Analysis Overview
SHA256
f852b9baeeefde61a20e5de4751b978594a9bf3b34514bc652d01224ee76da1b
Threat Level: Known bad
The file NRVP.exe was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Possible privilege escalation attempt
Downloads MZ/PE file
Modifies system executable filetype association
Executes dropped EXE
Modifies file permissions
Checks computer location settings
UPX packed file
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Modifies Control Panel
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-27 14:52
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 14:52
Reported
2024-05-27 14:57
Platform
win10v2004-20240426-en
Max time kernel
300s
Max time network
299s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\MicrosoftWindowsServicesEtc\\xRunReg.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\system32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO098B756B\MrsMajor 2.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO098B756B\MrsMajor 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eula32.exe | N/A |
| N/A | N/A | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
| N/A | N/A | C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MajorX = "wscript.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\xRun.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\sethc.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\taskmgr.exe | C:\Windows\system32\cmd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\WinScrew.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\breakrule.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\example.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\bsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\DgzRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\healgen.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\rsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\bsod.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\cmd.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorsod.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\thetruth.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\fexec.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\RuntimeChecker.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\Major.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorlist.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\checker.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\clingclang.wav | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\eula32.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\GetReady.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorlist.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\runner32s.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\excursor.ani | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\fileico.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\Major.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\CallFunc.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\runner32s.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\GetReady.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majordared.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\NotMuch.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\breakrule.vbs | C:\Windows\system32\wscript.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\Cursors | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\NRVP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" | C:\Users\Admin\AppData\Local\Temp\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" | C:\Users\Admin\Downloads\NRVP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612952049580722" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NRVP.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\NRVP.exe
"C:\Users\Admin\AppData\Local\Temp\NRVP.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.0.893224951\1262154544" -parentBuildID 20230214051806 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d2eb8ff-f9d1-4732-9445-26b496fb378c} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 1700 20c10f0c158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.1.477770583\1971141599" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce70d517-0292-48fd-91b3-829a260ad324} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 2436 20c04189f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.2.1595849929\1555387790" -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d67e465-2424-43d7-8c1c-7f5b94a0b617} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3220 20c0fe91458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.3.171984943\1264959429" -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85a65153-dc30-47b6-b123-c4163a238166} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3472 20c15e0cc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.4.707151092\222564831" -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5396 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa76e66-71cf-4fd7-b4bc-166c45179044} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 5412 20c19286b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.5.1601674998\1166460487" -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ab8d93f-d581-4abd-a952-c514e6090b9d} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 5532 20c19285358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.6.1588314500\1267140717" -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5672 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fe966de-82cb-4839-82e0-2da05845bcf6} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 5660 20c19285c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.7.2134729807\1604707638" -childID 6 -isForBrowser -prefsHandle 5900 -prefMapHandle 5904 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b0bbaae-8b31-4717-aaa3-44f1bf642caf} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 5888 20c1a1e5558 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff19e4ab58,0x7fff19e4ab68,0x7fff19e4ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2080 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6a538ae48,0x7ff6a538ae58,0x7ff6a538ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5540 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2504 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5792 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5892 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6112 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3064 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2780 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\MrsMajor 2.0.rar"
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6060 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3064 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4892 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1176 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5512 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2756 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3184 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3988 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3120 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5380 --field-trial-handle=2028,i,8300635577568502147,530411097299386481,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zO098B756B\MrsMajor 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO098B756B\MrsMajor 2.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A46A.tmp\A46B.vbs
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
C:\Users\Admin\AppData\Local\Temp\eula32.exe
eula32.exe
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\CD7E.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""
C:\Windows\System32\takeown.exe
takeown /f taskmgr.exe
C:\Windows\System32\icacls.exe
icacls taskmgr.exe /granted "Admin":F
C:\Windows\System32\takeown.exe
takeown /f sethc.exe
C:\Windows\System32\icacls.exe
icacls sethc.exe /granted "Admin":F
C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 5
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:65349 | tcp | |
| N/A | 127.0.0.1:65355 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 44.237.98.207:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 207.98.237.44.in-addr.arpa | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.75.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 142.250.179.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.75.246:443 | i.ytimg.com | tcp |
| FR | 142.250.75.246:443 | i.ytimg.com | tcp |
| FR | 142.250.75.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.75.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 246.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| FR | 172.217.20.206:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.206:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| FR | 142.250.179.78:443 | drive.google.com | tcp |
| FR | 142.250.179.78:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| FR | 172.217.20.161:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.20.217.172.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | tiny.cc | udp |
| US | 157.245.113.153:443 | tiny.cc | tcp |
| US | 157.245.113.153:443 | tiny.cc | tcp |
| FR | 142.250.179.78:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | 153.113.245.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| FR | 142.250.178.138:443 | blobcomments-pa.clients6.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| FR | 142.250.75.234:443 | content.googleapis.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 142.250.178.138:443 | blobcomments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| FR | 172.217.18.202:443 | content.googleapis.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| FR | 142.250.179.74:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| FR | 142.250.179.74:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| FR | 142.250.179.74:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
Files
memory/2104-0-0x00007FF7690E0000-0x00007FF7690EC000-memory.dmp
memory/2104-4-0x00007FF7690E0000-0x00007FF7690EC000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e752331b390ab53cc857f86514f8b8da |
| SHA1 | eaa2245e5f60712f443c54cefd570cbc5dc18776 |
| SHA256 | 86770bbc587999b27762a44d52586aced19973db6f71cd5cbd7f80a61ade20e1 |
| SHA512 | d6d5a11224888939227276abdaff2838a2df6f38ac44d35eb9e64188617afad60a4cfbdb415ae5d42b2b8e536fed3f86907c083a6e8c8ffbcef22a31499effa6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 9a1af439c7886fee1dc8e993bc1c67f2 |
| SHA1 | dad3204ae5e28817e936955a123e01fce7f3e60d |
| SHA256 | a1fa5dd9bace883053ef98966fae482f9d4cf0dc51919155230bbd216522ed1d |
| SHA512 | c45ea6051ef1911828a067163ac96d5b5e7378832abcb9b7538949542246cb7fe37d295f30d76ee2ea03e1357be6a7c026b6da3536310664122c433efe639cd5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bc34f5e5b28effa53304faf724c0e8aa |
| SHA1 | a2df529145655e54d2ba8b66e4f60a82f1d65824 |
| SHA256 | dd7860b39a4cb44ae6e636ccca890d4b3ecc68023003feb76f26c4ce06523719 |
| SHA512 | e847126bc66b5aea4ef02e887e6ce14915f68f7f2eae4ae7f87f7dfa194f52f9911823ba493989e8a6711686a133ce4871e935316143baa27253369061474e40 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2152da896e32c2ddb6631edd414d371a |
| SHA1 | 5b341529e48ce0ceae03f7559536aca388c220f8 |
| SHA256 | 7f9c3a2c33f080186fa0d28988424135b59753036cebf97396fd16679465c0e9 |
| SHA512 | 34f6acd6d15e0b672419567ef394e2a014074741cf64aa344b356ac007acfe862ceb9005b60ab3f00d6013509e2fb9eb209e317a100834bf64b417354b0b585c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 03d68418211775eeb1b7d008b88ef5fe |
| SHA1 | c3d71162464a890224e519285f325faeebdb7f74 |
| SHA256 | ceecd660bae22e056068398d8c0680d50626088fba07fc243a210ade7ad1bead |
| SHA512 | e8a4dbae9aaac2f661dc88c5ba447583474f43b1b6a28d9abd50f50fdc18ed771f0250e7abbf41b4f53e6832c3fbfe62c2f9f9cd5148ab693a4f4d2cc94de435 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore.jsonlz4
| MD5 | 92c526ca17a0328c48c8a09cd67d5074 |
| SHA1 | 106e001e72ade8bc2a3a09dea7e91f9cb2550271 |
| SHA256 | 602c36b4a6972506e2c88f90a5003362dbdaa2cdaff3456179da0e8dafd62826 |
| SHA512 | 2680805605737cf886f4795483e524f9f131b0702ddd2451ee239f8eba6146d1c6840034c9e62bb60c8c5689abeccf750987231585f72ab8c01aa18876132087 |
\??\pipe\crashpad_4448_TXJAPXZZAAYIVGBF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 5208f5e6c617977a89cf80522b53a899 |
| SHA1 | 6869036a2ed590aaeeeeab433be01967549a44d0 |
| SHA256 | 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d |
| SHA512 | bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d0f9cb501202620b6c28edcb8c41afef |
| SHA1 | b25a04f913280275900f8fdaa13f498336a649d3 |
| SHA256 | 68ba5851ecf83ed08bfc6f5b22721774911a111e9617041cce761037f531590a |
| SHA512 | aa23f6ff3fbb8a658ceb7738a6f2c10d0a7b40ffed598c08fed4deee60b211e6bda1492a8a61e6174395f54c82c732dbb94e027e04b7b6d9a4ac7dcffafc13d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55a6fa05bb2b01e93d4fe3f0b0b61425 |
| SHA1 | 8475dbed25d4befe80934d4ad9b300368880823e |
| SHA256 | ba9f2e25b2fa19befecdca1a16b3de34952da79dee6291ff8c76c5c48289f4b0 |
| SHA512 | 56a57941dfd47609aa01b6219dcfb9df8f20d7eeaa0a073fb1537b8fec70312cd92d8bc79da200f32e78adc5a973dc3544407fc7bac8d3884aec55a2569ab266 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f7ac7625562cce9f3c5d5b7c1fcf5a1b |
| SHA1 | 592899aa0a2ff5d45129a9d9ab1d231576954ae5 |
| SHA256 | 94631e6485495af8629be509ad4648b294f4c6ad80d90a4973efb2e9a964b255 |
| SHA512 | cc23a031b2334cd94ac5516af5aef5b8b8a08541c99b0b09ad32d5451a1c93261f02a260d61a9d95387a32220e203f7cb5be0e9f5d2dccd69329f2f5d96f158b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 59d36a8b694dafa088bb1cccdfa91c2e |
| SHA1 | 066f6d1e5676617a18a0ab77837e493207e185a3 |
| SHA256 | 3f9ce6639a7132a16613e45a10f13cf53e155fa9b31d90bbccaae8adfc6d428c |
| SHA512 | a032a83fa402ca9d721d0950a9ee7f06963ebd5cd7aac6761e76bd46fa52d03573b25e013d162c8c124f0c38dbe12bb3a6e5b9a04baff2d572a524650c856532 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2166ba7462523a9904f90ce75b774e3d |
| SHA1 | fcb15c5b170e76ca828336a6128465a6659df550 |
| SHA256 | 0305469a691dd6de2e9642b032011e1b42a749c73008888e9433053e9d21abfe |
| SHA512 | 3d4063180e54a191fbcf101aab677f35121586f2795b14847b63467075eb9f6d0621e59aa57408b3b8248edbe57f52d6adbf60c03aae8cd9308913167cdb2f4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 44fa19fab6569e07dea852a4581b0eff |
| SHA1 | d9342adf7636cca836b079d1045b03ca76733aa5 |
| SHA256 | 43c7ec33d997edd476a1269ce6c4d96431e1f30c0550d48da2dafbdcb5606b8c |
| SHA512 | 366634068be76da74eaad5a19e359023ed6f1e9fc63201da06c95c717cb0834c4da940c1c5ebda74efce3b921f16077cc8c6cbca686095cd34398a7a49ed7515 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b37c89822df09a658770b4e30b57c651 |
| SHA1 | 1a27b1f95d32c02aeb763977e47b6447ca72cf2f |
| SHA256 | 618a937bde13dab4d6c10477918e3d23ff1c247c61422437e6e6f8d2dda2b8e9 |
| SHA512 | b5974a9eeb8e5a4535b4ea9a38d2196ea1ada7b99e6505f22a0a56f87c636607a5e2e0b3463a3eca33e5f67e5cdbfcb5c614273d86d6adafb4291727611fa250 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe591f36.TMP
| MD5 | 4c3314c3afe554963a6af731b9914d93 |
| SHA1 | 3569ce397e8448d91558c52948fefcd09af5b48d |
| SHA256 | 240e1f0492759f50ee72735a2ab72bbaf477512bbb89e769ee862ebc2e4727aa |
| SHA512 | 1980b68d0ba8761e6f6d2043c872ae097cf042e7ffb19178269830beba773251ec0f587be611dd5f2a9b2d2387662817442f41b2e6caeea87fc812e3147c2577 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d931443cdb5a48ca3cf200e9bdfc9e80 |
| SHA1 | 0859c78c1bba7170f335ab66c974213ac5a952bf |
| SHA256 | a763a51d9a5d61868644286b431a7540ac4873475b5312ceb44dd185a933ab35 |
| SHA512 | e26b6b3090ac2782f412d2aab4e9893a510a5f5604b041f6343c562f33e1ab144ba04e450e034c261d2ca5ddfacc1374c85056343268a536af518c0d20a58217 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 59e84e9355a4624d1aaae0ffec88c927 |
| SHA1 | 98967ad64ef449977d97761b43810c459ecbe6d6 |
| SHA256 | bf7f29bf853596c4d91919ec96b803d3c640bf7ceac41bfdd3faa048a9efd4e3 |
| SHA512 | 228bc01bde8b8e468ba597cf7534b037634c2b998424f740f5339fcccbdb576460abdc7002afe33db36245c991b869e6d309c2a5c9faeb2e1f6ffebe238fd468 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 47b395f93595ca4f975be12bf0833abf |
| SHA1 | 167ca28c6ddcdf027bd702c77c38ed9958ed86df |
| SHA256 | 97ecbaa5afa1c0d4917bffee2872dcfd0af116e6e0b820af829b543e5fec3c00 |
| SHA512 | 3a7101ff0f87d1ab7d14b21d00ff83044ba88fbd677cfb8d6b4b653d0cdb1b4180f0a721cbb151eee349d9c097becd5588cec364622d9af8559dc3d55946d1a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2db8ae24bfd66b3015351e05db2cbd73 |
| SHA1 | 988c634bb2d07133e184991b95971e835ef53a70 |
| SHA256 | 4eecb16b0183cfe7ae70392a19cce28e232d750adaed5d6dcbd34d30ca04cea6 |
| SHA512 | 1ee99bb99639e29d7f810174fcb03ac7e21d0b48617e3e76b43dbfd89c6cfa28a401a4e1f302c63ffa99e5f89f7913820d3f62f5df2fcd93676e66dc92683cb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 679c1bf3caff75a3a7a9e628175c2fd6 |
| SHA1 | c93bef36808eef89dcd14fa3792a26ff5e3c9435 |
| SHA256 | c69bb337e3ad2c1a8accea3247a44b784d3c8de55918d91493c407ae48de8b61 |
| SHA512 | a08999501f5f816ab7cb29a5ad58f4b401535fead7cae20315857489b10e5f9c67acd9ae5030e2303111db85865dbdba4367ac83a37011d9b3a1e344746e652a |
C:\Users\Admin\Downloads\MrsMajor 2.0.rar.crdownload
| MD5 | a61889efca36007831250fffb358bd17 |
| SHA1 | c835f75a8de83cbff5787f8143476b424458e7c4 |
| SHA256 | 50e0b0a6e806a837e3a7346ec2a7c0f4c36e7618553c799a88ae1658d97e505a |
| SHA512 | 8fe704c55094cba451cf12197557bd44c696b58eae2a0a9827a7feb96d67bda89e15bcf763212fdd072e8272ec6537efb738b3e18cb24c26ac7920f70837cb2f |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | f7349874043c175bee2d0ff66438cbf0 |
| SHA1 | da371495289e25e92ad5d73dff6f29beea422427 |
| SHA256 | f852b9baeeefde61a20e5de4751b978594a9bf3b34514bc652d01224ee76da1b |
| SHA512 | 878f4bc1ab1b84b993725bcf2e98b1b9dcb72f75a20e34287d13016cc72f1df0334ac630aa8604a3d25b9569be2541c8f18f4f644f5f31ff31dd2d3fedd6d1ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9ffefc7bba57f3818fc78e23c1f079cf |
| SHA1 | 0aac062cb208b53fe562424d7fbf4025567d4c49 |
| SHA256 | 9f98dd8c25c228e254a9ee331ee0d9554007c9fe56bf640673d4e483cc268eed |
| SHA512 | b83c93a8ede6ef0b30f340abdc7e4997eec251e14284ed08e2fa6390b56c4c5b4b9d4984ccc227cd88db7fc4884d2f4098a7bd8fa5ed1bd940a10b7de0a57078 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cc095f804d914a5729af3cbf2a4ce8cb |
| SHA1 | f7ee5b117dc7ced6844d819a7edd65daab832dbe |
| SHA256 | 00dd25589a09b70a8c60701b08edafcab9379580f01eb15ad12fcd48f3c00b9a |
| SHA512 | de1902ecbf053d23edc0e6f92922e04b5be6be536518a84a071f4592d6a17c44df3d198dd21bdb088722b6b23ec6247c25c37a8fea3dc474fa0e7851c02e0ce4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f07c39e97e984d8860d3de395bf0dcf |
| SHA1 | 660b1e413ae4e35f83b1c9e337b521888f7fbb99 |
| SHA256 | c13e06b17674bc7dd29b2160aa3cf2f8addda077ef938f3b8659d81141593fce |
| SHA512 | 87ddd2a2b369b2a1a0e4be7dd84d66a89366449e68bd5d11cf293ff95f0c3a5f645f9d1a3e0aabc83ba9dafea763dbab176f0aedf8246f2cbad82e6be745d2e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d6f0ba7448621f22aabdf23594a53d50 |
| SHA1 | 21ac1b4a5a6a7cb12fbc2e3df6fc2f4aa5035831 |
| SHA256 | b9304656bad1bd9a5165b2b60ac35c9165cd62c423f91e3aadcf3d98074136da |
| SHA512 | 76aa5d4469084ee18e6ee7f8ac3b4c9534955d891a08d66843c3ad6bed762d15d54b7f7d1046e91f3c4509ced2683a0c64dc68d2375ec5272215568e2707acde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59cd1a.TMP
| MD5 | 5f440d58f64c93fbd68efee2738d6a27 |
| SHA1 | f1f6a8275d6c306ede67edae5cf2762b3a068870 |
| SHA256 | 332c28e249b6821b704b914144b5f087bcef9fe8e4142044200ea090e6c5a6bb |
| SHA512 | 5f046e919f89c12c7d9aaad2fc206f95fcf97e7dce1b723ec5c7840ab34f3be147e0edd32630e139fb8cb8fa44520cd5e7ce396dd553137d92812504a0790d7a |
memory/1120-712-0x00007FF695360000-0x00007FF69536C000-memory.dmp
memory/1120-717-0x00007FF695360000-0x00007FF69536C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e7646be60ad5f6a69e6e2a45d334a8a1 |
| SHA1 | 766b452af86a9f7a26e9dfeb23efb2954c6f9b8b |
| SHA256 | 57498240608ea8e56781e29baba34eeac27222e471a7026ed6ecb0dc65706c8c |
| SHA512 | ccd56fc58370555e0c5616c65bca4239ed1fab24e0a3352502252d6a0eb7586aaa0c9c76159ef768d1e19b0c14d964c26574785a5fef9b462756564efbc4371c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 138a755d5e64a2b60d18569b7ffe6c69 |
| SHA1 | e09daf5a740f66a1c53c49c92f1cd41423d62286 |
| SHA256 | 68b3a5930d118e6ee9aea92c0c235119fe297a436e0dfee5a6e46d386f331087 |
| SHA512 | bef50c343d58d2e6c65e4d1ae89307c60e4fb97fd427771b1c03b4c8f17c1ced89f92cb77b05ef99e5a4c8a9a197e5b7a12de0a2ce489bc5141ca35829e2e24b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f8c1ff6e8a6a465766382ba81e9e90d |
| SHA1 | 17556c0fcf2cb244e274de77cb854ba4500ed1b1 |
| SHA256 | 4e18a8e3c99275f148f7b1622a33b61e8af13e66b6bade6e25ec1d89aba47483 |
| SHA512 | 5df20258a56e53234f20ed46a5c6c356e21d9acaad047e60538ba3ea7750053c28e7941927b915c926088b3726a769327d7c18f51ed81d15c522f37c9c35ab12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f687e23e0b670b008d3b7b29ad2fc433 |
| SHA1 | 58cf305ede3757747dad4177a34674b4c0a40d95 |
| SHA256 | c57da460887fa65dd76b89680d0da730327bdcec365e43907df2b6dd96f020b5 |
| SHA512 | 3f581728091d98715315a45d28ec909621582faa610734c5e983e5afb2676056be812655aa5b0a188408f1dbf709de03aef83121ade575e8d9433d16a530eb9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2f4e12605acdec5fbaf0dfe02669bd9c |
| SHA1 | fcd95246671b5ab127897fc92a85e8d440b0d07c |
| SHA256 | 32f458d1ba233bfd1f5b3e1169683712b1bba51421fe2bc2298a7f00654510c5 |
| SHA512 | b8cd3e18db00c5611ca822a9a2bfc1ed95b914ec38b659277c347423c2e4d2e585327a236d3d89668ff07fa0143c7c39e3967bacabf9f0c91429f4d61ec2b5be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
| MD5 | 5ce7bdeeea547dc5e395554f1de0b179 |
| SHA1 | 3dba53fa4da7c828a468d17abc09b265b664078a |
| SHA256 | 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9 |
| SHA512 | 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b8b957ff2e06c1928ed580f51583398e |
| SHA1 | fb11d44e5d3aabd1a459505d1a0635e7cbd1b3a0 |
| SHA256 | e5150df6a92f47e8f573f3e863a631e80b6d4a6fd2d0486638e42150a8e4af39 |
| SHA512 | b8d3935b19ad1d9726b9fd77e5a51f1af65468494ac8db6225e330a0989825b6e8a745f18f8445882bdac0a8c94c8a44943e7d48df8322fdeeb4c7373d36656d |
C:\Users\Admin\AppData\Local\Temp\7zO098B756B\MrsMajor 2.0.exe
| MD5 | 247a35851fdee53a1696715d67bd0905 |
| SHA1 | d2e86020e1d48e527e81e550f06c651328bd58a4 |
| SHA256 | 5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d |
| SHA512 | a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\A46B.vbs
| MD5 | fd76266c8088a4dca45414c36c7e9523 |
| SHA1 | 6b19bf2904a0e3b479032e101476b49ed3ae144a |
| SHA256 | f853dddb0f9f1b74b72bccdb5191c28e18d466b5dbc205f7741a24391375cd6f |
| SHA512 | 3cd49395368e279ac9a63315583d3804aa89ec8bb6112754973451a7ea7b68140598699b30eef1b0e94c3286d1e6254e2063188282f7e6a18f1349877adeb072 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\breakrule.exe
| MD5 | bcb0ac4822de8aeb86ea8a83cd74d7ca |
| SHA1 | 8e2b702450f91dde3c085d902c09dd265368112e |
| SHA256 | 5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4 |
| SHA512 | b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\bsod.exe
| MD5 | 8f6a3b2b1af3a4aacd8df1734d250cfe |
| SHA1 | 505b3bd8e936cb5d8999c1b319951ffebab335c9 |
| SHA256 | 6581eeab9fd116662b4ca73f6ef00fb96e0505d01cfb446ee4b32bbdeefe1361 |
| SHA512 | c1b5f845c005a1a586080e9da9744e30c7f3eda1e3aaba9c351768f7dea802e9f39d0227772413756ab63914ae4a2514e6ce52c494a91e92c3a1f08badb40264 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\AppKill.bat
| MD5 | d4e987817d2e5d6ed2c12633d6f11101 |
| SHA1 | 3f38430a028f9e3cb66c152e302b3586512dd9c4 |
| SHA256 | 5549670ef8837c6e3c4e496c1ea2063670618249d4151dea4d07d48ab456690c |
| SHA512 | b84fef88f0128b46f1e2f9c5dff2cb620ee885bed6c90dcf4a5dc51c77bea492c92b8084d8dc8b4277b47b2493a2d9d3f348c6e229bf3da9041ef90e0fd8b6c4 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\clingclang.wav
| MD5 | 1c723b3b9420e04cb8845af8b62a37fa |
| SHA1 | 3331a0f04c851194405eb9a9ff49c76bfa3d4db0 |
| SHA256 | 6831f471ee3363e981e6a1eb0d722f092b33c9b73c91f9f2a9aafa5cb4c56b29 |
| SHA512 | 41f4005ec2a7e0ee8e0e5f52b9d97f25a64a25bb0f00c85c07c643e4e63ea361b4d86733a0cf719b30ea6af225c4fcaca494f22e8e2f73cda9db906c5a0f12ae |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\GetReady.exe
| MD5 | 57f3795953dafa8b5e2b24ba5bfad87f |
| SHA1 | 47719bd600e7527c355dbdb053e3936379d1b405 |
| SHA256 | 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725 |
| SHA512 | 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\Major.exe
| MD5 | d604c29940864c64b4752d31e2deb465 |
| SHA1 | c1698ea4e5d1ba1c9b78973556f97e8f6dbbdef3 |
| SHA256 | da0233f5e5e9a34e8dd4f6911444ca1f3e29bb9cbd958a9f4508ac7d72ccd55d |
| SHA512 | 89a4a14574ba19fe319c766add0111feeb4320c08bf75f55a898d9acc783d5a862a6433758a413cc719b9179dcf873f1c850d1084851b8fc37aa1e3deabfcf54 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\healgen.vbs
| MD5 | 8837818893ce61b6730dd8a83d625890 |
| SHA1 | a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614 |
| SHA256 | cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb |
| SHA512 | 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\majorsod.exe
| MD5 | b561c360c46744f55be79a25e1844e3c |
| SHA1 | ed0f7eb00b4f1ae6cf92ad75e5701014f3d03d56 |
| SHA256 | d1094e91960ded15444c6f50756adc451a7c0b495b2ea28319b7184ba96236f7 |
| SHA512 | 0a3a75d08f1d7afcd7a476fc71157983e04b0c26b00ace4d505aa644e5da3e242dd0f6afdb3c93f29ba0b08d2702d0e96b49acba4ed260330068b13f93973e9f |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\majorlist.exe
| MD5 | 230970ec5286b34a6b2cda9afdd28368 |
| SHA1 | e3198d3d3b51d245a62a0dc955f2b1449608a295 |
| SHA256 | 3cdafc944b48d45a0d5dc068652486a970124ebe1379a7a04e5cf1dcf05c37c8 |
| SHA512 | 52912b6b2ba55c540316fcfc6f45d68771d1c22ddf4eb09c2cc15fb8ddd214812c18fd75cd61b561c29f660e2bf20290a101b85da1e0bbf8dfbf90b791892b57 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\majordared.exe
| MD5 | 570d35aabee1887f7f6ab3f0a1e76984 |
| SHA1 | ae989563c3be21ee9043690dcaac3a426859d083 |
| SHA256 | fa24bc7bc366f2ad579d57a691fb0d10d868e501221df0c32a98e705d2d61e43 |
| SHA512 | 9b68a8acacba451bbf028656c181fae29c5bcaed6a7ff4c1fc26ab708b62ca4be7bba9c777c598926d23331570617d20a0ce439f014461eccd8c3f595d21a54f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a6b513b4a2978ac31f1dddf54e49e605 |
| SHA1 | 3295a184f8253f5997781d98c51bee557e02a3e8 |
| SHA256 | 1e9b00a6b72782d547c054a43e49f51032aacf79a40fdd304d9abe99879395a1 |
| SHA512 | cb655f6a48ee0e60f222527406462ab212a2d527297783ed4c51da9075f9e5ef012556126402d72ec160520b1e7dccc29ee9821a519ce90d98370f3b27689e55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a924bf6b679324329daf02261d05d80 |
| SHA1 | aeb5316d67b22173ebd99ded34dae5fd2ea0fcce |
| SHA256 | 0f0c5a6235734fcb3f57a8abbff34d35f8910571e689b1501b82b23f6dba67a7 |
| SHA512 | b60cd89b1cc370f5314f8104b69731bfe1d1624b46f68b15a1851c922506314d5a991bbb2b874919510fa5a638a5063156336b85c6214cf8623c2eeee78068a4 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\DgzRun.vbs
| MD5 | a91417f7c55510155771f1f644dd6c7e |
| SHA1 | 41bdb69c5baca73f49231d5b5f77975b79e55bdf |
| SHA256 | 729f7540887cf32a5d4e1968a284c46cf904752821c734bd970ecd30a848477a |
| SHA512 | f786699c1ab9d7c74dd9eb9d76a76728980b29e84999a166a47b7ee102d8e545901ed0fcb30331712490a36de2d726115b661ad3900cdc2bfcfc601d00b76b07 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\data\thetruth.jpg
| MD5 | 7907845316bdbd32200b82944d752d9c |
| SHA1 | 1e5c37db25964c5dd05f4dce392533a838a722a9 |
| SHA256 | 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476 |
| SHA512 | 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\data\runner32s.exe
| MD5 | 87815289b110cf33af8af1decf9ff2e9 |
| SHA1 | 09024f9ec9464f56b7e6c61bdd31d7044bdf4795 |
| SHA256 | a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4 |
| SHA512 | 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\data\fileico.ico
| MD5 | a62eeca905717738a4355dc5009d0fc6 |
| SHA1 | dd4cc0d3f203d395dfdc26834fc890e181d33382 |
| SHA256 | d13f7fd44f38136dae1cdf147ba9b673e698f77c0a644ccd3c12e3a71818a0cd |
| SHA512 | 47ffac6dc37dac4276579cd668fd2524ab1591b594032adbeb609d442f3a28235a2d185c66d8b78b6827ac51d62d97bdc3dffc3ffbaa70cf13d4d5f1dc5f16c2 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\data\excursor.ani
| MD5 | 289624a46bb7ec6d91d5b099343b7f24 |
| SHA1 | 2b0aab828ddb252baf4ed99994f716d136cd7948 |
| SHA256 | b93b0cb2bb965f5758cb0c699fbc827a64712d6f248aaf810cde5fa5ef3227eb |
| SHA512 | 8c77696fe1c897f56ea3afdecf67ad1128274815942cd4c73d30bf0a44dd1a690d8c2f4b0be08e604853084e5515020c2e913d6e044f9801b6223c1912eec8f8 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\data\eula32.exe
| MD5 | cbc127fb8db087485068044b966c76e8 |
| SHA1 | d02451bd20b77664ce27d39313e218ab9a9fdbf9 |
| SHA256 | c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9 |
| SHA512 | 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41 |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\checker.bat
| MD5 | f59801d5c49713770bdb2f14eff34e2f |
| SHA1 | 91090652460c3a197cfad74d2d3c16947d023d63 |
| SHA256 | 3382484b5a6a04d05500e7622da37c1ffaef3a1343395942bc7802bf2a19b53f |
| SHA512 | c1c3a78f86e7938afbe391f0e03065b04375207704e419fe77bf0810d1e740c3ef8926c878884ad81b429ec41e126813a68844f600e124f5fa8d28ef17b4b7bc |
C:\Users\Admin\AppData\Local\Temp\A46A.tmp\MicrosoftWindowsServicesEtc\CallFunc.vbs
| MD5 | 5f9737f03289963a6d7a71efab0813c4 |
| SHA1 | ba22dfae8d365cbf8014a630f23f1d8574b5cf85 |
| SHA256 | a767894a68ebc490cb5ab2b7b04dd12b7465553ce7ba7e41e1ea45f1eaef5275 |
| SHA512 | 5f4fb691e6da90e8e0872378a7b78cbd1acbf2bd75d19d65f17bf5b1cea95047d66b79fd1173703fcfef42cfc116ca629b9b37e355e44155e8f3b98f2d916a2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e14ac4d7add825397540609d9e1531e7 |
| SHA1 | 99e5894156643323e25ede4520ad97f9db1516db |
| SHA256 | ce6af15a07a0e4837436e7feda6bdae26fdb5d39cd08d4a81b068b72fa990277 |
| SHA512 | 6edc77a63775ddba447bcd93a73a9a3c2479721d9a60d9c64ef6349ba2f92a838381e53cd5297593b4a610e403d104e69bb1d6e93acf7c15dd4390c3208419a3 |
C:\Users\Admin\AppData\Local\Temp\xRun.vbs
| MD5 | 26ec8d73e3f6c1e196cc6e3713b9a89f |
| SHA1 | cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa |
| SHA256 | ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0 |
| SHA512 | 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195 |
memory/5652-1071-0x00000000005A0000-0x00000000006DC000-memory.dmp
memory/5652-1072-0x00000000056F0000-0x0000000005C94000-memory.dmp
memory/5652-1073-0x0000000005140000-0x00000000051D2000-memory.dmp
memory/5652-1074-0x00000000050F0000-0x00000000050FA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4000e7a78ffff216516ca2e877bf9c1b |
| SHA1 | 1bfa2c0fce3bf0b7fb6a087b0cebff3fd8d06a07 |
| SHA256 | 01245ca7363b8c8721d70bac7c42528ecf2af23803939ba91336b9e3f3329083 |
| SHA512 | a3eecb2246a7ba3c4244c8667d7f19cd287083c148a176c6fa1099d9991ead17db4a38a3aeee51073ef7fbd861db66610ff13c989f42cf7d2b6c6dcb5fd623cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9c333d9d8b3e7a5d8b092ca4bcbbfd7 |
| SHA1 | b166d1d48e4211a0c72082d5b0a9147e73b6809c |
| SHA256 | 103f1b013a97399edec294eaeef541ff42184bd9420185f1be124a36a3946776 |
| SHA512 | 93bd34a72b069f5c1fb4e8b627e7f7256fa2cb8d8c4fa11f4f8f58a35c83c8ddc86d1512ff5dd87f13d2d16291f8d2213417d2dc325fa3272b173d93e46f481e |
C:\Program Files\MicrosoftWindowsServicesEtc\NotMuch.exe
| MD5 | 87a43b15969dc083a0d7e2ef73ee4dd1 |
| SHA1 | 657c7ff7e3f325bcbc88db9499b12c636d564a5f |
| SHA256 | cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb |
| SHA512 | 8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1 |
memory/1416-1115-0x0000000000130000-0x0000000000154000-memory.dmp