca0a1e7f5ec8286c90a814fb73acf6ec8fd1bc48cd4685ef2c0e32dcac4de8360a8023a103ec97296b721a6cf1c7bd4147356204855381949bb702d86d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 21113da1946dc5590d1a2b9b76395793 |
| SHA1 | 5a521bbd6b6626ff82ca743056aac33cdfbb97e4 |
| SHA256 | c00ce4824395da0405fb7ea33c52d44d3526aa826bcadb4c9681bc2def7f116b |
| SHA512 | 19e4f27d05ccb68c8fb3c5f106826296ebd8513defd578e2059ed59fe59eecde9ba42825fe0ffb15e5980d5856416b2f95482bf64e52c0cd635c9cafa5669001 |
memory/5320-1964-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp
memory/1072-1965-0x000001A2A5730000-0x000001A2A5731000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 919497.crdownload
| MD5 | ef7b3c31bc127e64627edd8b89b2ae54 |
| SHA1 | 310d606ec2f130013cc9d2f38a9cc13a2a34794a |
| SHA256 | 8b04fda4bee1806587657da6c6147d3e949aa7d11be1eefb8cd6ef0dba76d387 |
| SHA512 | a11eadf40024faeb2cc111b8feee1b855701b3b3f3c828d2da0ae93880897c70c15a0ee3aeb91874e5829b1100e0abafec020e0bf1e82f2b8235e9cc3d289be5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bd32c84a-78cb-476d-8c2c-20c5b6c60b09.tmp
| MD5 | 0081cb76ae42bcb133dbd687409e452a |
| SHA1 | 8c3116d425c8bee06a9ddffa8e413b7c622a6386 |
| SHA256 | 321d00b9b3aef27c58627f80b739fd7dacefc48595af18ef0e7ecad19024c69f |
| SHA512 | 9d7834cc61cd523740575a8ecf4e7495456520dfb5fc3ace5792f15f92b372e7bb166fe0fad08cec51482a685562c0e28a4ee4cbb27de6f6d6fe2d4ac4a0d3c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d509bff5236f0753d462049fcfcbc23 |
| SHA1 | 48310505e92752e48e213ddd5df2c56b0ae60d08 |
| SHA256 | 964407898d1c82b6c6b24f70f282626a6f840f11a3f22f0de3766cc0e2e36be6 |
| SHA512 | b94c7b44c5f32137a6d1679c0ce4fa1e4bb0d8276f9551919562341e10b5ce5803f15bf8af9935ab95ecd12ec280d40b3c794ab2a3981a926bee1bf03bcb7663 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 214f1f36db4c8ed75ecbfdfd030bf145 |
| SHA1 | e38cd21d31e72f5ced2bdbb025324de16967198c |
| SHA256 | 365557285269c1258913e48d85d586d47e40367b459facfa57d45e0cba145055 |
| SHA512 | a4ca859fd1ebabed1284407094d666cf95d670ffc39b7e66f0729a96dc229458c1b4854b0dc2cda1981b4d4372c424e6c8da99595281e6bd018da3b45bbffcbe |
memory/5628-2012-0x00000000000C0000-0x00000000006FD000-memory.dmp
memory/5628-2100-0x00000000000C0000-0x00000000006FD000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 09:35
Reported
2024-05-22 10:06
Platform
win10v2004-20240508-en
Max time kernel
1379s
Max time network
1167s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-22 09:35
Reported
2024-05-22 10:06
Platform
win11-20240426-en
Max time kernel
1480s
Max time network
1504s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |