Analysis Overview
SHA256
4d509fb0a36f1ae2991f0e6fb7ec5837d722c426b79178e207fa59fbe1bea547
Threat Level: Known bad
The file заебло.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Xworm
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Drops startup file
Adds Run key to start application
Looks up external IP address via web service
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Creates scheduled task(s)
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 21:48
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 21:48
Reported
2024-05-26 21:52
Platform
win7-20240221-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\заебло.exe
"C:\Users\Admin\AppData\Local\Temp\заебло.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\заебло.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'заебло.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\system32\taskeng.exe
taskeng.exe {FD991FE7-4CB0-4038-B446-54D8795DB480} S-1-5-21-330940541-141609230-1670313778-1000:KXIPPCKF\Admin:Interactive:[1]
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 8.8.8.8:53 | involved-delete.gl.at.ply.gg | udp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp |
Files
memory/1716-0-0x000007FEF51F3000-0x000007FEF51F4000-memory.dmp
memory/1716-1-0x0000000000830000-0x000000000085A000-memory.dmp
memory/1716-2-0x000007FEF51F0000-0x000007FEF5BDC000-memory.dmp
memory/2576-7-0x000000001B1E0000-0x000000001B4C2000-memory.dmp
memory/2576-8-0x0000000002470000-0x0000000002478000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 536ee90f3dbced0710b03dfcdf4e5ad4 |
| SHA1 | 051f477043e68c0565d7fb654eba2b06a44e6226 |
| SHA256 | b8d0e3f1d93b4361645da061104523314289bcf1066f0ef12ff02fc4b31c3c2d |
| SHA512 | 4025b7e5bb6030a66dde9dcaaed414e829686435ca68fac98f4abf6f17751f01467c09edda982c16296c958fe1c6ee00af8c9198748a6eef209cc7b3f1d408ae |
memory/2644-14-0x000000001B180000-0x000000001B462000-memory.dmp
memory/2644-15-0x0000000002420000-0x0000000002428000-memory.dmp
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | 5564cabd0a4507eab2361da606eef877 |
| SHA1 | f8157479222fa2596fe95d3285f178398cdfd233 |
| SHA256 | 4d509fb0a36f1ae2991f0e6fb7ec5837d722c426b79178e207fa59fbe1bea547 |
| SHA512 | ca059498604f20baa9420b60b3178c76017b73b7dad172f0297524e49976914058fdffea40cd06382011f239fe1bbc02cf87e2a53ec1f5b022fef223cfb9916b |
memory/2816-35-0x0000000000FC0000-0x0000000000FEA000-memory.dmp
memory/1716-36-0x000007FEF51F3000-0x000007FEF51F4000-memory.dmp
memory/1716-37-0x000007FEF51F0000-0x000007FEF5BDC000-memory.dmp
memory/2188-40-0x00000000010E0000-0x000000000110A000-memory.dmp
memory/968-42-0x00000000012B0000-0x00000000012DA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 21:48
Reported
2024-05-26 21:52
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612338275985592" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\заебло.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\заебло.exe
"C:\Users\Admin\AppData\Local\Temp\заебло.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\заебло.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'заебло.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf821ab58,0x7ffaf821ab68,0x7ffaf821ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4584 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4664 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3452 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4488 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5156 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4800 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5012 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x150
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5764 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5676 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5936 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6092 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1952,i,10066094948762798562,14559751780067484939,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | involved-delete.gl.at.ply.gg | udp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | prvc.io | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| GB | 64.210.156.23:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 104.21.56.52:443 | prvc.io | tcp |
| GB | 64.210.156.23:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 104.17.248.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | eg-cdn.trafficjunky.net | udp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| FR | 172.217.18.202:443 | content-autofill.googleapis.com | tcp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| GB | 64.210.156.6:443 | hw-cdn2.trafficjunky.net | tcp |
| GB | 64.210.156.6:443 | hw-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.248.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.223.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.0:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.18.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| US | 104.21.56.52:443 | prvc.io | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | galleryn1.vcmdiawe.com | udp |
| LU | 93.93.51.190:443 | galleryn1.vcmdiawe.com | tcp |
| FR | 172.217.18.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| GB | 64.210.156.19:443 | ht-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 62.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.51.93.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.156.210.64.in-addr.arpa | udp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | qckload.com | udp |
| US | 34.225.210.0:443 | qckload.com | tcp |
| US | 8.8.8.8:53 | www.securegfm2.com | udp |
| DE | 18.197.208.17:443 | www.securegfm2.com | tcp |
| US | 8.8.8.8:53 | dg-videos.b-cdn.net | udp |
| US | 8.8.8.8:53 | 0.210.225.34.in-addr.arpa | udp |
| FR | 143.244.56.49:443 | dg-videos.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 17.208.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.56.244.143.in-addr.arpa | udp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 8.8.8.8:53 | evtubescms.phncdn.com | udp |
| GB | 64.210.156.1:443 | evtubescms.phncdn.com | tcp |
| US | 8.8.8.8:53 | ht-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | 1.156.210.64.in-addr.arpa | udp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.trafficjunky.net | tcp |
| US | 34.225.210.0:443 | qckload.com | tcp |
| DE | 18.197.208.17:443 | www.securegfm2.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53750 | tcp | |
| US | 147.185.221.19:53750 | involved-delete.gl.at.ply.gg | tcp |
Files
memory/2544-0-0x00007FFAFCB13000-0x00007FFAFCB15000-memory.dmp
memory/2544-1-0x0000000000510000-0x000000000053A000-memory.dmp
memory/2544-2-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp
memory/3464-3-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp
memory/3464-4-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_szay3we1.5hg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3464-14-0x0000020261190000-0x00000202611B2000-memory.dmp
memory/3464-17-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | bd5940f08d0be56e65e5f2aaf47c538e |
| SHA1 | d7e31b87866e5e383ab5499da64aba50f03e8443 |
| SHA256 | 2d2f364c75bd2897504249f42cdf1d19374f5230aad68fa9154ea3d03e3031a6 |
| SHA512 | c34d10c7e07da44a180fae9889b61f08903aa84e8ddfa80c31c272b1ef9d491b8cec6b8a4c836c3cb1583fe8f4955c6a8db872515de3a9e10eae09610c959406 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 60945d1a2e48da37d4ce8d9c56b6845a |
| SHA1 | 83e80a6acbeb44b68b0da00b139471f428a9d6c1 |
| SHA256 | 314b91c00997034d6e015f40230d90ebbf57de5dc938b62c1a214d591793dbe3 |
| SHA512 | 5d068f1d6443e26ae3cad1c80f969e50e5860967b314153c4d3b6efd1cfa39f0907c6427bec7fa43db079f258b6357e4e9a1b0b1a36b1481d2049ea0e67909ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6f3b96b24f06e2d37a46e43e8b784f56 |
| SHA1 | 7be6702c5867f359e913eeeecdd5b76698589295 |
| SHA256 | 8e386afeed28e1d282d9a0294dd2e9402dcb807f7c77aca8426314c20057e720 |
| SHA512 | d760999531a77a9adf2b4dc019ce3b43ac3a8cad825398b3a09818afe8deaa177d37219a26dd8a432c00c9cff7858efc43cae2375edc996bb0136c92c39c9dfb |
memory/5104-56-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-58-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-57-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-68-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-67-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-66-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-65-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-64-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-63-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
memory/5104-62-0x0000028DBD2B0000-0x0000028DBD2B1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk
| MD5 | ff129d38ff726cf823ec6ae6167e9f5e |
| SHA1 | d9fb7daeaf5ae7f241c92e1e20e56902cd3db1ff |
| SHA256 | 202c62490e8f78616da11349a030a14e2fab58a048061fcf878f345387460b02 |
| SHA512 | 08967b5eb515edcedbd81f506b264a283dd146b549eabc57326719c47074f10600c9106713c9acbb46d225a1a4235e0892e968448f4e3a18aba874c4dec03f82 |
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | 5564cabd0a4507eab2361da606eef877 |
| SHA1 | f8157479222fa2596fe95d3285f178398cdfd233 |
| SHA256 | 4d509fb0a36f1ae2991f0e6fb7ec5837d722c426b79178e207fa59fbe1bea547 |
| SHA512 | ca059498604f20baa9420b60b3178c76017b73b7dad172f0297524e49976914058fdffea40cd06382011f239fe1bbc02cf87e2a53ec1f5b022fef223cfb9916b |
memory/2544-71-0x00007FFAFCB13000-0x00007FFAFCB15000-memory.dmp
memory/2544-73-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp
memory/2584-77-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-76-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-75-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
memory/2584-87-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-86-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-85-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-84-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-83-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
memory/2584-82-0x00000246B80E0000-0x00000246B80E1000-memory.dmp
\??\pipe\crashpad_2236_QZGTHREMSFTQEGYB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | acaf03cfac762d96ddae4b4a617fada9 |
| SHA1 | a4c95046a787abb69f6a0325de9062e4d9aaf2c4 |
| SHA256 | 37ac2013241ba6271f9375e1fed4be04d21f1da9a19a16439e264bb2e2366127 |
| SHA512 | 907c665e301e4cea189127339c0edaf6fa0f73c599a7cd2c9ddab2edf35dc01eae17c5960c95152eedf94943be9c1829f5a5c01fec3ee73ca3e92ae1ffc7f671 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c151d9510c54526188b94bbb0d6b81e |
| SHA1 | 669da36ea38fc1a2f1cc21efa0ba5f6e0ecea3cd |
| SHA256 | d1e0e2c659c273755a6fed6c85f1b2b26a38eee1b6170d5fb4e8198972305dcf |
| SHA512 | 8e7f3698ac2fde6cc071afa24e8284bce26e511e073590dd794ad4894e9dc65875937b513e6f22a385da318e123cb5ce15f9267e3822b5dc1bead0a4f0714a15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d5c7b6a2c4867567759d56de9cd068e1 |
| SHA1 | 6d928282447ef639644fbdf76b85b3ac3255fe41 |
| SHA256 | 6c105e1c4103a325169c628ac11ed6e4ee30e6fc5badcc6d5f7612fcd739f23f |
| SHA512 | 456bf837bf16bbb1f9ef8ccf9a65f5a933d3a2a734ed3b9e4c138b6ee2d292bf30701d13de5ffb6ecf54ab58edf0284cf5a22a6f19f128773856345c61197b8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 8e2fb60f098982d9609e7f4022a1b527 |
| SHA1 | 957688abf913eeab2cd4b4fca85489e10c1a9647 |
| SHA256 | 97b87e394eda64c10ce644609c1b20d067557d42317ec4a3d0f9f6281d54caa5 |
| SHA512 | baca6452dee641e5517977ffd77f27db96ba5a45558d69be36f2431e48d4cfa6c5a4f31225dfe8ca5b104dd67ba03fb1cea3ed02b51e62d1fd6c36e8ebffd50b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 9b129dfd3909c6f9f07a8bb0acfe1cc0 |
| SHA1 | abe9ff1bb8bc6297d20a917cc7d7f84bd32aec26 |
| SHA256 | c6bf2ee424e67a09c164af5dd9a75bb1b446a4a6f50e6ee3a7d896f70ccf8f4f |
| SHA512 | b103c37f466d5ff6f1d9cf79ca92601c060fefba9c91a8f261cea01a3374e329655742f8bdfce68e0ad0648a3bbabc66d786aa068dff32fe2bf0779bbe3067db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 767c96b6aeb3bcfeba0ce8104a2bc6db |
| SHA1 | 329f37d3f030b7d42426c5d03cb3658e4ae7bbf6 |
| SHA256 | 755b5c58990977ab3539b4615fe0c0c878f5fde2df387dc3aaf5c3028db3ebd9 |
| SHA512 | c78c7af5ee6296664257cab56b715acb2831c6c114da7f80b22671a94fb16ed8066ca80846d74081b7db860b86a3a92c307c66bc083732e06e55b1846345dd06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a2869929812fce4a20703496a055ce5 |
| SHA1 | eb7fbc70e0dd6e95c6655df71e5851d4093923c3 |
| SHA256 | 9aac3d81e44653c4be965b3735c14b049e972d6f55f74b28bd28dc402a9dd3a7 |
| SHA512 | 08bb128c1efe6791da62651329a6cd998fe630c13e2e3b51b1f88df90bc7204ec939eff926a66d79b75227320c5aac67ee369b7e5c0e2a9f1adc7b9be3414da8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 75f1d5724eddb6c481e2e87727c0a19d |
| SHA1 | 3cfe079018e25b2646f23e0744bc5af2114ee256 |
| SHA256 | 751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c |
| SHA512 | a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | c8e9e47eaa575af3e09d7a3f47ed7472 |
| SHA1 | 49c43cefb89a7adfb758c4a88a5faaf1b96345cf |
| SHA256 | f56f2a05e335c8a3578d536d200952cd3cb8dfd8ec7e78f60a251b91899f2b76 |
| SHA512 | 29ce997447de6a0c89cf25b2d082d51ed7073a54c408198dda09c1a3fbfb8651ff514175b62dfd163a2212f0e243167d38038eef3394d0337fe84b1deee941f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | 6b1647f87ad693d177429042a2b53381 |
| SHA1 | 778dd9f5ee99236e23f224c1ea5ae31477cda774 |
| SHA256 | 0e367dd125300d8405ea99966ba138b2c6e5b98f0c4b0e842c6c3e1a9d42b847 |
| SHA512 | ae2fef8be658be4e06f60ab9dd86c57abda7c0ffde5b45490699c618a3ebe3fcd08a6ce01f933cbb04e0ca122085e9b0f5e3cb13be5704c1c4314d3302c3732d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 48c80c7c28b5b00a8b4ff94a22b72fe3 |
| SHA1 | d57303c2ad2fd5cedc5cb20f264a6965a7819cee |
| SHA256 | 6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356 |
| SHA512 | c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | f85e85276ba5f87111add53684ec3fcb |
| SHA1 | ecaf9aa3c5dd50eca0b83f1fb9effad801336441 |
| SHA256 | 4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432 |
| SHA512 | 1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe2a36201435d30a61aa3cf51dbc83ab |
| SHA1 | 97e4269d88040823396bb9d7e5b2a3faba2cf76f |
| SHA256 | e1651116357c86f2522f02eb6036ff2db3b0175f44c61459a7efc656e12b4870 |
| SHA512 | 00c66d50b48866af4c23e70f52555b4867e3055e7c1e578ffe77377a4d771b0aa611c7f7214b3ca7eb9399af512ef19103f7d0718110b3ea53b44cbe4c7242f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587932.TMP
| MD5 | 211596234272c1b26f2f81719edce769 |
| SHA1 | 4cd17c471d14e385c0ff69fb441bb1b989cadfee |
| SHA256 | 97cada783a43bf9740903669a05e4ce8d89541f2b5c2805d31cbd88fdf9abaed |
| SHA512 | 26e26d0f14790817016dbe020faa2cd323819eeabc87b4d4482fe1a32d07df7b0bb2048d75a7d6128c1528ed9cf025dd88eb7c6e75d38ac639f136d84c0994f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a243b342fd6393d5fa73d3e8436cc42b |
| SHA1 | 86bd92aa851e282da1b9f1a8a673692ba93d1e87 |
| SHA256 | 1040c9aac5dcf3e5ba92f6fdc0319fe23d5d9fe904e91b6b4f7c749c9d458598 |
| SHA512 | 8e6ca54289e65cc6b70733c85f584e486a704ba1da009d9ebc423a82db23d54896a3d62c6715e845b9dbd168ff12dd065646aa17cfb8672627ef2f4b94065bd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e39f2549754f6707a4574cedbd434ef1 |
| SHA1 | 468690ddc0fad7236bbb315106584e7928b91dbd |
| SHA256 | 08052621e343e6b2d6cf56103212d0577482ac76e39a3d8cbd51e5755a7e2d72 |
| SHA512 | dd78f892189166ecffa44df1f910bda86e4b29222d574973877cd431efed9e4d014bcab17d6067968e2ec1f6378012e3e86195b2babe84027bd5550fd4e4f7dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 455ad54ed12b135f77ff2c6952a8af78 |
| SHA1 | 2e465c77b6a02d6bb0b4b2eab638a636888fbfe6 |
| SHA256 | b9d45b3c35f8ee6df3787b4a925bcc32111734b896cc92cf06507b3a390081af |
| SHA512 | 55534194270ebdd0f0a4402075bc300039ab6838e0708df86c84282d0c6ead9c14081b2dd534719b56bf0c388c5954862b32afc735c45c21abd5039666c7a661 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58871d.TMP
| MD5 | 0cd00e4e93f54e6e1aa7c13cc09faba4 |
| SHA1 | 47918088dfdd6ce4e68ddfb8c575ed26fd1f34c9 |
| SHA256 | 90192ded72787262673e42e7fdca178de3da17a44c953c067a969e95b3eff214 |
| SHA512 | f242d418ae9e1b8a0d8905c506e1bfaff2875be369b76bd7bd36ff81092c76d1c787603d9771a963e525497ae6c5092bf764d85e02580402eb20c0fdec79f4aa |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 5d061b791a1d025de117a04d1a88f391 |
| SHA1 | 22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69 |
| SHA256 | 4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc |
| SHA512 | 1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 3c6a1faaa3b579187ebb77bdc91821b2 |
| SHA1 | 4015de1744527eef714b16d38b7c16e34c4fd087 |
| SHA256 | 95225e9444eae70ba4edac4dc12b6cabf2140514ec7635d4dfaa5275fd846e3f |
| SHA512 | 2576c990f647d752637266bd749668bc764c7e3d2a8ebbcc5062455a027c01876e39f18475bdaba01b2ff71b1ef4a5338d94116b33cd93e719c227bddbc5d5bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | a4159ee738530dc3a6d4759cd809e1d7 |
| SHA1 | f47fee5a1eb016c2850f857840f606be76abb93d |
| SHA256 | 3160ff5b0dd54a898b490f2e230051e5ac5b1a09e905608857879583b8d8bf8f |
| SHA512 | 8cfb1014b51f6bf4bd47fb92919d68b7e517df377e7876d24bb361c70c02b026a0e2b2ca983dc0289dae183962e1435f91aa9f6ca77e875abb33ed8861c3b438 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | f04c777cf0d23cba40253a84835f661d |
| SHA1 | 4aeda3a2af283d717b72a158f56c7759aa6fb730 |
| SHA256 | 5f373a391e65df568424bdd62b1b6eae88200569f26a0c7869ec5226e03f7564 |
| SHA512 | 9c2fa3579333455e925873b521205e8a1bbdb5599478609a8c96f42fda89637af7dd7fd5bf9e29dc39076b315f04c952c57ece65f9e1205e804fcb7076ff6500 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 01dc202e082a44143beb46ec377f99a9 |
| SHA1 | 741c417b8b67418d357a3b853c8a9b14f2fe7498 |
| SHA256 | 5a73718ee72f4f9b4150af205a6a6cfdeb5e8c5e920066b342029b497e8a463b |
| SHA512 | c1619e2d3d074ec50d50c4356cd98f8fc00dd1c3511a186b4133a1b97d54b1d36dd4570c93506c017b64aeed007c2e792f5f8793cc00537b2ee84e5fe0882a24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | fdca3a0204ef9926886c8885211cca29 |
| SHA1 | 269b99f3ca8f8411d255c01cbb68ff4946b8c74e |
| SHA256 | 396d6ff76943706d33cb1675d2af52bd6cb6c29c149a1c4361c6fbda6537bfb0 |
| SHA512 | 2acd9c106611b4f15d0fb1f71c4c2cc5d72d85cca9005a60adb34d393a85a259fdc02c00db907c4902430aa14254a83697e1b649d47371a57316a82b1f3e4e80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | 08d22b7b5d3d16b28250c2c845ccfca3 |
| SHA1 | 4093b14efdcb04208a0b9630bcf258813f087ff0 |
| SHA256 | aa09076eac69e0ff314523e731b03c77790a9b87dccda6ab406913fb2b56f374 |
| SHA512 | 747c131ec0378273c77895258ad21218069d2cc1328773a3c0c707d9f2bc64647338f453c518a7cb129e3d4fce9fd64105383dade0b98c0131222f9b41b9e666 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | c5f3e3eb6f23b67b0edada18156c487f |
| SHA1 | a63aa98f3396b08eea066ebd9bf102cf2253602b |
| SHA256 | 0519e8dfe9cd403182050c3d30d063ce0deeee7135fcd3911bd7a3a39a78468a |
| SHA512 | b161c18061a5f374c169e7c84ba2b3b9139ab693274e4cc780df36789220a4dac9e27b1f415a137bd59ac97538e72ddb37f66ab766aaf71c4cce033255244fb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 7f8a4f124f314e0f1a6d26a2ad2606f9 |
| SHA1 | b10bfb19db2d40eb4ac17735c385493e7dd04c48 |
| SHA256 | 7bb5dd5ba2a9a34556880c1a064625644803bc44e86914e0185ba6004e917676 |
| SHA512 | 217479bdba2eff0c329faba1f3c90cb287a716d50c1270617231efd40fc554ff9867875582222dbe0120d0f0325730fa4e43ba76683faea1cb8868e10e0f13f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | e66db295f52d6e8c7df84a33eb14366f |
| SHA1 | 6b15e68d92144eb3079e36d2e7aef7d633894051 |
| SHA256 | e6332d9f0159c5582c9556b0895a3d75c56fb9ae48f51c422a74e4c364e61399 |
| SHA512 | 3aec69bd2c144347055d7ff5a3caaac1485b2d15484932da455f7a616869afe5a4ec6aa4c2df5b28e75b93659b8fcddf0ebd4b1e70389fb1efe5bef24f4680a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e
| MD5 | b0019805fa8599b0581c8a5d634835e3 |
| SHA1 | 3c001c854081475674f1420d912c61ab4c12abd0 |
| SHA256 | a2206425ee994728219bd4799209a52cb3e01a04db45f85d2de87537134ad31a |
| SHA512 | 463fa37e83885a628d5c3f4194038ccd86bd9fbac913cde2e0eb5a071be38e83a96141de8b7a4bf6b93f6e7da357c0c4af197b25ed2fb0ce240f9b333e2e160e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1231149a881db0898610d8de9df94efa |
| SHA1 | f76b22df07b876b0680a867d8f5344f5e2994a76 |
| SHA256 | 7f2b2541b89d2605594a03b43deed4fd2d28c3e62a61fd29e4b8c25be08d170a |
| SHA512 | 6d912f8f3f538e37ba6370583010313370911d9256bda3ccccf719c68df8e621aef791e5ea9489e7cdb8557e323fced83c5c71e381ed96eda68254ecaffd689c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e06c7942782e4be013457e7593e8818 |
| SHA1 | c27740b2c72f44b6e398123efdb0c41b5f6cf259 |
| SHA256 | a1d2b1eb51d5f809a1d6e15c3bb6cdecccc6a912106040943ec7631b27c354f5 |
| SHA512 | e290a6ef51cf1679f3e8f8d2e5a210edcf474321b1c671c14c61f24f688ec7fabd33c129dccc79e04f8645a56e9f3552fd1ca0d5da318eb62d1e7ac1b98f6c8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 93f1c125e8b1c016c3009e074ee5f9a7 |
| SHA1 | 080eeb1aa2e543ba601cffd16c2659c4e3a8d586 |
| SHA256 | ad30374b000839deec76125d549201be40801e4e0f47750111b209ff85b5aa69 |
| SHA512 | e64fa2a04b54941e283537c935a5eb7ed0cbd2a4e41df9af794c1f9b975382b5052d8de6f80e1fa3caa217d8891ba1bf3ffe258cd8a6a4588625ae57e19397c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a1bc5bc4fe42353a85a43f61240a1570 |
| SHA1 | cb6550af5c9081758b7078c645a0f77defbcdb5c |
| SHA256 | f0cad979aa43c697d633fbaeb90d1755cea07e64bed1e1922ce45b8c774b99f5 |
| SHA512 | eb7a4b44b0cd9b8a3d1eef423374e566c625585ecbe2d51f7eb11c29feb1975c2fe7d5a63c41a0384b10de705a12ef04c3bf5ec3190fcd9bb224139b97beb6b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 560a5a728f1cca866d1f9c5ba8fd17bb |
| SHA1 | a47688ca8f1e6791688bb66d209f419b2133de1f |
| SHA256 | 8c6b52f8d1fb68a77e3ce326fc91892aee156d0e316a134ed5fb3b51ab79d9c2 |
| SHA512 | 273e240299afb44772c2dc41920d7ab35d6fcde298ed30b2af6a7503e94d829e62b56287da89545ddaa74aa6d1d3a6ffced6a3517f276193c5a39c4b2816d90c |