Analysis Overview
Threat Level: Known bad
The file https://bazaar.abuse.ch/browse/tag/RAT/ was found to be: Known bad.
Malicious Activity Summary
NanoCore
WarzoneRat, AveMaria
njRAT/Bladabindi
AsyncRat
Warzone RAT payload
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
.NET Reactor proctector
Checks computer location settings
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
Adds Run key to start application
Looks up external IP address via web service
Checks installed software on the system
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Program Files directory
Enumerates physical storage devices
Delays execution with timeout.exe
Checks processor information in registry
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-24 19:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-24 19:10
Reported
2024-05-24 19:27
Platform
win10v2004-20240426-en
Max time kernel
975s
Max time network
976s
Command Line
Signatures
AsyncRat
NanoCore
WarzoneRat, AveMaria
njRAT/Bladabindi
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Wndfnder.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO83763182\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\7-Zip\7zFM.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start | C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\mefy4myance76j6t.exe | C:\Windows\system32\taskmgr.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\programs.bat.cashransomware | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat | C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mEfY4MyaNCE76J6t.exe | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mEfY4MyaNCE76J6t.exe | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini.cashransomware | C:\Windows\system32\taskmgr.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DOS Host = "C:\\Program Files (x86)\\DOS Host\\doshost.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Images = "C:\\Users\\Admin\\Documents\\images.exe" | C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | icanhazip.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cash.img" | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 552 set thread context of 2812 | N/A | C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe | C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe |
| PID 212 set thread context of 5068 | N/A | C:\Users\Admin\AppData\Roaming\Wndfnder.exe | C:\Users\Admin\AppData\Roaming\Wndfnder.exe |
| PID 2860 set thread context of 3756 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO83763182\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\System\ado\msado20.tlb.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\msdaprsr.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\wab32res.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\adcjavas.inc.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\msdarem.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.CashRansomware | C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610514565840552" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{7B33A5FF-2934-4563-B36F-FA58360B64EE} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Documents\Documents:ApplicationData | C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOCD3FE89B\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/browse/tag/RAT/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2c9ab58,0x7ffff2c9ab68,0x7ffff2c9ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3596 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3276 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3592 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2440 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4952 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4968 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5432 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5308 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5224 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5380 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5748 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5520 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5784 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6036 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5900 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5180 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5788 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5668 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=980 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4140 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3276 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4180 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\373f4c3552974f30b48d2d9322097ffb /t 3700 /p 3016
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6048 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6100 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5640 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4360 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4388 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1164 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3268 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2405-x64.exe
"C:\Users\Admin\Downloads\7z2405-x64.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.zip"
C:\Users\Admin\AppData\Local\Temp\7zOCD3FE89B\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe
"C:\Users\Admin\AppData\Local\Temp\7zOCD3FE89B\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe"
C:\Users\Admin\Desktop\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe
"C:\Users\Admin\Desktop\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.zip"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3e9687b3b0f148d5a5d83d7ffd92257e /t 1624 /p 4896
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.zip"
C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe
"C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe"
C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe
"C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe"
C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe
"C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe"
C:\Users\Admin\Desktop\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe
"C:\Users\Admin\Desktop\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\GGyIJkQ.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GGyIJkQ" /XML "C:\Users\Admin\AppData\Local\Temp\tmp73FA.tmp"
C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe
"C:\Users\Admin\Desktop\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Wndfnder" /tr '"C:\Users\Admin\AppData\Roaming\Wndfnder.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp860B.tmp.bat""
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Wndfnder" /tr '"C:\Users\Admin\AppData\Roaming\Wndfnder.exe"'
C:\Users\Admin\AppData\Roaming\Wndfnder.exe
"C:\Users\Admin\AppData\Roaming\Wndfnder.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\GGyIJkQ.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GGyIJkQ" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC5A4.tmp"
C:\Users\Admin\AppData\Roaming\Wndfnder.exe
"C:\Users\Admin\AppData\Roaming\Wndfnder.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.zip"
C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Users\Admin\Documents\images.exe
"C:\Users\Admin\Documents\images.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\Documents\images.exe
"C:\Users\Admin\Documents\images.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\Documents\images.exe
"C:\Users\Admin\Documents\images.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\Documents\images.exe
"C:\Users\Admin\Documents\images.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.zip"
C:\Users\Admin\AppData\Local\Temp\7zO83763182\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO83763182\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\7zO83763182\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\BGhfFrEN.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BGhfFrEN" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2C45.tmp"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "DOS Host" /xml "C:\Users\Admin\AppData\Local\Temp\tmp2F62.tmp"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "DOS Host Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp3280.tmp"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.zip"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1904,i,13617832614650576385,9195142126771472595,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.zip"
C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe
"C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe"
C:\Users\Admin\AppData\Local\Temp\7zOCDF11905\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe
"C:\Users\Admin\AppData\Local\Temp\7zOCDF11905\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffef9546f8,0x7fffef954708,0x7fffef954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2004,4913692420167926689,14920406080551163670,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6404 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dasmalwerk.eu | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | das-malwerk.herokuapp.com | udp |
| IE | 54.228.42.199:443 | das-malwerk.herokuapp.com | tcp |
| IE | 54.228.42.199:443 | das-malwerk.herokuapp.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 199.42.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dasmalwerk.eu | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 172.217.169.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.67:443 | id.google.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | seznam.zapto.org | udp |
| GB | 45.76.129.156:5050 | seznam.zapto.org | tcp |
| US | 8.8.8.8:53 | 156.129.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c7.gcp.gvt2.com | udp |
| IN | 34.131.78.121:443 | e2c7.gcp.gvt2.com | tcp |
| IN | 34.131.78.121:443 | e2c7.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 121.78.131.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 198.55.115.39:6606 | tcp | |
| US | 8.8.8.8:53 | 39.115.55.198.in-addr.arpa | udp |
| US | 198.55.115.39:6606 | tcp | |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| PL | 185.241.208.23:5200 | tcp | |
| US | 8.8.8.8:53 | december2nd.ddns.net | udp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| PL | 185.241.208.23:5200 | tcp | |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| PL | 185.241.208.23:5200 | tcp | |
| US | 8.8.8.8:53 | december2n.duckdns.org | udp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 8.8.8.8:53 | 26.69.169.192.in-addr.arpa | udp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 8.8.8.8:53 | december2nd.ddns.net | udp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| PL | 185.241.208.23:5200 | tcp | |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| PL | 185.241.208.23:5200 | tcp | |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| US | 8.8.8.8:53 | worldtimeapi.org | udp |
| US | 213.188.196.246:443 | worldtimeapi.org | tcp |
| US | 8.8.8.8:53 | 246.196.188.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | december2n.duckdns.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| PL | 185.241.208.23:5200 | tcp | |
| US | 8.8.8.8:53 | worldtimeapi.org | udp |
| US | 213.188.196.246:443 | worldtimeapi.org | tcp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 241.185.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.qrserver.com | udp |
| FI | 95.216.163.127:443 | api.qrserver.com | tcp |
| US | 8.8.8.8:53 | december2nd.ddns.net | udp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| US | 8.8.8.8:53 | 127.163.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| FR | 162.19.58.160:443 | i.ibb.co | tcp |
| FR | 162.19.58.160:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.58.19.162.in-addr.arpa | udp |
| PL | 185.241.208.23:5200 | tcp | |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| NL | 94.156.66.77:65024 | december2nd.ddns.net | tcp |
| PL | 185.241.208.23:5200 | tcp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | december2n.duckdns.org | udp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 54.174.144.10:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.144.174.54.in-addr.arpa | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| FR | 18.164.52.69:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-api.malwarebytes.com | udp |
| US | 18.245.199.6:443 | www-api.malwarebytes.com | tcp |
| US | 18.245.199.6:443 | www-api.malwarebytes.com | tcp |
| US | 18.245.199.6:443 | www-api.malwarebytes.com | tcp |
| US | 18.245.199.6:443 | www-api.malwarebytes.com | tcp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 192.169.69.26:65024 | december2n.duckdns.org | tcp |
Files
\??\pipe\crashpad_1468_PVMBDJYTATMRMWRG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 37ae2414e747e6115b7b696dee37e34f |
| SHA1 | efe9f9072b184e45b1d0ecd5a32ebf4228626c8b |
| SHA256 | b2c1654a1de7258745498e36a4170886a0f6d223760a42723a063ca069a32e6e |
| SHA512 | 01867471ad63a53366aeaeac9018e8cec6d1d09bbc4be61b2806d556864a138b43dc6aeaf0ac8be754d663351c20e98762935441bccefd624cde2055e3858e07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 199be20672b81314d28d0556d7e946f3 |
| SHA1 | f13c69e2c7b31e906e989eb9840c1843868165cf |
| SHA256 | d25570008a750a933a2f12531968b6a3cfef18c17be44f67d5a622504703dc8b |
| SHA512 | d9f4e95cafe5fdd61ee6f65405f7a6804a2d8cdebd765b286cf170e1e7b8597579a477342de7fd046014de77c9aa1a73dcbec73e5514ee9b0838dd7ff41d478f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 089f6708b52e63e228b7101a44863098 |
| SHA1 | 744aba7bd1efbf843ea6927503f48e85d5de2877 |
| SHA256 | 9287d49d146469ba6909d86a70ca4358160f94bf87daebc34852b8dd0c706ecd |
| SHA512 | f126c8757d78a7f415a6d8c88d41d00d05b30d28dd86cf92c5c661298cc06d41387095287a0987245daf0b302436782ec5370a5a3fd07fef207224e40dcc7912 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b5a0f9a00745f2eba0cb213e48fbc795 |
| SHA1 | dee8fca474c7d901f29f6e9e3ec83d8c825206ed |
| SHA256 | 6f86c1cf51b45d78a6951ab4ace67cde39605d3ccbd91d393a3332a59007cd4d |
| SHA512 | 2faa4b7223a7923f95d1edafecfc5ff7ab86ce8873ca85a0e8652759ae267ddafbe47748a324740d41596cffae5cd5f304667254371214dadb54f5529445233d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8001860a14007760b7ba4ebf92e81990 |
| SHA1 | ff67d3867595a53081c09208f2d01a33515b8b14 |
| SHA256 | a5b8c17330f86306675d69f752052832587e17ce8f94183beee393c5ad3214e5 |
| SHA512 | 9bc37c7cd2cda4a1fbe640fa64ee692f08e046c32f816a53b07ebc09be8adee9466cab0270255b15945cc2243d4a31f94e1909604ddfd9a1a0aa45fc8a9d2f37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54bfa8753f2cee706135586e10c98170 |
| SHA1 | a8075d2a276bfd374120da0796f636d17a479cda |
| SHA256 | 30b87b0539aa9ddf4b66693d57724ccd52329fa06bdd6b7e6ea6f96562df84f1 |
| SHA512 | 6faf6887dce3975f9bdc61ba20cf09cab5b92aa5c07ce7e7ed800c0407baae3a6ab8026ebbde9df99bee43920a4e96deec77a6ec51cd37a73536f742fe2a3d68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba56b63dfa531ca9417e46c33e707748 |
| SHA1 | c454bc52646236a85a4774817a96afbf5ecf8131 |
| SHA256 | adc1aa35fc7b424a29315b65a755a6ca715991bebbb10681cf3ba9222d89c6a4 |
| SHA512 | 6593e082ea145862811dc512556d0ca695116e0ee42594bcbee54227566c5342636466a9288fd0e68a3d69d23ab10bbeba414398ac6d3c848fc867bf6f766a5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 01f90383fd1e3fde8bb5e140fcf01a67 |
| SHA1 | 9a435f590afd598cda5f90abb65874751c2249cd |
| SHA256 | 9ecd0701f5865d525a2c9dfc3d66e06558687cb7cb4ac72ccd1c6cf55f270f1b |
| SHA512 | 9ba9c8a9202eb265b477b6efbd2e503d14b5bcac0c347f8e39b2fab5f8d05b1fad523988f50cf90d9de5c9bd5d3494d34e3715cf09401e2a0dbf759032a143cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 793c29acba3286be65c5ca02b0a7f375 |
| SHA1 | be4dbcda0bcc68546d26ddae61162f4b9ded586c |
| SHA256 | f9451c0af4f954be81fea76a8b5812940c962c666a64fb3176c3c962026db3f7 |
| SHA512 | 7655e4f48b49573495531c039c5d4f6cdbcb7882ba582a68c32c2ee9e9f6572b0792b35cd64a7e41bdb2f4b15bace16cc1123a24318d58802563beea78fb345e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 3b5537dce96f57098998e410b0202920 |
| SHA1 | 7732b57e4e3bbc122d63f67078efa7cf5f975448 |
| SHA256 | a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88 |
| SHA512 | c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 73416e76ca9ed3a3c5141a41e994cfe1 |
| SHA1 | 8acf08e2f5458d4966da342ac355a327fbfa65a7 |
| SHA256 | fb7380d203b615d6662ea1246f0284b4dc5883c7cddf8c3adde8cec8230f0db4 |
| SHA512 | cf40b3ffb8c4b8561994367b2558f12a6e9e988e4510b69b797001f196905a6a8e1e3c000ac74f822fac12c81eb97e0d9e10cb59648ff8324ae3f6e2df98e088 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 33fbea052d9232d9678bebce166e77f1 |
| SHA1 | 6f61e2e1ed2078f3025f7b39b6dfc1b5baf3bd13 |
| SHA256 | 3324743f3404856eead58a8584a8649bf4996b3e56108f02ac191d9273ce0b25 |
| SHA512 | 5c34313eba35e4160bce2b526042ab05a0fac54a85f4a927c1adaf54d32491d4fd373f4cdfd131d15984c20ee48024c1f9a930de9d5d677abcd8ddb59e8690de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e42f4371c8c7543e15f70f14a60a2c8 |
| SHA1 | fc71e379dfeb2ba209aad26d26df6aa8e6d64fe6 |
| SHA256 | 11378b7e21ecf9bbe06ff5cd21df29d619955f33c280e72cde1b9ffca9234a1d |
| SHA512 | ee32550e2fb3971fcb420d3c1643aef42518d8de6495d49130121a9ff88edc1492f54da53316cd595af923dd7efac393140b46f3703615251e81e1407fc41d5e |
C:\Users\Admin\Downloads\ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066.zip
| MD5 | 2459a0504eb400297d020101fa47e418 |
| SHA1 | 9f4ed3ac7d5876b9a9b01012fcec95107e80ff33 |
| SHA256 | ad506983681bf7dc1ae405d382ff8eb3767098c8ca02f023d672b97d4558ea23 |
| SHA512 | d24e12fe54f88e5056959ce95de05cd9edde37714d9a08758764768348e615d7c7f41143a9e6f10edda740c43833712a34676ad88638c14c194ac494ea58d315 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce2bc52fde775eec87d00e7eb239c3ca |
| SHA1 | ee45269b3e87c3eb1c4b23dfa33fabd51bce8839 |
| SHA256 | 09cc17c12b2f8eadbb5a03d7b7081f5e130f1661cf06772820c8401a9f9f3306 |
| SHA512 | c0c286f5fbf6f85767c2031616161a3df2866c079cdf2a34a2064b7df7ed3c127ef1ce1df886bc1b62828ffc8df52715e16576656aa07baec6a6c4f48253c76a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aad3fe17d8b2562be63a7e3879845d6c |
| SHA1 | fcf9aceeaedb71bf15d16d92bb4056e107625ecb |
| SHA256 | 754a9f6d1f0400f66c570e559c2fd6799ef434cc287965a40beb10a3fe38d373 |
| SHA512 | 3543ee807a92778bfa440f4af0543e4d5b3b45d653861f5faa239cda7c2b56a20e046b747b4b86b999d117e5f4d129ade67b1da8a02a366373182876a523ac89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a25e9d56d448f34951b87c3ebc3beca7 |
| SHA1 | 59e7d6838487cd9c37a838867df123e5b83c908d |
| SHA256 | b30fdb4b7b3f830eae4e6fec8bc16e039a3af60b1d304969e39030ac8f0c9552 |
| SHA512 | a0a8b823057674e942f40aa5080b230b1d9c11cf66eb5cd68ffa6b52dec93a2160d2a1ad76ef9493d5542d96481b570429e14688f2f2b9a7c80fb7993f233755 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58eea1.TMP
| MD5 | bcb38c305dac465a64591b22c3fa084b |
| SHA1 | 4c456636d072d5500a581c12a825c62ada878cc7 |
| SHA256 | bb1b074f2cdfbbeb423cbb2fbccc068c0adadf7847f7889ee8c2bcf9035157e5 |
| SHA512 | 6bb38dd86a05979dfa97a7445559db969329612544a9301acf597a8e9257b123dc35125fb615c217162921c18e938f7433231a6cd29c06fbbca8144f4951035b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 81043f7b3f5e2ebf977a019077d2279f |
| SHA1 | 3d41f95edb718775eaf9e754133866b791d6476f |
| SHA256 | 57d38a222863fbbcc170179f2b8c4926b58d77d4461caf759d668ed28fe5b774 |
| SHA512 | bc7de3b8254bd79ef0faa0831014893317109678c2555a490d588283641a7320aa2f3a87ebec2a6935f0c293e89e11510ebc81c07e3fa625412afeffe2d53792 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45d52deb76575d33598f87822bca86c0 |
| SHA1 | 40f0be4e596a527dda8d9f3baba678db9f8346e0 |
| SHA256 | f05e7e322cd4239036c6008168d0abc62fe3f8579ae723d0884fa752a3a2385f |
| SHA512 | 87674a273c8e878dc6e7bdcb79c1acbba0b89554180565875f75298d57e7dee62315b2217dcc3422b7c78399fd0f310a49ba319e8108b0dd79079aeaf931f1d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 970ff856caf681bdceb63b9c61409ec9 |
| SHA1 | 01031fd3bd3a576e9deffac76e2736b21fc7a9e0 |
| SHA256 | d59985c8a50b4cefea9850afc9b20ca73ee25b43469c24381fbf3e776b7fcd44 |
| SHA512 | cb7ded5e492b060bd454ae39070a570e8412a35a041654cce1f56ae341bde1bb0fad50e863fa5f7d7834aa5a820b7ecbd86f795593806b26d0b341288dbce780 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c693a6f43b829933e62f621d34a9cdab |
| SHA1 | e6f66c7e153d6c324a32dcf213e6e28422b8f9bb |
| SHA256 | 8456b9fe7a551c22800e0d66944056cb7ff17c9806add33ae7f1984bb7cd28ce |
| SHA512 | 8040f4b2f3ed7eebabb8d83ba66fa0d410084fce25b27b6fe2ebab6bf3adc13f52720eccbbaa7440a1ae38142ac5045dd8a7a0edd68564b7dba45fcbefd4a1d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e98430605882c28af1655bd406eccca |
| SHA1 | 06338dcd028c4f22059b89c22b0cb93a6664f74c |
| SHA256 | 2ce0c06330d25b737fcccacade1941f4baf44bb6d85f6903cd8036cec309a7d8 |
| SHA512 | c2f5de3fde79af0b13fe3bf20bcb38f93a8a1f0ad406655d6d4438d1e4bb942d6d9c0bd457fa19a4ff7109a7436365d1d4b3ce26c7c76cba766d7e150f793f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 511bdf88ea7248c2ffd9886911be84f2 |
| SHA1 | f7d0c39d7453e43d0a78d1b87a19fe4a1b993f51 |
| SHA256 | b266965b3ccca215558fc512b633e62ffc950972f58601f56fd6e2d09066db2b |
| SHA512 | ad0170e0786fc04c20f3a0d7bd05a538b2de777f40dec0d9a3b986d518fe3e53317a46eb504bbd1270af841e39b9fb1ebabd8f6d1cf8b6d3dcae93291296c89e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71fc2552360432eca7202481d19dca98 |
| SHA1 | b341fe4de67006a6500826ecf478adb492699c03 |
| SHA256 | 6ca19d85ecd82c22176fd863fe31b29f1f073bf3abf331289390e3ad6ad02c1f |
| SHA512 | 92849e23c94fc50d0f9d47a91066a506fd3152a5b84583564a446e019d4596e17487f38f66e9faa01af4254a098f158da5c507c457b4ca2f5a2e1229190df7f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4213c37ddc41962441b3919050d2b1a |
| SHA1 | d7911355dcd34bc047d25f4d9c8387d7ef7425ad |
| SHA256 | 502efda2885a5b54225682c59e3ce56ccf8ffc5f8e0ceaee22cb5462d3b661da |
| SHA512 | 2f052cc193ed17ba6ef2a1770ba3b943de081b74ff3967f6402a1c4afaedf8325f5d0bbaa927748ab1f77dd87fede1b8a52be5c16cce5d096eb32e6022474c7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d7a25153f00587596347fa95e0b4645e |
| SHA1 | a25171c820d40e5052b3804d69e5515fdfafad4a |
| SHA256 | 368944bd05893946d2576f95c742eb45cf9881364a9002a03fa6fcdc07cdcacf |
| SHA512 | 7c9abefea851ede9c033b9848e2f8130575d9617822bf0591bcfa22ed67871f7f037c8bbfecd2fe6df13963f2ab3061fde2b748ee17b0f55b1ced975ff3e079d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41a4ebffd069515d_0
| MD5 | 9c11271720e62f113c1d5157f0ceec39 |
| SHA1 | b85b32f05471a8779464dab1c2beebcc03011645 |
| SHA256 | e2956b3097fb902af04c1867f34830fb6229e831184037604e98ab59dd90ef6a |
| SHA512 | 86a0b07e19500861ae784589e99dd32c8fd212337de93ab27965056a1f539adb70e7e9966c787f27c495e1f5be74597df006c1f95e9a7817db0d45e4b24ce7ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\63b24fb5cdcb3692_0
| MD5 | da9dcd345676fab28929f2a48f01e612 |
| SHA1 | da71a2d54bf678bfdbb2bc2b3422dc4a859def36 |
| SHA256 | 793905b1576e795148371e616999c6aa6063673b2f8970dbd2b4da8b638917dd |
| SHA512 | b9b5c09bff2fe5f81cee7fc9a035d7669e1be801089a38014e176833b1723b8680d6e9253f8fb80ef8fe71e46ca14d8da8ecd86ed9b7fc47f4c19b97ce62fb2b |
C:\Users\Admin\Downloads\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.zip
| MD5 | 4985da88a10cfdde861540f5e9f1fa00 |
| SHA1 | 9203de215d8c4e8e2fdc03e69811880ba21e180f |
| SHA256 | 04357a3614ad9794bbbf77bb6d6b2f37727c487ec77518e8d7b0cd080d0c6d72 |
| SHA512 | 93492540aa392294f30a97e9ce2034ea327dd86326544ce29e478cf6854619acd8312b9a9c9e64363925d0e812113671a397cfdb6ea51e0a08615457b56c20e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8ac28e12a2f31e85c599e7b3dd24a872 |
| SHA1 | 8f4e52e19be5748ca10e2b2e849643b775636051 |
| SHA256 | c6ecf84e34d62b2fbabdaa097556b6bb6ce0513f32028dc5eb54e02845bfc5af |
| SHA512 | 583f5e1549fb86c18fd56ee4080525c996f182187541de43aff3afc638623b19fc779cb611db0d1ce3f50490df983b37efc015f0d2b3cc4a9addb6987f16ba6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 954d51a4e3310e08648d3bdfb860f049 |
| SHA1 | 03c435b0fd6ec1e88fd259876ef3ce752771bb57 |
| SHA256 | 1b25bda8fdc849174cf2889dd3cc614e50baf23340d1455bba8f35c993e40580 |
| SHA512 | 2c7abd8989ffea9ce29bb36e293fa8d2dd200ae4bdab866360e8c3073203ba828fffbebd986d84c78b2daaeff8d38eb845c9bd0511700edef50043bc91e40b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0f90c36a16015a79912540d594e65951 |
| SHA1 | 63fc6b483e29e47354dd3672378cb21fd29a9621 |
| SHA256 | a6db5b0bffce7a34db8d2a41894751471d6eea1a0ea50c74df82b64dacd4f5cd |
| SHA512 | c42d7026fcd74f07a1fb2bb055403906fdd1ba04c0afe231c89fccc533a2651e293ef998966f77cb6fcc7c62d4e30551bf4e01c09a39dea4423dea8fa446c649 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2fa800ac1962be72858016604143bd6 |
| SHA1 | 066ca5786efcdb3f86f158344114f8bc35ed98f8 |
| SHA256 | c01ebb65b7b1182b421066d17272d85c2ce3177c6420e134f9c343cc4104f252 |
| SHA512 | 253e38033f3e27f4b7dc06a18044226f5dcd88bec09d8018a86ff41d3d9b675dd88ecd2b0f383a40a7f5df1d4005fd16d9f68c149f84054f8c46245ad7134433 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 889496e51d0859073cba10160db03b7c |
| SHA1 | c74637b5f653257febc7a417e8967ad2513c75a3 |
| SHA256 | 9e21488ef495a2647c0c25dda5823a5c8e577d1a43b20784ec75384e223f42ef |
| SHA512 | f883d676e3189d6a7fbbad622e13c5e6eddd4e4756dc75fd0f06d46fcce3b700699d7f1dca42c2051883abb89f8eb20d7a7d2f92a583fde61d94a432109243ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bb90464a86af126b615dd970a188e1bf |
| SHA1 | 5ecd766ba33a7e5a3aaf2ce5719037afdfa08c28 |
| SHA256 | 962bc7e443d02ea59de4ba8d68ed8eab3202935d513db51c2156a97ac417af85 |
| SHA512 | da2a9131259adc0e20509408b884a774fad9efe151e1c0aa62bd561ad930336032a49636215dbf8c26276a38ba134ad08d1123beda436194cde4a02560060386 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9f5889efe1bd3a13880f6340ebc9d538 |
| SHA1 | fe641a49161309ae67e62add1d04079fa473af2e |
| SHA256 | 4ff3f8ebe676fef32a1820add4d9e0749a724577976d3f67560f1b513663ce0f |
| SHA512 | 2f3497bbbb58f22723b876040be5c1b881d267de32cb074dc4f9862b1fd488af04f0ad0035050247b1ac546ac106e14f98e7ad76a05a83883262fbecccb4d80c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a25e45ecb0abdf6c12a585bcb86e9e4d |
| SHA1 | 405d2ab7ee99d7719d93968c88af4e2fb99cb28e |
| SHA256 | ddd8a83df8e33dd35669c699ddb38f575428d022d416237a3592d9e8e57fd061 |
| SHA512 | d801ca6d8fd339a9beb36f777133a4eb839d65fab7636d8e61111bef3df133ade02c35a28b0d7c87d26e7c1cb785f1909307c43c27f0dfad370dcb12e01cba4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e911a8aef152a285ad5315debada8a5a |
| SHA1 | a6e07de6131766a3e06595681ececc7c677e470c |
| SHA256 | 88c9c40e6b3f955859f77282f31ada82c42d47a3596ebc54bf9d23e097732adb |
| SHA512 | cf2f6e031317f156637a0aaeaee7171b53fde95c60cddce50778f81f2acbd041374d1a9534415afaf2e16be1231f585907f3b940ff60ba4684546e6d48b7dc0f |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a91b03b237ca1f918a15e6da0bb729fe |
| SHA1 | 0e81bda488a484f2664948dd31fe041f8f569ea7 |
| SHA256 | c059f5be1268a192747e260367a9f38e3d9d08d0dae6f977adb17819d53227e1 |
| SHA512 | e416b11c6e27fe1bfd50be7b60d68f1fa1bd5b33f1688b86b1b464ef44b45391ac99a99d2db0b724b5f45a77d851a52c40404e7d9851d439e0ffeee4eb0ff740 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08068f2c9b1ef1d5c79bfcea32e01542 |
| SHA1 | 57bb54e51100c1ff6d4428dc3595a5caa7252580 |
| SHA256 | d702fdec26ea0a89a23af3f83f8e5daebf4ac8b1337b1333901ab7466bad3869 |
| SHA512 | 2e405bf45ede6e66ee254659baa771218aea732e9deae4db25588596af760d0fc42ef79e8bc797a43391f3d2251f8243105c29e3c6d423ff3ce3e62aefe026b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 879d1f90dbcf809ef8457cd96674f9bc |
| SHA1 | 2ce08b877acf17d33137d4d967589e098c3d4969 |
| SHA256 | 6d4c03939934a53a36b23322d11ddd546572e3c18332c669e1389afcdba5d0a3 |
| SHA512 | 51faadaaaa7f253d23d51f576c49b14ab65fbfe3d610e1795819bb6662d3294d01839dc355e2767abfea12312dc7005f9e45ad75e6f46e4668800314239ebef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e7d7ff4910f86d70093a7da734464ec |
| SHA1 | 0edb9ade7183b8539845053c5afe332d8784ce1d |
| SHA256 | c5b6e8022289cd3a24d73b9232918fd37c3128e26c569636dfb6420466fde279 |
| SHA512 | 50a0c3b1780e3739e4fdf5fb14f879f871a616d8a4bd95b6d165c401822294ee380e2d42ed0e93282b3b6c2dfe6d90c9c6f905382f507bea0e38ba6a0d80b7a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d6fdb306af182a07d57d93497ce089e2 |
| SHA1 | ad808c3021cda362431fa3b58ce3e1eedcd8dd07 |
| SHA256 | a6812b32dd555ecbdb052a883dde493d8d2163d10dfc2d6e0fbbba5c90177fac |
| SHA512 | 5bd1e67ef0e14336f7821c83c50dd57376b112b47dad84131d3ea13b7f12351ad1eb36d669f921b995d9aa0a7771cc6ceb51723aa6cd3f08a191c69e2fc178bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b00dd63a01bcff52ba5b3dab55950809 |
| SHA1 | 62286b489266eb9065a8939ddab553f96c5a5a88 |
| SHA256 | a48c62fb3688c526b225751a73514741271302f14917b0d0f7d283e3e9a6955d |
| SHA512 | dcc5c29585a6cde68538e29e1050df117785c7944ce477e3e3133381f870aa03ca3ed76cfa79ea52bb801229cc9b512c7b1d27fdfe37f11960b316e7ab2ac439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 7626aade5004330bfb65f1e1f790df0c |
| SHA1 | 97dca3e04f19cfe55b010c13f10a81ffe8b8374b |
| SHA256 | cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e |
| SHA512 | f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 0ed8278b11742681d994e5f5b44b8d3d |
| SHA1 | 28711624d01da8dbd0aa4aad8629d5b0f703441e |
| SHA256 | 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2 |
| SHA512 | d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c |
C:\Users\Admin\Downloads\Unconfirmed 235342.crdownload
| MD5 | c73433dd532d445d099385865f62148b |
| SHA1 | 4723c45f297cc8075eac69d2ef94e7e131d3a734 |
| SHA256 | 12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9 |
| SHA512 | 1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6c76a32ab9fea0fe745ace666cc24bae |
| SHA1 | ce55296b1366b253675415e32d35adb4e9d5640a |
| SHA256 | 0e625842e4cc15109b69ea4f0d5b030d8a45bfa3d2e096df00e8c5ac8dc19968 |
| SHA512 | df4d672efeac01fc390ff6ff2843a1b744de4c0c2c150372d1e753bf2be8a536c2bd0f393c86b3d4f2ddd37a81c10468f0502f3a6e86ce53b982ceb10d95c8d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 211081ab8d5c8698f5a0ddb747340dc7 |
| SHA1 | 1568a787858b91569008d92197af1408bebae880 |
| SHA256 | c055500824d0e3438a720a5a36ebd41f03fa1c12075a7411a33ea92027863c33 |
| SHA512 | a3233d873e50d5ab6de21381f081609b51cc03240e92ef5ac74ad97a0400d879ee49e257dbe03dd76c7f23a57f2f86aed8d1b2bc6a6723802fd2e1e901a47cf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c72db6776561b978aea526bf18715f55 |
| SHA1 | 6fdbeb972df4b85854406a4a21d561d1a25b3bd3 |
| SHA256 | fb62b570ba6e764f52413ba073aeb7779d36a8b9a77def15d1d8d3008ea21ea3 |
| SHA512 | 01cad78b9ceb26e27d9f060f0aa17694106f72552cd0ba8093c0dd3effb1a750d4365a30e56e143eb18454d7b48c62de180bb10eaedd720a5cd571781133d161 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | b161d842906239bf2f32ad158bea57f1 |
| SHA1 | 4a125d6cbeae9658e862c637aba8f8b9f3bf5cf7 |
| SHA256 | 3345c48505e0906f1352499ba7cbd439ac0c509a33f04c7d678e2c960c8b9f03 |
| SHA512 | 0d14c75c8e80af8246ddf122052190f5ffb1f81ffd5b752990747b7efcb566b49842219d9b26df9dbe267c9a3876d7b60158c9f08d295d0926b60dbbebc1fa3c |
C:\Program Files\7-Zip\7z.dll
| MD5 | 2537a4ba91cb5ad22293b506ad873500 |
| SHA1 | ce3f4a90278206b33f037eaf664a5fbc39089ec4 |
| SHA256 | 5529fdc4e6385ad95106a4e6da1d2792046a71c9d7452ee6cbc8012b4eb8f3f4 |
| SHA512 | 7c02445d8a9c239d31f1c14933d75b3e731ed4c5f21a0ecf32d1395be0302e50aab5eb2df3057f3e9668f4b8ec0ccbed533cd54bc36ee1ada4cc5098cc0cfb14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a81bfe58a256dfec9511dc6b67628e5d |
| SHA1 | 9090f1e2a14e72dedcb21178a15e9504ce643e14 |
| SHA256 | ed8bc1e55b5ebd98991afd3514ed58cf2f15169838139097636809bf6ab793a2 |
| SHA512 | 90d837a5c58a80fd3c4fa5f915b4efcfed7000528b16b185b8e0adc94f664f1cbe8dbb1aa5c5caf918cdc2ac85ed1c62b954de40e372679e2d57267665e3ddb2 |
C:\Users\Admin\AppData\Local\Temp\7zOCD3FE89B\126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22.exe
| MD5 | a3db578a2cad007899b60a287f3c457a |
| SHA1 | 62efaff10ae3a0a0d0879dbc9af8494bcfb12abd |
| SHA256 | 126e916db139711ce9f916b14d4ce193408146284e3114af544331f1c9059d22 |
| SHA512 | 9e59a1b2c1ad742ec54b3f0c5d3eb8f145727a39bad4372ff225e7313b8c4808bca868b16878979889920c4aa74dcab2f5a980bd56d4d51286e0bc1d1ecf1a11 |
memory/3584-1067-0x0000000000420000-0x00000000004F2000-memory.dmp
memory/3584-1068-0x0000000005480000-0x0000000005A24000-memory.dmp
memory/3584-1069-0x0000000004F70000-0x0000000005002000-memory.dmp
memory/3584-1070-0x0000000005010000-0x00000000050AC000-memory.dmp
memory/3584-1071-0x0000000004F10000-0x0000000004F1A000-memory.dmp
memory/3584-1072-0x0000000005200000-0x0000000005256000-memory.dmp
memory/3584-1073-0x00000000052E0000-0x0000000005356000-memory.dmp
memory/3584-1074-0x0000000007B90000-0x0000000007B9C000-memory.dmp
memory/3584-1075-0x00000000064A0000-0x0000000006506000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e340b00b18bb93179b538e47f35af03 |
| SHA1 | bb7c93cf896e44fb5a2dfbe2e20e4721a0e64616 |
| SHA256 | 0b7bea6fcacee47aa73e44dcf7d5c619866b83dde3a3ab9851b16f1d1ad1197a |
| SHA512 | 8da5e86aed9885809ef5eeddb1fc1fee5268788afab166e959118bfbd4d68d185e95939287870adb9e0237a3ab3e87c4ea3c4900cef2e4db0d1d457389f8aa6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | da15ddf6e11a733f674691d3cb0d40ae |
| SHA1 | 2014776da55b5102a6019f7de67537bd92a56012 |
| SHA256 | 9fdcf462d1a76c81542752b84175a458d845e49fb0d76ca508c94dbfa50490e9 |
| SHA512 | c39ec520cb0b323916d5c03fdb3f4ec9276cea39de7035afe86f13f4970786b899c16b0eaf225ebba4a602d1a6eabaccf973ac31ea279fc5b88efe6f39862cd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | f3dc9a2ae81a580a6378c5371082fc1d |
| SHA1 | 70f02e7dd9342dbc47583d11ad99c2e5f487c27d |
| SHA256 | 230189617bfed9ee9f2ac01d11855b9a784d0b6481d3411693db7e1c10ade132 |
| SHA512 | b1266043a310a5fe5834df6991537b61803ab14b737546a87dd422d2bce7277307973963a6cf4cac4a2a6030831611be9333f8ea4e56ec3d11b70313d30dc3d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | ec358763212e1e85a7ead7c305090c04 |
| SHA1 | 0e9e86faab763fc81d215144a31c5e13a2267429 |
| SHA256 | f12ea3106da3fe9949892e09ebf3c9318d063c7ed687ce4d6a78cc5e95dfa6e8 |
| SHA512 | ae813f1b94c964fb67950c69de4b7f48b741dd17500d81736701404d5b194e0583ed624833bfa0e69ac44f7fe88aa61a3d0aa0093366f1b272b679f36d655239 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 2c5838a57cec39f93572bc8db805061c |
| SHA1 | 69719f01d5d0cf6ae3188748ba417df7a9358037 |
| SHA256 | 1aca79c2aefc9e0d3615960c7030e39d209b7239cdaadd7141b99b0c437cddf9 |
| SHA512 | 77c0669037d49b408861d5ee78b052cd8eb5f38ac75f0cf318ed1ccefcb0aead8856d0efda76b77b720c4df48bd598656558f57188d89eee16c8abefb295440f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 17f4ab06a56f5c7b9f35220541515bb2 |
| SHA1 | e192397ae489f393f09dbf35898ef614ea8a0e4a |
| SHA256 | ad6444c17073a395ba777d58c8caf45010353b9e00f65e1f44b138e5d1dfeba0 |
| SHA512 | dc19df48093f68b5ed3ebc78d6397273dee3afc33df203dd1e82498c87af37233b6afdcdcf37d67273965fffb26be27b8714751ff5c8f253688cc80ca0aabe87 |
C:\Users\Admin\Downloads\062a2cab613158f0f8ed1d090763270e7956407350767e47822828f076193cf5.zip
| MD5 | 14874421af0bc42f651ee8e58131bc52 |
| SHA1 | d8eb93241c448f8610835be91ccc33eb20f2c7db |
| SHA256 | 30f6fcf29aa34941094087f0b9f714cc44e9a859c046c3c6784117cf30fd2993 |
| SHA512 | d89ced344f0d935cc59445e6dce734f226ec83e53d9681379769b92f43a34b457e2cef50ca43b4da1fa9976818b845423507c0e907017c91ac58f871691c349b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b60362301daa19f34539a43914c7fc5a |
| SHA1 | 488299c08e38fa7b9048e473baa5bda57e2513b2 |
| SHA256 | ab0c9ec3d7ada56f2973f74f8a0ab9991ed3717078b06798232bde095a52d802 |
| SHA512 | 31cbf5816b5d482dec8b612b3658442358d363b875f5a6b98f735dce51428592d410b35675983074c41e428f7d96bfd91c8769275de9a4a1e694c7dcdd8eac3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45d9617f52f46d1f9c0b80c4c180bd11 |
| SHA1 | 46e0d045aca9a7baf1f8ea5cb308088c9e8679b2 |
| SHA256 | 91cabe43ae92a5afcbaad9693977e499f9c449a775cfbad0d5213c89abedaa1f |
| SHA512 | fc33ef7c7f1585c711123387f76fc2d18c705ab0b224175d8f2d860d82e2754be8fdabaabab215f8b87c1aa545c8d402bdb0a62c718e3d73ae28d2f371c21194 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 197067f2f1ff84817b570c664aa675eb |
| SHA1 | 0184ca7c0873382097e7cf05bbb3ca3078f0381d |
| SHA256 | 4d8987d1d5d8e5721a27a294bfc0ba88eafff21d74f62560520e841127f8953c |
| SHA512 | f2daaf9e6563b93938080cb5b2366f9b20856355bdaf89691b614808359e6013efec4eaaafe1760cc02f39363d63b3e1d2c068a298f41e3993a626b180f89a07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d5f60e0fa6ba44e023b5b7117cc6a55 |
| SHA1 | 7eb731b4300049485245c33c8e9f7073c768f7d6 |
| SHA256 | 99d14bd81f6685570c600ae4f8bea53d1c37499ee5c32688d9f074993c8d0292 |
| SHA512 | 18ea0d7d9f8dc53d9fb2cbc0463f4b2aa91c6a0d3f14e2f904ab5ad02f81da2c6032412544f74314e97d13c8f528698adab42535a98a2a39f2c694e32f6dcc1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 242b44c5e0428de4dd30c2c2633d677b |
| SHA1 | f10564d29ce346d8c4a1f56b3be18fede629f188 |
| SHA256 | fb688a8f66d69145aa953ed15d9e60fc7a3bafed4fcfd199eeaeda91a0e52edd |
| SHA512 | c278873cc6f83b807a63779e069058152bf02a57e8db1abd6309235dda95c7305c8899c6b6c2850ca184b6ab5ba19b5134c040aa873aa8325c0e384a98215177 |
memory/552-1196-0x0000000000580000-0x000000000062C000-memory.dmp
memory/552-1197-0x0000000007EC0000-0x0000000008214000-memory.dmp
memory/552-1198-0x00000000078C0000-0x00000000078DA000-memory.dmp
memory/3968-1199-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1200-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1201-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1205-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1211-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1210-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1209-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1208-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1207-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/3968-1206-0x000001FF63690000-0x000001FF63691000-memory.dmp
memory/552-1212-0x00000000078A0000-0x00000000078B0000-memory.dmp
memory/552-1213-0x0000000008D20000-0x0000000008D94000-memory.dmp
memory/3964-1214-0x0000000009100000-0x0000000009174000-memory.dmp
C:\Users\Admin\AppData\Roaming\GGyIJkQ.exe
| MD5 | 47e6542e234e5ffed88732519f19008c |
| SHA1 | b3dd01bf81d5b4b9595c13032d0fc8006dbc7e64 |
| SHA256 | ae55dc186e2373b964f1d84fd51aa7692fdb2994cc163128b97631c3ba7f7066 |
| SHA512 | 98e4ddd035c81623ba2dcc5fc4ca58da3aa6ba10c7bce25ab0a00e7737c11152d6a77507c859f7f369be8fc456189acb5fe90a55064a5bf790e06662f3b589ce |
memory/5000-1220-0x0000000002580000-0x00000000025B6000-memory.dmp
memory/5000-1221-0x0000000004FB0000-0x00000000055D8000-memory.dmp
memory/2812-1222-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5000-1223-0x0000000005750000-0x0000000005772000-memory.dmp
memory/5000-1224-0x00000000057F0000-0x0000000005856000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0tpsp2af.ymz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5000-1234-0x0000000005A10000-0x0000000005D64000-memory.dmp
memory/5000-1235-0x0000000005F20000-0x0000000005F3E000-memory.dmp
memory/5000-1236-0x0000000005F60000-0x0000000005FAC000-memory.dmp
memory/5000-1237-0x00000000064F0000-0x0000000006522000-memory.dmp
memory/5000-1238-0x000000006F910000-0x000000006F95C000-memory.dmp
memory/5000-1248-0x00000000070E0000-0x00000000070FE000-memory.dmp
memory/5000-1249-0x0000000007110000-0x00000000071B3000-memory.dmp
memory/5000-1250-0x0000000007890000-0x0000000007F0A000-memory.dmp
memory/5000-1251-0x0000000007250000-0x000000000726A000-memory.dmp
memory/5000-1252-0x00000000072C0000-0x00000000072CA000-memory.dmp
memory/5000-1253-0x00000000074D0000-0x0000000007566000-memory.dmp
memory/5000-1254-0x0000000007450000-0x0000000007461000-memory.dmp
memory/5000-1255-0x0000000007480000-0x000000000748E000-memory.dmp
memory/5000-1256-0x0000000007490000-0x00000000074A4000-memory.dmp
memory/5000-1257-0x0000000007590000-0x00000000075AA000-memory.dmp
memory/5000-1258-0x0000000007570000-0x0000000007578000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0490a02ededb79c877cff22cf23cf7dc |
| SHA1 | 8465005bc21b076febfe92641b0e5edfa4db9f84 |
| SHA256 | 252e30eac4c2724e01a54a5234c3e63eebf723b529ba848f5117f02c7f22ede6 |
| SHA512 | 087b98a8c2608c8813e240b7afeb2c622cd1aabde8c92827eb5a2c837635ddfe2c0b4370d3ab848dc6b37346a1ecf1d52454416768e1e7131ce1fdf9c27ef8ef |
memory/64-1286-0x00000000060E0000-0x0000000006434000-memory.dmp
memory/64-1287-0x0000000006680000-0x00000000066CC000-memory.dmp
memory/64-1288-0x000000006F900000-0x000000006F94C000-memory.dmp
memory/64-1298-0x0000000007790000-0x0000000007833000-memory.dmp
memory/64-1299-0x0000000007A30000-0x0000000007A41000-memory.dmp
memory/64-1300-0x0000000007A80000-0x0000000007A94000-memory.dmp
memory/3968-1302-0x000001FF61E20000-0x000001FF61E30000-memory.dmp
memory/3968-1309-0x000001FF61E90000-0x000001FF61EA0000-memory.dmp
memory/5068-1314-0x0000000006630000-0x00000000066A6000-memory.dmp
memory/5068-1315-0x00000000065B0000-0x000000000662E000-memory.dmp
memory/5068-1316-0x00000000068E0000-0x00000000068FE000-memory.dmp
memory/5068-1317-0x0000000006970000-0x0000000006CC4000-memory.dmp
memory/5068-1319-0x0000000006CE0000-0x0000000006D70000-memory.dmp
memory/5068-1318-0x0000000006950000-0x000000000695A000-memory.dmp
memory/5068-1320-0x0000000006D80000-0x0000000006DE0000-memory.dmp
memory/5068-1321-0x0000000006FC0000-0x000000000700C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1d6f86f8bd95fd1d_0
| MD5 | 32882ef6fb0902459a9d4ce1550ea25a |
| SHA1 | d725bfd70b0fd2358a8c8e764bc87b1bebc19a96 |
| SHA256 | 75c6743372e58027f417a24eb4b1413afc7156f696483e4e360e2eac554d2410 |
| SHA512 | f6f1caa37b8dbfc4a97b9b61a5451e36585057b7db87868f0e9995bb0264e41c49af1a03f36f78f8bb27db342d23402ffa1e1e0a1856fa36550827c5e7f61e83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc00ac333f0bf986_0
| MD5 | 253634f58776f03bd610f95883f512f5 |
| SHA1 | b8b4054f3394c39b3d7ac470d1b6d11ab3949dd2 |
| SHA256 | 03ad69a711a369c3953c30b132f25b5c7608c2d697901445b24eaac7059e2513 |
| SHA512 | ffa5d18e672763c69004a1d402874954e981a81c6422b035a3b25447f0230f599efac5fade0fdc6e5ce46f7662a3eb9fde71495f57c266e250dfc2753c143e6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 65d811996c3680510e5a477dfa26c347 |
| SHA1 | e164c9c17eff06d72db57dca2c7c41c374637532 |
| SHA256 | 3a7a2c59b9fc35dc15ef96b40aad54879a2068e097329edb6ff68f4a4c4361a6 |
| SHA512 | c5ccae7a8f4dc38b7f2fe6e53c08d650152779a24ffb0a834a609227892b2c662cff106250565ce8ef6a259a968609e15efa662c91292212a03087c1c751a1f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b1ad512bd8fe142d871d0630e085f90 |
| SHA1 | 88af9afa82f9f84dcfa63f5ae4df5367f63a25b9 |
| SHA256 | fb46306b4fc160dcfe9b4f9edb086e237aa9dc3763ec38111b13f131e88b112a |
| SHA512 | 41adde7916141731f4528205df0f3be92e9dd7ab287ff09540ee7daa3d0db41d6bf118160eaf7c7e4b52b6c15d075b2a221e52ff5807bdaa3433e82e2224c34e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3aa0879159dd2bfc4147b581b705eac |
| SHA1 | 9de8b30e5756bc54c285433039e4249730bff0e4 |
| SHA256 | 657990c8c9714a076dffcc7704d3fc6b0e6f0d83625538454cdb2f5d04b5e0cb |
| SHA512 | 3b245a68cf18be3171bad1f93c382999312d29569d2950302bac435f4ad5332ca3b62b82c3ed2483d0c71d0fec0437f43b0cbb6dacfda7925683f560104251f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c202d020f2b8c8f02cb26784285ebee |
| SHA1 | 098438b3ffa6a32cc4fa036db94290717322c24e |
| SHA256 | 0b3e72743283d85068269883a01f907ea009707b88352f087f3b971edace94ff |
| SHA512 | 3f9091b9e748ada916f9a15ee20932e3eb2db56b70c25f6b67e138a195bba1db2849ee31cf0ac6a7d9fb16bca3e2025fccb4092d99ff21087284f0c996bfb0a0 |
C:\Users\Admin\AppData\Local\Temp\7zOC5BF231F\2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c.exe
| MD5 | 3a814b9a8d2d33ad7318eb80652d039d |
| SHA1 | 9439b6a7cc772212e625d4829f4f3f918d91b532 |
| SHA256 | 2e5f3807db334c44e20f17624cfa529304327387e4795c561374379725acde6c |
| SHA512 | d0cff4113a38754295d52ef87c7ec351a82cbb5439d569280f4d8edcf98ff9e60cc858a317315ae005e9836d79cb8fc6aaff6d7d10731d60d0144b5be9b450aa |
memory/5048-1427-0x000000006FA50000-0x000000006FA9C000-memory.dmp
memory/5048-1437-0x0000000007BD0000-0x0000000007C73000-memory.dmp
memory/5048-1438-0x0000000007E80000-0x0000000007E91000-memory.dmp
memory/5048-1439-0x0000000007EC0000-0x0000000007ED4000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f5956c00d96437eed54af9202fe52a45 |
| SHA1 | 32eb3c3e8a02e12136f4ed33cf099a46fa1055dd |
| SHA256 | 4195cb901c9634e3b7a36546e447afd6942d0c349fada09eb53f3dd12405a48a |
| SHA512 | 203eafb4487531992c15fc9ba66bd5f88bc9335e90dacc9d71d8a6d8dbd64c3dfb71faef6ba12d5097a5e88d5eabc031d974c5dfddbc1e79d233f8063786edeb |
memory/2424-1464-0x000000006FA50000-0x000000006FA9C000-memory.dmp
memory/1508-1475-0x0000000001210000-0x0000000001211000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09101cb4f39124d8373ea62dc8c9b215 |
| SHA1 | b29e5f94cd64d4e55399a2211c1f522a64fb882a |
| SHA256 | a0a70bc62b2557f78a2e422b981df09118660f8d1c4d73141f99b37de25b7f9b |
| SHA512 | 75b265d299523726c69f0cc16babf7291efb1cb0cfb13a45af01195ed667c8d6b045af343ef7248edd9b8133ff53ee749e125283958537ee6d06199f2fa788ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0f5fca6edff57a2fbf2f44589c1d6bee |
| SHA1 | 24cd93b86957d5067d4840328e3f65f1ca88a53d |
| SHA256 | d92432d12b3a43c785888c9198d879eccfc9a849d6ff324cfded9537f3f2a225 |
| SHA512 | 14589390b982bcd9183070363ffada9bae485ed88263667387632a354f249e8aeb0dc380bbe81a396327e947023e135aa6bc4d644ee437f009bc92a94a58c34a |
memory/4664-1517-0x000000006FA50000-0x000000006FA9C000-memory.dmp
memory/4664-1527-0x0000000007780000-0x0000000007823000-memory.dmp
memory/4664-1528-0x0000000007AD0000-0x0000000007AE1000-memory.dmp
memory/4664-1529-0x0000000007B10000-0x0000000007B24000-memory.dmp
memory/2616-1531-0x0000000000FF0000-0x0000000000FF1000-memory.dmp
memory/4660-1543-0x000000006FA50000-0x000000006FA9C000-memory.dmp
memory/4608-1554-0x0000000000780000-0x0000000000781000-memory.dmp
memory/5044-1567-0x0000000005FE0000-0x0000000006334000-memory.dmp
memory/5044-1568-0x0000000006A10000-0x0000000006A5C000-memory.dmp
memory/5044-1569-0x000000006FFD0000-0x000000007001C000-memory.dmp
memory/5044-1579-0x0000000007740000-0x00000000077E3000-memory.dmp
memory/5044-1580-0x0000000007A00000-0x0000000007A11000-memory.dmp
memory/5044-1581-0x0000000007A50000-0x0000000007A64000-memory.dmp
memory/4676-1583-0x0000000001180000-0x0000000001181000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c12ccb2945c7c3c3_0
| MD5 | 0727ce2d048dadaec68214aefd816fa8 |
| SHA1 | 3baf7b78a0ec81657d0bc67ea36ebdb2c411ba4a |
| SHA256 | 09bd7e2d2327ffc2715e4da737e20257f3700ee8aa6c30574ed4a05eb0f486d6 |
| SHA512 | f91ed83b2a1db13c67e81228617d6cf4b36f451e5817a710f3b7843a7c49802be1af85cb00e9d20af2feb7a0f8a85210931cc582ee24e3ce969981a343bfa406 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\64d97b09dba174fc_0
| MD5 | c64b11c535f56cd3b076ea6c5f96dbe3 |
| SHA1 | 9ace9aa26710b6355b35d6d98a86e4fb9c71c9b0 |
| SHA256 | bf9c04e57dd684aa424e2276cfddb046488b97dbb6cbbca916542c3ca7fa706f |
| SHA512 | 5ce9cc88e1d60bc39bde17b927afdea8dc23066517ee7bcffaa30754c5d161e99cd5197c16cfbf799e584fb45ae5e8a25c4af73bf15855499df0436e4f408ece |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4a17de5dcf3b5a55c856d31c684d73d7 |
| SHA1 | e10a36702aa5d7f2743bca0ffd48f0c031f45e6c |
| SHA256 | e597b7cd8ac087b523366b3963cae602064bc7400e476e37d770935cae745a69 |
| SHA512 | b916b4a53f2aa4bd1af3ffd0b90bc15b65da54ed5321d373ff94c19f225b20a3436be6920afcfda17a8756a00a53725d8beefa681afd23f061a6cf529a64a976 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 497ce59e31bad8343047d208ad15c7db |
| SHA1 | 6c694e191f50be3688114f50ae448db67b71fd48 |
| SHA256 | 443bd12f46bf7af679fbe9ef6b0a36d4b1fd82b21e36e4924da662b272d16abb |
| SHA512 | 9a1c847fdba8cdacda3dd82e603771ee0f166ab66b77b6b0a9c326320986a64bc5eb866f2008913d9f77ef9b958ab34ba2603bffd1b16b6514577ef2634405c6 |
C:\Users\Admin\Downloads\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.zip
| MD5 | ba223867f61d0789667b4271b1c907bd |
| SHA1 | 0d6d9a9885ebf371156b2339492b52f341185dd9 |
| SHA256 | 8febbf54e10e65067a95b32b0b41b81b7263a5aeeda6f694859f6f89cdfa82a1 |
| SHA512 | 500b31728e4c94a32b33a6c907ea3fca69d55da0df2c687eb3c00b8c344c303192a0cf8a9fb65211a91fd9712d5fa13572a462fb61bbdb26f6fb40ae74d0e4ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf96e60da844e9c11638ca3bd8df40a1 |
| SHA1 | 407e9baa093ad0e11d81140996cf77cc97b44d05 |
| SHA256 | d55c6222bfd02870391379311612d6d2c7cc6d3566442b7fb7a52086810f97af |
| SHA512 | dc2e6f6a5c37d3eae431a1aea59a773ac6998b60c0a08234eafe853ea13f7885d77f6486dbf3ef61fda8c31e6b4dce370c4515815b85ab4c7c41f5ce766c8a2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 582f0739fa3f7de4080d8baa627e7020 |
| SHA1 | 596fa1d981573b61631c0544effbeb292f781b6b |
| SHA256 | 82b878e305ed36a7c7daa038894a59bea7453ebd0d552afa4709d146e38d9cde |
| SHA512 | 07723640bbe33c0bf1d0dbedee03fa3de211238892d9e0fa90b6e6965c2a3aa5172b0478eb50bfc69aef2b2ddf34f34ad6a0fb7edf7fcf14c4bee6fd5bbe1654 |
C:\Users\Admin\AppData\Local\Temp\7zO83763182\58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0.exe
| MD5 | 6575d4ba39394cd5951b20909039ebd1 |
| SHA1 | c2ad0eb283b54e0cb47234e4d9373ba58c25161b |
| SHA256 | 58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0 |
| SHA512 | 946b35a0dffb071a821103747701add3c498d1eaecebceef7fed52bd99deb84b8161faaf0e55df639b950d01b91f81704d4aecac24ea82588b2a7ca2068ea699 |
memory/2860-1702-0x0000000000960000-0x0000000000A0C000-memory.dmp
memory/2860-1703-0x0000000005740000-0x000000000575E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20e4905f9f686f0355010feb971d851c |
| SHA1 | fb64dbd0099cec8296af2d36f49f65aab85f7517 |
| SHA256 | a9654d052099b4887adc04abc38d52fa7736e74606c3318ee93f42557de70918 |
| SHA512 | 941afabd457ff636071382f1738b066d20be75d1e913afabfbbf055be00312b0b45f09445bea111eecc589129a5dcda530091d31e9050a174e85ed10574ac0cf |
memory/2860-1713-0x0000000007D60000-0x0000000007D70000-memory.dmp
memory/2860-1714-0x0000000007E90000-0x0000000007EA6000-memory.dmp
memory/2860-1715-0x00000000081A0000-0x000000000821C000-memory.dmp
memory/1352-1718-0x00000245D70D0000-0x00000245D70D1000-memory.dmp
memory/1352-1716-0x00000245D70D0000-0x00000245D70D1000-memory.dmp
memory/1352-1717-0x00000245D70D0000-0x00000245D70D1000-memory.dmp
memory/1352-1721-0x00000245D70D0000-0x00000245D70D1000-memory.dmp
memory/1352-1720-0x00000245D70D0000-0x00000245D70D1000-memory.dmp
memory/5092-1740-0x00000000063D0000-0x0000000006724000-memory.dmp
memory/3756-1752-0x0000000000400000-0x000000000043A000-memory.dmp
memory/5092-1753-0x0000000006DA0000-0x0000000006DEC000-memory.dmp
memory/5092-1759-0x0000000070530000-0x000000007057C000-memory.dmp
memory/5092-1769-0x0000000007A00000-0x0000000007AA3000-memory.dmp
memory/2916-1770-0x0000000070530000-0x000000007057C000-memory.dmp
memory/3756-1780-0x00000000058F0000-0x00000000058FA000-memory.dmp
memory/3756-1781-0x0000000005900000-0x000000000590C000-memory.dmp
memory/3756-1782-0x0000000006800000-0x000000000681E000-memory.dmp
memory/3756-1783-0x0000000006950000-0x000000000695A000-memory.dmp
memory/5092-1784-0x0000000007D50000-0x0000000007D61000-memory.dmp
memory/2916-1785-0x00000000073F0000-0x0000000007404000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1b41638ccd8e8f94e09312d21b1ca8f8 |
| SHA1 | a9b4032d8f4168f987e0bfdb1e070880a200faff |
| SHA256 | 494a2569bcbd66a8f69c409907c80d0fd33f74f78a05bd1ea4e332bdebaabe63 |
| SHA512 | 442b390c868b9112315664b02ebe3c4da99946bd3f2be11e36938b1ef1b9f48ce8df0062252cc596ccd3cde2c58d385c025daa8fb62be12bcd5436c4859748a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\515fe5b21749ce9e_0
| MD5 | d6ed423dd2dbc885bb4d92d8ea225e4e |
| SHA1 | 80e69a0ac0e01952b4917163fca31e3f329797b2 |
| SHA256 | b1edc726ac3be9a97f86b1b7f790e5e9e8656a0dc40a47b2d736e928a8dc7be8 |
| SHA512 | 8f6ccaa657d8bd2c2b85e7dfedeac4402d432db20ce30a1f5042f21bfcd1bd3e82b7ccadd4c350c3125c50643d3896421f928a692775dc5fce775361b361dcfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c8dc87b0982c038b_0
| MD5 | 162b0086d9bdb2c5192e51631b934f44 |
| SHA1 | c4dcbbdb8dd3e20ec1457bab3c6474a84f984a3a |
| SHA256 | 36a7a5d6ab11cf7c6f5e6398207dae5a4b260ffa7f1ce46f399a89bc57978992 |
| SHA512 | d4b698e569e0068d394d84e9ab2b018c1c7a44c71cada9d67ece181a974d26eb4eb0d65912f8057288b18e1ead74cecf3cea1abe692f66c0411724f175979122 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8fb213e0574a2e7bc979ff3555a75dfd |
| SHA1 | 6443b96ef61d12c1e667b803e5296a0f9aff9cd5 |
| SHA256 | 0bc64f5c08f02a64f5020b22bd0da37caf50f8cb052ba1238562e70f6b26ef62 |
| SHA512 | 1f5826fba01d0652e67fb74b332414892eddd2998f564174533fedf3576204258b60a1b175f428046eafe9424733edf2fdde39393b19ac8a885c9bd7eb0daab9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e589d1f74d1c2326f799a8e8b69f4941 |
| SHA1 | 77166f97a8e25316dbbbaa7d0646255bb2b4ee05 |
| SHA256 | 66c379cfe67a6a87e3840a565cefb36c9f5615660dfbee29e83373fee8678f08 |
| SHA512 | 690864422acfdd0aa4d95caefc091e28f1650b4a45c81b6900c9c6e3a1689c253a6075c9213649c7f01d64678a1fdf9fd4a9852c139677bbe21f76f92224fc10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 544807a058ca9d9069be01734969dceb |
| SHA1 | 6d1b8eb4ee64372647e447ddbf7acae5dcfd8bdf |
| SHA256 | 1f2eed70786ac9b599ad02510da2693a5f2f27928ca18c617e88343851737a9e |
| SHA512 | d6630bd6c9d81565288f1da0646ca8ab0dbcc2a2cb7eb1210c484b8758e2cb6014900996dd41dd05f202da22faceb817e19a7748d4ae7a5ba10f2c36bfabc776 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4628314efdae2e42197f4d44b94d9adc |
| SHA1 | 3a7b8f4c9d686d9e8d197cc2aefeeebe8a32cc81 |
| SHA256 | 2a0d7f705e51038135a06ae864d2fd020ecccc645508eb9572d2e28db48702a1 |
| SHA512 | 856441d46e72de3f22e7b18590514b07a49630b3cc46da4cdf345de5a8f3c507107b119fb9e4f6d6d07dd70cb626793f700e55b9d3c35ca9a22ef5503a17f5af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6399abb53a712e0446d2296e8a3ef22c |
| SHA1 | a4cd6f284c1d56c80c7afd0814c9a89e761471ba |
| SHA256 | 7c5629c4519d7005a8c08bd803fd33956369e94b3a57e742261b644c11fc365e |
| SHA512 | 6311c7a5efcdf4c540bbb9d12178580bfd2359752cac37ac844a95de044f13e4c4349eb590d7fe96d489603facec3082fe3c1023115360691b1a549ddf11e9bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f556e0a5c99266baf4cfc575b2891494 |
| SHA1 | 0bc8a3e9e0a3c1b04b4806e82f4539862b62764d |
| SHA256 | 369d31d51ed0e36c2d080345b0479e0b57173e64b44b25760570a5799ff5803a |
| SHA512 | 0f63e94578c789140ea3ec39f2a3bc4b06c828a71dfbc6843cc40dcdb7b096bbd4e4ef21c0c4bfb896def3a45c04a6eea84729c209d537a0c32d544256a81d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9bbfec1b89d6d52d44037c0513e36142 |
| SHA1 | 9b2d6ac95788d9122f7b72e91702df5712d1b369 |
| SHA256 | 25c60e49b3cfe0b2a4cdf0db10ba8d5da7eebf7ef05348ae67fe29c4c6f57f57 |
| SHA512 | 3dbaaebebb68ceae24f503cc1258efcd71dde247f90b466d1327691e565dbc72a2d076ba0e266c51b176d3dde3ec63928d1a90ba1a955929f69570578e9bbc92 |
C:\Users\Admin\Downloads\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.zip
| MD5 | b234ecb275ded73992cbb5e4804c37dd |
| SHA1 | b2ca80a5f122724834caeb05b5c6b005988a4568 |
| SHA256 | 0214c86aa3b0f9313faac7874b132231ea8842bd4ae6ad451a952cdd8f8939f1 |
| SHA512 | 91c20a7522abc61485ac844a2b9ae129f7c73bbf40e4e0c65bcfa4252fd60404f8d433de6167f0910f24eaf74561b174c15e87e03869dbcae09d62188bcb4ed2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2f71b4ddfcfcf0b79e7e70a3b1485c5c |
| SHA1 | 1a7b53686dd00be852724fad7806175b060d7b9d |
| SHA256 | 176a2c0b5728bca40f24c92af7cf9275b9072d1c69b0767661fa5ac686fc399c |
| SHA512 | ebbdb88a3327003cac87e9bedef1569bd907495dcf89fa36ae70da82f6bc035c65a23084e0db27cd94c9d9715217352f208fc12cd55e3f55eaab76dc0034c4ec |
C:\Users\Admin\AppData\Local\Temp\7zOCDF4A1F4\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe
| MD5 | 33559005506dae5967c8ddeaa8a65f5b |
| SHA1 | 0d3c40848c443d4c7dbada45fe976cb9f616c9c2 |
| SHA256 | 5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79 |
| SHA512 | 1591fe81d82b18b854299b0ccc72ec2f31208a9ab11afd75047a3d2e3b2ae7931bd412a8401eff57790348ddb5463c31dfc3f870a6c9eef8ef86006b55be7e55 |
memory/1784-2030-0x000002D161440000-0x000002D1616DA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cbac3ae770d4e4d1bf1d69bf662559c6 |
| SHA1 | a205e2b0216435bce213bab52a8e79afe5314e86 |
| SHA256 | 831612167a08c50cc22fb58835f49ab18baf0be1db19045a417df287d3e71a0f |
| SHA512 | 5953b26a77b30f5d1ebf10f568292fa46297f59c65ff8601787e74adc5ffa9bc279643fd56ad475ef79a7f4883d4a9115a2b1eb44ab33312dbbadfe578eb2a3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a37230249fabe73bbf68c2800947117 |
| SHA1 | d402f3766bf2d48b0a89b0e2315e15d7c5ca7bdc |
| SHA256 | a6a57b8b05bde9cfd78f308c1d4b0d379264d967d5c5691123c77ed440c23647 |
| SHA512 | 911c117b15d6f8be6680c999dc31ef3ba0a4e6aa4704afbd5ae50fb4cb6366c863f1030ded3bc657e7ffd8056b05c77e2e97d25f983a348bc148228ca4fa9489 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0ec9e7c32c148cee9914604a4c5ce72c |
| SHA1 | cb53b32793aa14751004634863731a467e3aaea6 |
| SHA256 | c237c329d3cd7bf3fae1c047c77ed9b6ffbe94658dd8855d8b324bb8b8f577df |
| SHA512 | 40265f2aa947dcd3fa89b79227d9f3d2f59903aadabbce4d7524a224eef01d7ace6e04b11c9d4785102aebf69ba21c51f7c4526de022b80ae072ec575a408837 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c080d07c-6ee4-4f1e-ab23-2005e62925f1.tmp
| MD5 | 6b6b34cc464a8c1eb3839ab3fb05e9fb |
| SHA1 | db08bac7ab662b4f64bf142cb205b38964281617 |
| SHA256 | 96930e2b73207926382ddda147845fb3874bb07bd7d2ee2e40a40c2a26d3b1d1 |
| SHA512 | c49558632834812c703de300950c7ac175bad8719e2d13c1d1ae39d47830057f81d90b5626d5a1509c816c64a462611c126cff27245239f7444d6df1f480016d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 80f55e70c1aca8d66098fcd0ff2a465c |
| SHA1 | 30471605e2acfb34db88c44241500422b348e0bd |
| SHA256 | 3123d2ea859da2c93bc6bbdc0eee6ecb7f5dd879e458d878b45ecb58023e6ad9 |
| SHA512 | 4760f1db6c351b6b93f1a32754571686a72b6db6cf7a7bfd89e0a09b968c46d39ca5ef56ed0d69dfbae97816e99f86df918601f7e579e47a03551e5fbf54b9a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | a1845d229005f94b526ba4d13b34f0a6 |
| SHA1 | 94e7d806820eff0c9ce429f0025547318680723f |
| SHA256 | bf18ed13d45a6e365df0d88c423d902910b2175f51b50726de4b8046defa9352 |
| SHA512 | 892fe347edb6023c55a07a9bf9d733bf8af6ea9de538d9bcaae9238e9987c11aecb69cb6bcb9799e5e3d481ab2ce2408596706d4827f6a75463e991223f3cf5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
| MD5 | 0c331164b1b661536e08254fb53ae956 |
| SHA1 | 68c73964a3ee98ffb9d03300cbf411159f854d80 |
| SHA256 | ebd6dbefc94a171f95a7c872dd118a68728628c5d5f347dac769a9b3ff993c4c |
| SHA512 | 2d21d4c80eb47908123c222bbd1576ab394e8089c3bbe5a07870363dd258ae866cfa372fba2b30d1a76d0f7f018c55d7a5a7308928195f1d044cb9055e0ee478 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware
| MD5 | 562c4b4ae4cf1a3de844c9b9382c1452 |
| SHA1 | 608e6b9dd302e24fd43a4bd96eaed2b132736644 |
| SHA256 | 5c2b6f1ec9666e45c81ecf5806cbf77801118671d1655b13738c10fd9ee9bed0 |
| SHA512 | 8bd24fa8f45d0194c235bedfe732381be1e2e58ca61e647a747ec0e934edc3a1ea972cfe47f3d34bcd0a6024719414dcfa71e2b7f0e98091f2ecf38444ff48a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
| MD5 | 8887dd4e6168207eda7c3c681c180fcb |
| SHA1 | d39d3bd955f2eeca5b1927d6994317e2b72794b2 |
| SHA256 | b05a17cea50c8918c023ab16303ef807c43bdd7d97f6d4dbfac84f2fe6241de4 |
| SHA512 | db7569e47bb36ad6c2bdc3b687dd2dd7b2b992f7ca076e326b9d3363e09d18986656b66f4faa59f846d7b1b91b27197f2c81d43db917757e64276ccb8cc1b85b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
| MD5 | 170a7c852c3cb1e748606049810fc0a1 |
| SHA1 | a2372c64b1e216617e32a442d415ea8081199d76 |
| SHA256 | e563ae78ade2873f42830d9d30a30f261d57353f93ea49653601f377ace8a8e3 |
| SHA512 | 2cb3144604e9eacac16df65720a046f87b6d0d52ee02039081cd53d3abfa4b90bc00b631d6683c6965295f44b97705b71092414f8c124a68487acf6a5b5a2525 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index.CashRansomware
| MD5 | 8542a9ab85592518206c218bfdc8b8a3 |
| SHA1 | f09c5f5697ef8b12f2ed386606cdc40c4c1ea011 |
| SHA256 | 824a21113760b27cb88f6f8cdfcd0426abbdc20dd2106d9f7be0537f631b370a |
| SHA512 | c0e6bd5a47b6955f97143b66a1d7738d5a8dbe02c1d65737cda4764d72234dd7a2852e1bb2a50c0e8928ecb4e92d348fda84ae70fd1353654561213b70b9b918 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2.CashRansomware
| MD5 | 3c00b789bb69b5b2e93265019a086c85 |
| SHA1 | 6628064498c5dd67a7db51096f8df491ea1dacaf |
| SHA256 | dd63ea9f1b4c8f4e6e7fca1f5b0a32e6813ec3d0c82e3e45c7892e7e9e728e4e |
| SHA512 | e512a62a9eb77ebe4752d6c46c9ee86e675f43dc2cd3fcc39f0979d640edd8aafbd9595035727a7e6d0cc0c1d4ff9d0309026df7fee1aaff568e3f7f1c9abb62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3.CashRansomware
| MD5 | 3d2188177f619227fd78e32ef753dd5b |
| SHA1 | fc30fde18bbe7cb9f59e5d6c34f6b560d2a54b1d |
| SHA256 | 5746b7448b8cc1124f95ef6595a31a1c4a7e63f137853bc89e18ec7436db1051 |
| SHA512 | b72bb582b70edad32659cccbee95cf7d7001a8809e434bb4fdc103d4f225b39f44a82a75458e79ab0015c306cc24e00f63ce359dcd0ab65130bedf2386312b5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1.CashRansomware
| MD5 | 9ac84a2c50bdc8361d47d68297cc746c |
| SHA1 | 5caf1f439ecee3e4b552cc88c030f943352d1a8f |
| SHA256 | d0d6bcbd45612aa63bc6cc191195d9b297aba4f45fc63a78520a107ef105f94b |
| SHA512 | a854884006e33decf7ad001c18ea0e2b573d436eb50e89413491ef5207625498e5251e6eaea60e3a73396ed2ad5592bf9b28eaa6f605c8bd272ebce631df4c26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0.CashRansomware
| MD5 | 90948e45a98925ae6b2fcc792c4ee9e0 |
| SHA1 | 385ed50d17ab3c4c76a8ac189099757a9de1617a |
| SHA256 | 61dc808f0b6ea5ed7158457358893de5f8d8e2b839ede86a096932773a75d5ef |
| SHA512 | 60d5088c195626c03599fa3c36483cbafd819bc79797983a6e3237f68551aa167cab5f7b583aa82477ccca11f00e33049eaa7b6ff16d37323c79c60bf3b47437 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
| MD5 | 7b9f5b9f7d9c803c59d2ddf119991678 |
| SHA1 | 8a7746405e88d423d21e70fcc974f4339e6de48c |
| SHA256 | 303c495dc54bff8dd538da0b29ca6261924dee18c3ad12bfb723f3f84e45d216 |
| SHA512 | 9b0a5940b7803a2644580169810fb803ffdb28c30f936578c445ed101825a15c4cc760968fbd7fd709e8c5d7f04661b642c25a98794d668349fa7eb756f76feb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.CashRansomware
| MD5 | d8f7769ac9cae246121d99fe168b3fef |
| SHA1 | 3df9bee62d8683013d56f30e426f7cbf505a01c4 |
| SHA256 | 8dd87ca7dd47a1c50084cae4c75af1290d362d5ccc6f38145b8191a8665eec2b |
| SHA512 | f559da68cec5ef87af668a0a7d1e9f8cb3f1e9e372e572bc6c853dc33cff81a71646d6896951c4cccb9c593e862043e9b0147614ca768fc5b9486523cede00c6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
| MD5 | 6cf5c426fef0095ffb903e0612d2f29d |
| SHA1 | f1e172a4b1c5cd71fecd7c94dfa859b9458922b6 |
| SHA256 | 9bb7ad8f5a8cf745b9321a32136421d884bcbcc7ea21c7f8a74f15a380b66346 |
| SHA512 | ae6e9850b258bd71ba2857f99d0226a38689190b9fc218eb23cfd2a2e8eeb551b328de3713043e97e76c80cc3c5921d31d8652644f1fca49f22a3362106297fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
| MD5 | df8b746160e726d2a9743bec9b2f6659 |
| SHA1 | c8c318b2e1d8d50c3078aefcfcfc8e97ae2fb4e1 |
| SHA256 | 3466ef1e27f938a0cab12427df8498b745d24174ff48b4a42cd0cd24cfe45684 |
| SHA512 | 32ce167fd64bb391e1cc1a738ea36e69a7e5443704a23e860a0814bea125042894f115ec9662488db4d9fb69a28f99dfb7c64fd87d84f3c9bda239f5bb146b34 |
C:\Users\Admin\AppData\Local\Temp\wctD07F.tmp.CashRansomware
| MD5 | 43d581a80cc4c7945abd06f8818b5a95 |
| SHA1 | 70b523f8fdfc3caaf1d21dc052bfda94505b1b5e |
| SHA256 | 0283e100acc0472d06d1777620f86fbf35ad422b3d84c19f44f4cc84cdf96c8d |
| SHA512 | e6dc08c08362d7b55f783b86a2586ce5881fa06d5943a2f30181b22cba0a94282afd9e53dea6fe5eacf4a26ddfb10055004bbf4e68388df68fe41378fa78e0f4 |
memory/1784-4124-0x000002D17FB20000-0x000002D17FCE2000-memory.dmp
memory/1784-4125-0x000002D102790000-0x000002D102CB8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4e121c7133d939920e5fe95f8ba5aa9 |
| SHA1 | ae81def48cfa7bfe1d7adffe06bd60ed5a66c711 |
| SHA256 | 79c39c8fa36ab49c74d8da392a37d88e216252329a11da2ae91e5b093cd2665a |
| SHA512 | 2dfebdbe5acf829e2defa42254791a79b64d9ef3a17e127bb1c0bbe5edf19fbf4c79f752075f36459a5e19438886683ff30077e38636cfdddcc27e503941b344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3cefe845ea6f5939bc2887d90de8768b |
| SHA1 | d10160030d8be749315c3e5fee766417404492ad |
| SHA256 | be27ab769b5d21b7298eb5fdaa866d47fc4159df14bd7312900d64ecbd6eb538 |
| SHA512 | 1b09fad7ba9250c5737967877e9351c0a49df3ed31bb6cf4aea766df432f4f6875983a9f10ed809ac42b50e902945c91a46403facc4234efaf6c5088908f0a1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16194f4e894c85a83c49a9801ec59db6 |
| SHA1 | 383ad7d2b264c616797755e0760c593177509b21 |
| SHA256 | dde60328b6a0220a906e6f5524808913076ceba915791ced2c68bd2ccd027144 |
| SHA512 | 11e622c9b8ce522f225653336c188df9c27d2938ff167aa148d6b4329b17e46794460bcbe057d70e43db30321278812ab5fb489c5d05fda10520d53278b17663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 175b92566bed0bcae7306e02aa1b9a00 |
| SHA1 | 60dbc33ba398617638036ea1dd1030fb11116fcf |
| SHA256 | f95c73ec3e6d61e3c81152fe3bd5ef93c3ffdc607f46a33d00255335132d8037 |
| SHA512 | 96ed1a1cfeeb3e7da71b5b687ecfec0520a5351a912f3891befa6da7857ac9c207b2de141e81bf993abac51d6074986ff2f3fba2048da27d334a0496b8ea80da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |