Analysis Overview
Threat Level: Likely malicious
The file https://github.com/pankoza2-pl/malware was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 08:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 08:28
Reported
2024-05-26 08:35
Platform
win10-20240404-en
Max time kernel
100s
Max time network
238s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Monoxidex64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611859017496196" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Monoxidex64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe2289778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1908 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Users\Admin\Downloads\Monoxidex64.exe
"C:\Users\Admin\Downloads\Monoxidex64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe
"C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\UnlockUnpublish.m3u"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1512 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\$Recycle.Bin\S-1-5-21-3699363923-1875576828-3287151903-1000\$IPSK9RZ.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\an.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\nn.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:82945 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"
C:\Program Files\Java\jdk-1.8\bin\rmid.exe
"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148482 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148484 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148485 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:214018 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:476161 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:541697 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:82954 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:279556 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5840 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5948 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5352 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5752 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6164 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6072 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5184 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:345095 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3172 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6276 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6320 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6248 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6380 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6440 CREDAT:82945 /prefetch:2
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms"
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6564 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6656 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6492 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6772 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6896 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7000 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6192 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:410628 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7068 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7288 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7576 CREDAT:82945 /prefetch:2
C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7976 CREDAT:82945 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\??\pipe\crashpad_2752_SQYAWTCBBRGXOMSB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6208f64a8291d921e53d0dac5e5832a6 |
| SHA1 | c3fe51a32d1e01350943c28e269a8bd392cbc0a3 |
| SHA256 | 8fa457a4c7ebcee7dde4bb88d486363bcf7541d1e2ea2aeba55a3e5bba9ea2c2 |
| SHA512 | 75ed378eda9543b9b088c08053fd78174c3fac0a86d72fea945fd4a0c07e4cf2d05af0e8d72e40d93a313c1d0ae0d1d05addff8ba035b494a79a1ee54ad62573 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5fd561d294ff69d51b2dbe6d00f772f8 |
| SHA1 | 63bddc8fb589cc1d83c3ca18713b861ead50cae8 |
| SHA256 | 25864721e1b71bcce1a8d02fc1ee25d7dea636384f8f62ea1bb8f0cb52148edd |
| SHA512 | 4bb0fc18ebd05ffe93fd9d7f3d5557e4860dc492033794c1bffd0ee5db37648fb462805b5c0eda3f5f1f5852f8b1fdb578024e7bd900adfe66043f168907f347 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 59e560b32ae4775b69fb0a0335230e55 |
| SHA1 | f44d7d93b9e9587d59b194b5270a22636ba60094 |
| SHA256 | a29d9c9957647d0c94986124842768d2f92e0ddecadac28af63cca3006518e8e |
| SHA512 | bf2a57ba08dd5fe797ca2896d66ad53393355770b49c869799bf4a2cd26e57103098f9ffd2a98f1c2784c9be89a1b8652493c9057b4d0a7f90eb068c224a157f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5a246f8f269b1b8688188ca2e90104d |
| SHA1 | 061b3d9d162990c39468650550f5b4750854aa88 |
| SHA256 | c60670fe54e4de17053a3665e0e0f19a04010b11e2a66f3eec42df10088aa79d |
| SHA512 | c427b8f665c225538127704b8feb0918e0a5a559118a7078a1b785b53b7dc7aac44a8b647100fa6f971f1fab35018f6b86f8cda9f1f6b849e021370fd067fe99 |
C:\Users\Admin\Downloads\Monoxidex64.exe
| MD5 | 692361071bbbb3e9243d09dc190fedea |
| SHA1 | 04894c41500859ea3617b0780f1cc2ba82a40daf |
| SHA256 | ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe |
| SHA512 | cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a1ae39b51e7ac6fdc292af06ce755a8 |
| SHA1 | e30fec912eeedc03e92612eb3672adad207b8138 |
| SHA256 | b1df75fca4bb553274fc5d0533985472842a8509a382557f5db64466ac8e4cdc |
| SHA512 | 786cbcb0332e5799fe6fa2940729e0ac73ab3cf70610fc410bdef9b5769f2cdc8efc6f7de632e6d29e9342386d33420956a7baaee3f6cee566533da35372559a |
C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.txt
| MD5 | de9cc24f9cdb9b50e5713a854e7d2fe3 |
| SHA1 | da895eb00e8999da35f4bd3906b5c08cface6bff |
| SHA256 | c0622c7e26ebaa79fb4950d39b656e29a2392b5fb3de15bb22ce031d8c6ceffa |
| SHA512 | 75d1ce72321502b35082c0191a7c8b4b171990c1a5f4f62be69153ee5e73f5c6b0bcd6014dbca7fdfa68021896af982873137722074290f6f5ba1fc22ea1fb09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6f9b5fef0553d964cc28a0e921984cbd |
| SHA1 | 6b709790b252a5d6a7b2d8581dd73cc7a2ba2ce9 |
| SHA256 | c1e97eb09aec910eac5527031d274a111c959252ca18f0dc408041190f7a287d |
| SHA512 | ac31c4289818d4a630ff77bac95d2137db9e3a1d01bdc369d69636ab0a4a6b31c45fee5b6e1cfe1d6c6210d0f9b23c7b176f6076875a273b3a1df3422a40fa8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e937.TMP
| MD5 | 829df5d6f7498d13fd5b6f78ad62f519 |
| SHA1 | 0d87d043b63cab45d8a92e50918def32d87737c7 |
| SHA256 | c43ab888a5b5963c1f5f5764589517c78478edc2d7c289b93055d19aa411c556 |
| SHA512 | 1c715904f63f9942be0e1d27f360317aeaa00cea256cada5aa94f076397ebe84bbb118a2a5ba821eb98d1d259f0bd5cc60a85d30004e1eed243e16daa1fb2c7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d89e98965df40f07c58c9263453711d7 |
| SHA1 | 5b0e5f50f2bcd58ea3d0e04f9a8526d481cded1d |
| SHA256 | 54e77278b30a01c22cc8185dc0c605d26c60e5c43c7d9804bcf7123eb66cbf78 |
| SHA512 | cb08ededc289104eeff62e5f875a44bcde57ff54223b3f9c074ef9c8b989318124f621701942ac915a501f33d088942e669495d1ec090c8ee88a3615eae29ea2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 804326f8bd51789f9771a37e66280b09 |
| SHA1 | 041ead22b9dfaeb694d81b9aeebb74d1c3a6782b |
| SHA256 | cd2403a24316b780cd903e7aa54ab551bd51b51d7eabd6fe9f3f225e0ce39f49 |
| SHA512 | 0db74f36f5e2ba700f2f59d228285b2e68adec4d8dbe216c57588b94ec017cf20d69b3db31555d139fc1ab99b73658628df1a2f750baed85dee29482c04abc1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6ceaa130d066628509f6b4f704bc9049 |
| SHA1 | 5cb7a05aa335c18fde3c0edc788109c6446f62ce |
| SHA256 | 0bc50455eca600aa676d0abad4683023c115df27b43b9cea80ff451347d0e8ca |
| SHA512 | 75b3903000afb81d56b67f2b729408a5d5b5a106cf8443c11456c4e29ec5ff71f1d4cfb75ba3746e833618b88059a9cb42a0f4a7657fbbb3ec7161648e8cba69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc5407f9d3d900eee42af322a9e144f1 |
| SHA1 | 3b34c4cfc7c8d075696e836373476d1c0399a64e |
| SHA256 | b9256b6544eba08447066a164b72ba5f462f5566b0a3df8cbd0ae4f26ca1245b |
| SHA512 | 7be19e6316af3e4bc6ccabf538f51ab3fb682b4df53620e9aa8275672415eafaa1c6fb6d8bcdde34ae50822ec01fcb56615882dc0cd21573eda4c430b0436b56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 293c463e155cce408162528d1ec95e11 |
| SHA1 | fe53f6ff976fa4d2dde01654b3281a4d72711053 |
| SHA256 | d40787564b4f1f6edb81e29ce9fa98c4463f81aaed39c54d9965b867790903c9 |
| SHA512 | ada281e7145cab1156ed691b338052ba8b80a6f5febf68e7351c1ad13b48672c821cf432d5a93b04984de7786ea0c227add7214587398ef9774affcd4fd6f5f6 |
C:\Users\Admin\AppData\Local\Temp\026d1a02-fa0e-4291-9639-232e7cae9f72.tmp
| MD5 | 2cc86b681f2cd1d9f095584fd3153a61 |
| SHA1 | 2a0ac7262fb88908a453bc125c5c3fc72b8d490e |
| SHA256 | d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c |
| SHA512 | 14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986 |
C:\Users\Admin\AppData\Local\Temp\A9R8mydo0_1apsi2a_2ec.tmp
| MD5 | d80a3d394ccc6789a8af4bb65f90e397 |
| SHA1 | b248a6f97e672a3d06750406e677e446426ef05d |
| SHA256 | a9544cd3f648861cc1fa2f2526059f580ba07147c8bee8f5846b49a96f497969 |
| SHA512 | 1820148a0ae668a3161f163a4219c01efea255df8fee2a64898dcf2dbf85b868bcd8bbd76cc1afc5711b0c56c616a8c22b967d53af651bc3a3d043c915846221 |
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log
| MD5 | cf3c4f3c2e2c36322aa0eee7ea506395 |
| SHA1 | 172a2d0a505afcceebd0589355fc97bb8547f92e |
| SHA256 | 10150e99b4c26718d4093844091137d02ca4be0f04c34f509842023bc385326d |
| SHA512 | b1d51929cbca97b09f690f2705fc41fd98a0a8d2af57f74ce1b5264ee39c0f5304c3637a4fa4bf0f04a4cccbf7f0bcbde2f3d96436b4682bfa114a497606bb90 |
C:\Users\Admin\AppData\Local\Temp\aria-debug-1192.log
| MD5 | dc5b81d23eee4e226b024c3c3a9d3f8b |
| SHA1 | 3a53565be021cdba4c76d363e480b96b02a55bc7 |
| SHA256 | 9f0971f6cf2bcc1d7a454be58dff8a946185bf838bd5e92b6ac01ab22d85534a |
| SHA512 | 8b3bd9f4988aafe656a8dcc232f872c335bedc081c60d3479d05fa99b8a5f723c660393958f2eb6d6c6c2febad270ffaaaecb2be50ee11328ef14824685d8641 |
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | 4e3fdb936cb4c5fb309d1976bf607791 |
| SHA1 | fe0e203c33d20c9301bf21d552bab702fdd271e4 |
| SHA256 | 6f0c6ea43541db05552a5f66ab9f7af5a14b4e415efb8053b129037a316d7e25 |
| SHA512 | 4a44dfd21520bb1ca3a3ab32d6e4683c1c26b332eeb3506b893cb88b8d28f5149f4f94f7a5e495429882332eae812ff0b10a8b728102d1260b507d8483e7a548 |
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt
| MD5 | 63140c90345fc2d661b8201714b9c333 |
| SHA1 | 8763d91ea0ee88513ec77c716e124f78756bfc1a |
| SHA256 | efbc58862e2a2d1cfd8c000c1a6912d9f9d07f3d7aed65a46fce81ad241ed19d |
| SHA512 | 7acc0500b57511d7e06d267bdeeba9829ef1b0e6ea616a8668cdd7ceb16218a8308930abcbcf1a922abfd4af61f33dc8f7186979a4c595d124dd8b532fb73702 |
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt
| MD5 | d059f0703ff63786d9bac9d086e8a621 |
| SHA1 | 1f3abe3f7fd1a3fa59b903ad47b73f8d8b8b1ef2 |
| SHA256 | c32eb22aae0e60cfed974a936506ad76307614a62f3237b1095c5eca7e51c063 |
| SHA512 | c8872b53d1fd9f916e846f4818fbe5af2646d01a746cf6d077257a48d25a196b9ec112c59a55960d48a5bce22d0ad09ce712c20e76a38aa07c6d10084066eeb2 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F48.txt
| MD5 | 2850241829f8abde45231d91bcb41c07 |
| SHA1 | 05af867152afec6b707d005fbb9b2cfe375c8603 |
| SHA256 | d3c870f1f1730e4ebbc812e7b6fddde9d724093dbcea1e3d36975a599408af6d |
| SHA512 | 9c549869ec3a52061ca91a4eeb98571b14e9c4cbd0ce2e07f38f5d1aec7b458315f1747ef3bfb34409aa01dcadc33e355c465728b5699ad3ba68993609443c9b |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F62.txt
| MD5 | 05c4e7db5c1ab65d12ac28922a16d970 |
| SHA1 | c7af528221045903075f19efef33d5e536e0bef3 |
| SHA256 | 7a9e6ad7b13fb2cda6fb60fa89d0d4c0e6a708160c5dcde30207a13c9ef292ee |
| SHA512 | 77862b93d32fde1bf9ed7d60fbe044c8f5eb6e85d1d7e514c13fb5af9c377ab50fdb0d967047c5cd047e3676b525d83b73874cdcd4a0e85fb4a800339ed6d974 |
C:\Users\Admin\AppData\Local\Temp\NDTNZVHN-20240404-1224.log
| MD5 | 10df6f1fb06ec03044260a7cd074392c |
| SHA1 | d8f976e3f3c5801bbadc627895e2283a40852027 |
| SHA256 | 026b45a95b166c64eb8fa007d9d8110d7403f7ff63c08296bf5d9048f2505bfb |
| SHA512 | 8b216dd5c03ad4da2c97284220497437ca29a7e315ee3055aea5af5d8025c400487c54c73d932ab73abc8673d2f2f5c3375d21cb54b5afcbefd1e1cb87a8defb |
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240404_121956800.html
| MD5 | 0740a5de530880b0f2c5cbe8bb95a71d |
| SHA1 | 344368186c325c615f2d9e426091e2b08d9aa400 |
| SHA256 | 69a884fb2f5f622b4a0b88fe15764a21065991a69a7c7272fda13136224595f2 |
| SHA512 | b5817b75583bbf0bec3967fbfd60387d6c1b6106e9bfb4600b712b91a48abcc13778757339dde5f3c9547595455bd3e6e4decf0358e7f2424e0c4957bff7da03 |
C:\Users\Admin\AppData\Local\Temp\NDTNZVHN-20240404-1224a.log
| MD5 | d661c56349936db3313def21f44bb7b6 |
| SHA1 | 00cec397371f5a0d1efb39b0867e96d026efde3b |
| SHA256 | ce1e9b82a9957659379c348f0777bc9111745c3cfc3a139ab915ecdda84deeef |
| SHA512 | 2d1f9d74c8ae253a1ef974f1670c0ca36ae09cb4e933384511919abad39977dc1f209a7367e79b0885acb85be4f90fc23e76a0ede5b96d814a8b8a7f87743806 |
C:\Users\Admin\AppData\Local\Temp\wctEA1C.tmp
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Temp\tmpFBDF.tmp
| MD5 | ab4df4168f941f5679eb7119ad5173d9 |
| SHA1 | 318ef17a1e36e7d6ebec03bb05598991a2fb0cd3 |
| SHA256 | 416a897d88bae305d497c15f33b500882e744e8c8aba47d7613071ff38e5d90f |
| SHA512 | 71bcd157a57f8b68cb0d51e1beeeb270be43043516d7de1f0f9914202cbf5011aa65b79c9d7f1eb20e2da052be005000fb3759d79430c8f60fc8333b107c3a27 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | d63f3150ecdcbdb09cd01d62ba4bbc7e |
| SHA1 | 2d886ef03392409f8108d1c12777ef83516edc49 |
| SHA256 | cfa56075e13d8c466759e1d8776be9e3c6771f6fda2644886834c559b9eae008 |
| SHA512 | f9c8b4654e975d7c9ff1db2c0e0dd07ec183c5a58dc4253c8cd9b553a2cd9c1adc4d08dd50363f1ae9c1396831e9d71ac3c07191d1bb58aafa92b19512c9f475 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | ea9446862246c7213dd9ccda2d37d0f6 |
| SHA1 | 40867bbb224aded46a3429b4be187256be639174 |
| SHA256 | b0631e73adeda5c45efabf53b4a4a119d5c2634c15e38250f8aaf11144035117 |
| SHA512 | c746fa4fef0a115c49858a3ecb503b9fa9dd3a1831eec124850ca4d33b8f8aa69ecec16c9e3305c5264f5225626f216f56256d69786f11fe18e5f244b9fd826a |
C:\Users\Admin\AppData\Local\Temp\jawshtml.html
| MD5 | b2a4bc176e9f29b0c439ef9a53a62a1a |
| SHA1 | 1ae520cbbf7e14af867232784194366b3d1c3f34 |
| SHA256 | 7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73 |
| SHA512 | e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f |
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log
| MD5 | d68042a9ab5b488cc088f760a97e6220 |
| SHA1 | b33e14b4a4182bfb9c832804140eb3ca541de9bd |
| SHA256 | da6c6e148177d640475b272085161158fc2eb7dd2aa1819f52b8d076aa77c528 |
| SHA512 | 74029a4b7bf8e36eaa44eec72f08cc57eb6fec11cf31663cbb5b4cfda3d3497b9a723338c4ca51b2da29543da79db9ab58421a2bf2ca04d140662b90efa26057 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F62.txt
| MD5 | 2a473eaebf3ad02a2c32a7c15308ab19 |
| SHA1 | 1c915df7f513e7d434f5d16285f0c504a7c2a53a |
| SHA256 | 27b5408821e9896167182e1a276b6b025961cba888d886c8fab78b2c77249f5e |
| SHA512 | 82b7290d9bbc31e1bfb303b84dcd6734f36170fcbe026ccbafd4f25edcc321d82ef311647dae2844265c24d41c2bc8eb86ac194201c66d19c8dd6f3a386a66b6 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F48.txt
| MD5 | 50ce1e211c04b27a0640f404f9e95d73 |
| SHA1 | c34ca5aac1f5ba244344fe508f387a225c8ad527 |
| SHA256 | 1f8ff9371f3f6014d55e78e2fa82d15369ac3cd2e625dedc772b91c2a318e7d8 |
| SHA512 | 0c0b521c8a5a7d6bd1f667681664ed1e23610aaece1a3a160e430bc807fd40f4f1d747a962fe88ce1c672ec364ba7af7ca5ebca7f6a596914565735d0b02e945 |
memory/3176-391-0x0000022281320000-0x0000022281330000-memory.dmp
memory/3176-375-0x0000022281220000-0x0000022281230000-memory.dmp
memory/3176-410-0x00000222854E0000-0x00000222854E2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d0034464d47345eda1bd5576c2c50cf |
| SHA1 | 7a7cf444d2c752ac2df79103a8b951d7ce10ecc6 |
| SHA256 | 2da88dacf5752efe7ab79ef7600e03c6380b20fbaa18751fe9dcc37c325f56e4 |
| SHA512 | e03943fa99b2455c1654094c89700b9f69a30d33b6dc005522e55e12c0931a0ffb09471a619e70be6fcf56215c3a5e452cf934cdd21235631b955f7a0ea8f6ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94133f497accd38546ef4b72140e5321 |
| SHA1 | 4f540a01f7ac3c9d8f691e9813471e15cc1e2474 |
| SHA256 | d395e14f0323171bf3ce01fb8f5e623a776b788c336e8fe0847ce6e017aa2af0 |
| SHA512 | 91893ab2dd418a79dec63d488d413d5287e20f763cd263f37c6e246f56d9add5159224ec495d942bd2dade7d7eca43b608ef0db6be2e30c59ae47a918896132c |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 191f18f09168f57cf73bdbd2171f18cc |
| SHA1 | 89be102288e850afcabe5dfd8a0fe22d82a95193 |
| SHA256 | 4fa1bfe5ebfe8e82072a950592de03a5060aaedf9befc9934fa2b607e4c25cc9 |
| SHA512 | 3555d0d07d043c2b975180df8a860ec93c17f50fd6d9c4d3ced0d6793f9e2155072eee4492f72889568bf795f724ab65362b716489b13dd4ed337ae117812a57 |
memory/2228-638-0x00007FFFDF930000-0x00007FFFDF964000-memory.dmp
memory/2228-655-0x00007FFFD0380000-0x00007FFFD0391000-memory.dmp
memory/2228-647-0x00007FFFD08B0000-0x00007FFFD0ABB000-memory.dmp
memory/2228-654-0x00007FFFD03A0000-0x00007FFFD03BB000-memory.dmp
memory/2228-653-0x00007FFFD03C0000-0x00007FFFD03D1000-memory.dmp
memory/3176-656-0x0000022286740000-0x000002228718C000-memory.dmp
memory/2228-652-0x00007FFFD03E0000-0x00007FFFD03F1000-memory.dmp
memory/2228-651-0x00007FFFD2800000-0x00007FFFD2811000-memory.dmp
memory/2228-650-0x00007FFFDBCA0000-0x00007FFFDBCB8000-memory.dmp
memory/2228-649-0x00007FFFDE090000-0x00007FFFDE0B1000-memory.dmp
memory/2228-648-0x00007FFFD0400000-0x00007FFFD0441000-memory.dmp
memory/2228-639-0x00007FFFCF460000-0x00007FFFCF716000-memory.dmp
memory/2228-646-0x00007FFFDE500000-0x00007FFFDE511000-memory.dmp
memory/2228-645-0x00007FFFDF6E0000-0x00007FFFDF6FD000-memory.dmp
memory/2228-644-0x00007FFFDF700000-0x00007FFFDF711000-memory.dmp
memory/2228-643-0x00007FFFDF8F0000-0x00007FFFDF907000-memory.dmp
memory/2228-642-0x00007FFFDF910000-0x00007FFFDF921000-memory.dmp
memory/2228-641-0x00007FFFE02C0000-0x00007FFFE02D7000-memory.dmp
memory/2228-640-0x00007FFFE0780000-0x00007FFFE0798000-memory.dmp
memory/2228-637-0x00007FF63C2C0000-0x00007FF63C3B8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1fa438799265bc231ca5ff736aad9dc2 |
| SHA1 | 95b48e6c8f177441749a7e6ce0e87f00d7a16402 |
| SHA256 | 6816ae979f8596802bab8823d9bc72a36aeb8cd44043ea63a5af086f1676b18c |
| SHA512 | 3a379f0f9dceea24133ac9fdad38ddd01344bebf35a5c5fb7699fd233a0716dccb3e8a85b0299b40cd522dec2a62c5740ceb935f7a5381092c569993a391b638 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
| MD5 | f00b90b4e87e6d1405ba3fd6ac34eee3 |
| SHA1 | 47250ae41099635e396ffdb5d1adb7b18aaea432 |
| SHA256 | 3955ac256a55537fd2882f4f544b93940fdcddc8eafab9b1c532225984aaace2 |
| SHA512 | bf2ab2fb70eaf968f19bfe373a89e3c3fdab2440b11fb0e442c147c779980cc000b69522bfd2f8f0903b7a83fd212588bf34122bdda486321234da93ee5c3ebe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e8038eba161e3234c164078101ea6a4 |
| SHA1 | d721b355f18956242133e282619ce5db94edf8da |
| SHA256 | 20e337d2b957ab089e2758a7f458e023504680a28661b71b800c007d9c852f3e |
| SHA512 | 106cc63acfdc220f6e952ab84409267b111e71ff768d03a182e8c52e81fe8f33d82a6519c41964adc1436ee1c00fdc7cef604067dd947fa2de8cc5a67fccbefa |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | bcff086d72cc037eaae049b54b6a6c34 |
| SHA1 | 99ee3636b2fc6c12365cc1b16cbc84c206e3b9e8 |
| SHA256 | b6ffcaeabc5b2e2c6d82504d38e34c029e018d3f1829a1721d31f79e99cdd563 |
| SHA512 | 17d5d1466236a025cb549396e158eedf46e0dc0dd449551822bf70f6c328321df255e3a9a4ddead116f15486cb8bac15bb9ee6a658434a37a0c18af9d3df9ba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | c64929d71f8769929406b672778db163 |
| SHA1 | 9dcbf05f8029ec6263ec43b6958a54626adb62d1 |
| SHA256 | b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a |
| SHA512 | 9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 84e87beea9b8c401b5b0a42f7d7c3d8d |
| SHA1 | 341c061d184723b1837bbff49f204f4d2838cc78 |
| SHA256 | ecd868ac5b95fdac31b63fe29e125b153dac83d0f1fc9188cd32a6bba3422a77 |
| SHA512 | ba1a60283e56d8dd5b7f8791a1d776ac1420f6b709a928963a1124cf431c2fc9cfbea4e5278429471d0d31ac85e3bbdd639bc59ec146e3382f59194d00e41c34 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WFQ509M6\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | ea10b726744600b1ee6240ef1d8ed6b6 |
| SHA1 | 96bcfe8d4f7a058fe7a9ddee2801c924571726d1 |
| SHA256 | 9ce5bc30c985212de5fc903f646c6d0b8edc81714d528ab96a131ec228d8a602 |
| SHA512 | 94cf12c6f271346eb8e58f05e5b65f6193f67a972ce2d52e129a567adace22b41fe4a5b75d88740921ccb9292168bb728f3e62e06873495ac45840946f49c88b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c41ab5352ba79baac9ac093dd7eb2500 |
| SHA1 | 1ffb0e70f86845daba211aeda43cad539d34ffd3 |
| SHA256 | 558e13bb7aa293569457e9703d2db37e8365e2ab670b2c3484ada9336ed24895 |
| SHA512 | ccebe3f11039e14d39d4102652669fd372d179778bf73fae0659dd01da569bbf850b273cd3a4e13dc77b3fd4fb4d84d01525ac3a0dcb23b297c733da10bc2ff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 534e5256a495b2e2d7df7bc39f075de0 |
| SHA1 | 07b7940befc4b0dca22ad6c69afcce196c256f51 |
| SHA256 | 609d8b31963470dda521842e55d0e15a4dc230610de791df9ced02453530d6c8 |
| SHA512 | ef75669b8866b395014db4407c1ca4587001882fafa53c62e8ee1277c405819980b76d3238944594dcc3c3cf5945b5f5df658a46f7dc078d447107342aaa6987 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\xmltreeview[2]
| MD5 | 03710426ab25ad1280e197f61249f9de |
| SHA1 | f5e7a6fd42503ae4758bc36c8dd78d98efb35047 |
| SHA256 | 21e63f7c77896ed2b5f115957f2448e0a9e2dd738d7d487e471217421f6a93e1 |
| SHA512 | 213cb55b8573335d1384ae704ff4267f224376056f71548660f9b2fdaa1203d8abddb787900aaf5d1e0ac6e5be261f713bdbefb67643d08e8d3672512a1af588 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B564AA6E-1B3A-11EF-B03F-D654E02D47C9}.dat
| MD5 | d4a494e68ef01d137cf9849d8de23838 |
| SHA1 | c7811fc0e829c5228aa7807bf00e0ea60119ffa9 |
| SHA256 | eef4c13ababf11784a202ff9985c740c541f7c354d1c45fb0a48b69c1a9c4f7c |
| SHA512 | bd33988ea7a0fe4715f67ef042eb006242cb56bd483881e2610d7bd885801156df8618f73b1e3b672bf3ea3482fcd1beba31462a7f4ebfd72d1ced35c2eeebd2 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | a839568930bd2751c309d61b4d031efd |
| SHA1 | d4402953a69e83bf25a809f2833af1c2435e8d2a |
| SHA256 | b83d3390f9425789b2282d2a2f0c9758c5d34c1571c9f5d7566cd0fa251b3f5b |
| SHA512 | fc4d83e5da4a7f24e465419929ce82c09f34a245bbc5e1551075128bdd274d1834702f774081b4c6f56e611c28eec205217dd512be25816e3af8d09d966b551b |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 89ec09e0bc444730f68cabaab3ce1c49 |
| SHA1 | ce76c7aee71bf17012903223931228cffe846b8f |
| SHA256 | 73bad53d60567998551384427e9b84214ad141a9bbcecf8b6e29686dca4855a2 |
| SHA512 | 9471a8b30c4317a91c74f2116b8330e3bda3f735de29451e8e6c8e21ae463cd5f57cda1c14746fc9acac551a1e1e224f17dc224980dcf7cb9967c6f314d40fe6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DP7TYXVV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |