Analysis Overview
Threat Level: Known bad
The file https://oxy.name/d/XfSh was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Uses Task Scheduler COM API
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:27
Reported
2024-05-27 18:30
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\betatest.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\betatest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613081125245527" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.name/d/XfSh
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb31e6ab58,0x7ffb31e6ab68,0x7ffb31e6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4532 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4648 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4732 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4360 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4312 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4824 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4356 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5312 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Users\Admin\Downloads\betatest.exe
"C:\Users\Admin\Downloads\betatest.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\betatest.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'betatest.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Runtime Broker'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Runtime Broker'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Runtime Broker" /tr "C:\Users\Admin\AppData\Roaming\Runtime Broker"
C:\Users\Admin\AppData\Roaming\Runtime Broker
"C:\Users\Admin\AppData\Roaming\Runtime Broker"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1552 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2408 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=972 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1956 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:8
C:\Users\Admin\Desktop\betatest (1).exe
"C:\Users\Admin\Desktop\betatest (1).exe"
C:\Users\Admin\AppData\Roaming\Runtime Broker
"C:\Users\Admin\AppData\Roaming\Runtime Broker"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /f /tn "Runtime Broker"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp3BF.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
C:\Users\Admin\Desktop\betatest (1).exe
"C:\Users\Admin\Desktop\betatest (1).exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\betatest (1).exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'betatest (1).exe'
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 --field-trial-handle=1964,i,14887677364817727147,1819942152877581672,131072 /prefetch:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Runtime Broker'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Runtime Broker'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Runtime Broker" /tr "C:\Users\Admin\AppData\Roaming\Runtime Broker"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | oxy.name | udp |
| US | 104.21.70.24:443 | oxy.name | tcp |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| BE | 2.21.16.25:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 104.22.62.227:443 | ads.themoneytizer.com | tcp |
| US | 104.22.62.227:443 | ads.themoneytizer.com | tcp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| SE | 104.73.92.22:443 | lg3.media.net | tcp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| SE | 104.73.92.22:443 | lg3.media.net | tcp |
| FR | 145.239.193.51:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| IE | 52.30.88.167:443 | adtrack.adleadevent.com | tcp |
| BE | 88.221.83.129:443 | ced.sascdn.com | tcp |
| IE | 79.125.14.121:443 | p.cpx.to | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | 137.208.178.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.16.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.62.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.46.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| DE | 23.88.8.125:443 | system-notify.app | tcp |
| FR | 172.217.20.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 18.66.171.10:443 | rules.quantcount.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| RU | 176.122.21.226:443 | ads.adlook.me | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| IE | 79.125.14.121:443 | s.cpx.to | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 51.193.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.88.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.14.125.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.8.88.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.122.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| SE | 104.73.92.22:443 | lg3.media.net | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 104.21.234.183:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 104.21.40.15:443 | tmzr.themoneytizer.fr | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| IE | 52.48.217.227:443 | id.crwdcntrl.net | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 15.40.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.217.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | central-feb.gl.at.ply.gg | udp |
| US | 147.185.221.19:50764 | central-feb.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | metrics.biddertmz.com | udp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 168.22.248.34.in-addr.arpa | udp |
| US | 147.185.221.19:50764 | central-feb.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| US | 147.185.221.19:50764 | central-feb.gl.at.ply.gg | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_216_SBALNBKNCBULWISB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1ca6c6818daeffd6a61f388c457082da |
| SHA1 | 5a946443d334a8b842d76b06aa561448ed2fc845 |
| SHA256 | 78d34d9905cb37d192822c63594a7729220a2badcfe4867f04e77b436cbf8d2b |
| SHA512 | f227b2bbbe7fe5a08f7a5a7b6a9cf7b99c0285bce25db03c4490ab8aa7203bb4879f4e0670cea6d71662283282b3d1cca7d2f0d30dabfcb2f4db938217d802eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a40bc239552fb05174d933f697a28773 |
| SHA1 | 953acc4b7afe7e1aab03884a75be94ad0269e477 |
| SHA256 | 86c76b41e60f73c3869f6da6f6c7150573364c5f80cc14959ef8ce621ce2df77 |
| SHA512 | 90c51a1eb07b9c9b4d43e9734c2a72466e43a5b86be64958ff4ece2e9d65796d9440f858e621e5626ffbe83a4d09be50c481b979b1e5ca6d4da9ba4dd2133f33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 386ddaf978d998e4ee30d22fa77d3586 |
| SHA1 | a3c915ff6d16a9b0ffe4650cae0dbfd32c011e76 |
| SHA256 | 0b7ae7e8b30e490c6b573806c55d21d50ed82c218908ca707888576edaed4f84 |
| SHA512 | 2e550342aa1e695ae1f8c859357b2cd2e63fcb54e615452c63355b3881020f0d54ea7c4df513c53e0362732debe79fc4671c5e3646662d3d79c684d0001488ee |
C:\Users\Admin\Downloads\betatest.exe
| MD5 | 6606fefc611e697f297a93c0ae23611c |
| SHA1 | 6d9b886b11764fd297823a0a2fbb8f1e69e0775e |
| SHA256 | 83c4e256785555e437656801f00961354709c30748231ed897693a72fddc6628 |
| SHA512 | d460b25fd688e6293f22c83715e4e229070d05333d2b2224a49935ea11644573a893a88013c1fd075d0dbf215acadc03a69808f41242044b71957c48c3d73aa9 |
memory/1084-235-0x00007FFB1F513000-0x00007FFB1F515000-memory.dmp
memory/1084-236-0x0000000000850000-0x0000000000866000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2eki0ggy.gv0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3600-246-0x000001D53A060000-0x000001D53A082000-memory.dmp
memory/3600-247-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
memory/3600-248-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
memory/3600-249-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
memory/3600-254-0x000001D53A090000-0x000001D53A1DE000-memory.dmp
memory/3600-255-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ced4a04fd1f83b419167e0ac2fa5f924 |
| SHA1 | dd0d221b21db1aad43522c56953f9adde826f7fb |
| SHA256 | 921f92e6e9b2120ed76120463b5c5bc5244bdeec7043d36d5aea5ac93b088fad |
| SHA512 | 92f08febece5e33a5c93f101a36c6d548704ba0427707ac6e26bacb1cab6f7801c53f37d2d64d0005632f0dd0a0df355ab710d63ebffa3aac10429a22b74257b |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6d42b6da621e8df5674e26b799c8e2aa |
| SHA1 | ab3ce1327ea1eeedb987ec823d5e0cb146bafa48 |
| SHA256 | 5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c |
| SHA512 | 53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29 |
memory/4480-277-0x000001D4F7FB0000-0x000001D4F80FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 81bd9f648bac9fb500ebc468fdde4780 |
| SHA1 | b1c627db02bde1f147524df3c7a22b9a2c761166 |
| SHA256 | fae854cec05e58b1acdd0ad4bd9f19db2d03776ce0a5fddd61aaeb0e41f089c2 |
| SHA512 | a17bbe3db629e5169ca32cb789010a68a0b866b3f8c97a9cbe426786eaabee12c20d9952c066c19728842c78ae2f0b81fd66f038731df6bc2c1dd39a274d2b28 |
memory/5100-289-0x00000278745D0000-0x000002787471E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f333b8a1d8081b63b0c81b35f53b542d |
| SHA1 | 6c4b0bfe656d1e6f3b0e6f75afa40cddd26bac5a |
| SHA256 | 5b92ea6a320720f120d6d94c4f835bd8920e725d9b5c408271bc0b576a052894 |
| SHA512 | faf4882e37f7e9556c9c531c8c4b2e530fa6abcbde82ac1b282995a74bb16ed4a6489ce0b43e363437a287fad7064857e111dcdf62416d58e389b1c01dbbc26d |
memory/1752-301-0x000001C6EF690000-0x000001C6EF7DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1f09d24d0d31bbd5dd6be45a43ea52f0 |
| SHA1 | f617ad23ea5784fabec7e7682638b2f712a9f9b6 |
| SHA256 | 0b9050f6c5a3bd58f611987b6f3a82ba78b769be95dbc5898affa912cde4add5 |
| SHA512 | 9d7cf04e027328d79f8b49d77698fe21e3bb70f53d16c1a649d862d956286b7c0bc51b6fbb2efbaa864f6487dd095fde124b73327be7b5e147c1020c82094944 |
memory/1084-308-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e4a386f5af2cf6f872f9dcd79e33b09 |
| SHA1 | d663173cdcd06a253056732add28755aff75981a |
| SHA256 | 9b9d58b19dfa0dada548e10884002bf4ad16b258197fc39c7e97723105f9d0c1 |
| SHA512 | 98b418991a2df931847ac27d923ebd53a2ff896ba1cb97507a181de865ec49d7bcb749bcd5474c410cb084bb96ece12200f006749c4db415bdaaf2471d9c1d9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7285e0c1917329dbb484f512281bffc4 |
| SHA1 | 20da623c075b73f47fd2f69efbf3c10df6f6fd5d |
| SHA256 | 1f4139c13ffc70abb88dbcb796d4e2aa652c92153bcfca0ed7ac169b332a76b1 |
| SHA512 | 6bde081c93aa76ba5437fbffd375371ea219bf757a6a628365f203ffb3da768930130c4ea348da70b264cf8b1a199c066b7610ce630f293b0ae8a98f6533cb64 |
memory/1084-337-0x00007FFB1F513000-0x00007FFB1F515000-memory.dmp
memory/1084-338-0x0000000002830000-0x000000000283C000-memory.dmp
memory/1084-339-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 344f29faebde9a89431ab7b0d06dd08b |
| SHA1 | 12408aa704fd368bc146c7fd9b2763ca3af183cc |
| SHA256 | 433af008dca374678f2cf4514d678c4b2833ed5c28de4c453a8296c220e01392 |
| SHA512 | b589faf5737b880fdb73ec2d9e8dc7c5cbf4738e05d6c74359e13e0de8ce8b703ab6b317f06eed40209ec517dbcb132df5fa6fe5ecfc60228588280878936e87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 376e31a512a0eebb64e2cc7353ccef9b |
| SHA1 | 28c24b00ab416991929249defa6c28d02e39c55b |
| SHA256 | 4801c6ce56b708bf7b55fb411706b6f28fede09a8dd760bc8e27813b0d443d09 |
| SHA512 | 20d693bc37fb5995237922aceacef1a6b8c4ccd4faffb5c036093e06356ddc6754252d6075f04cbd1c832e8998443ee4324c2e8c2caaa04a92e3ac078b683305 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 35069df1a57650fe291d75659eda9765 |
| SHA1 | 63809a71e0a9347ada4ce042141d2490ff1dfc32 |
| SHA256 | 4f20504ca4283958fded372adc93635d7460b18752ebd7ba05bd235f82bc1084 |
| SHA512 | 551b53232604e59675024b5259025627e2a3c365fc101b048ed507c42914e569f4ad807f3d22bf8f994dd52d31ff96a28dff36013b40545cbd4d671cbdb026c8 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Runtime Broker.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
memory/1084-389-0x00007FFB1F510000-0x00007FFB1FFD1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3BF.tmp.bat
| MD5 | 11af184ac14c7582bb6338724af7c11f |
| SHA1 | 17439840d39b556695d40a8ebb539dbcbc97f7cb |
| SHA256 | ff9ea61f77a325f61baf64979ba92e70ff0f7f02cbddecff006353ef6c68b472 |
| SHA512 | 449f5861699a89ee2570307e0bedce4ae126e8fdae22b6f4a88f9fa9d69eed63f628a2935fc188658a40f597cb8fb3ad69cd938a52095a2ad7456a01d68c5ad7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ec66606831e595ea115f35d1b61b7105 |
| SHA1 | f22d025450dc8dafd9b434b2eb31cb876bcb8109 |
| SHA256 | 4f17fe98ecf3ea9ec9873ff0a3acdd6ca93eb17e280a01ff6cfeca4422019dec |
| SHA512 | f2922870f0b34b5cd8a75ce3aa94362a43997a752b0e8e9001f63d650225bf15415a75ce8aa333e4d3554a52ca5d40eec7b15ce67e3ee20441cf2680de59ed5d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | fd98baf5a9c30d41317663898985593b |
| SHA1 | ea300b99f723d2429d75a6c40e0838bf60f17aad |
| SHA256 | 9d97a5bbc88fdcceac25f293383f7e5ce242675460ffbfb2ee9090870c034e96 |
| SHA512 | bf4dbbd671b5d7afb326622a7c781f150860294d3dba7160330046c258c84a15981c70e50d84dc7faaa7cc8b8c90bf8df818b3f2d3806a8a3671dfe5e38fe7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b1a1d8b05525b7b0c5babfd80488c1f2 |
| SHA1 | c85bbd6b7d0143676916c20fd52720499c2bb5c6 |
| SHA256 | adad192fc86c2f939fd3f70cb9ad323139a4e100f7c90b4454e2c53bdbc9b705 |
| SHA512 | 346c6513c1373bab58439e37d3f75de1c5c587d7eb27076cf696e885a027b3b38d70b585839d1a2e7f2270cdcf0dac8c1fdff799f3b1158242ae9e3364c2a06e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | cb0cf19ebeba3256a05065693a1ca866 |
| SHA1 | c028aff9b6850c2bdd6673b74037630b4ee2ccd8 |
| SHA256 | 58e1183323526c135119df281171285d98b5ce05ad00f201ca899cd43358e3fb |
| SHA512 | 811606a0c8545eac53127a3687c6b0fde595dd7e958ef11ae650d142d40ac5e86ebbd313dc17dfa86c091ee868dc1c9ed422c2e541c6de3487e0c50c1a3e8fbc |