Analysis Overview
SHA256
e03842270991c28c9dc59f1a3fd4bba0883fc03d51fd8e64e02c47a324ea6db9
Threat Level: Known bad
The file XClient.exe was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
Xworm family
Detect Xworm Payload
Xworm
Drops startup file
Adds Run key to start application
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 01:38
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 01:38
Reported
2024-05-30 01:43
Platform
win10v2004-20240508-en
Max time kernel
299s
Max time network
304s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.lnk | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.lnk | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\discord = "C:\\Users\\Admin\\AppData\\Roaming\\discord.exe" | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615067447296947" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f291ab58,0x7ff9f291ab68,0x7ff9f291ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4292 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4448 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff75246ae48,0x7ff75246ae58,0x7ff75246ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4804 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://exmple.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eec346f8,0x7ff9eec34708,0x7ff9eec34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16845732127887141854,3989599558953542774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3424 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5076 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5372 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2808 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x340
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4520 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4736 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1924,i,15789084980175456937,4605666625402900584,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tel-form.gl.at.ply.gg | udp |
| US | 147.185.221.20:2421 | tel-form.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 20.221.185.147.in-addr.arpa | udp |
| US | 147.185.221.20:2421 | tel-form.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | exmple.com | udp |
| US | 67.210.233.131:80 | exmple.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.233.210.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | exmple.com | udp |
| US | 67.210.233.131:80 | exmple.com | tcp |
| US | 67.210.233.131:80 | exmple.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | www.laundrycaresymbols.com | udp |
| US | 8.8.8.8:53 | www.91cheesecakerecipes.com | udp |
| US | 8.8.8.8:53 | www.exmple.com | udp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | www.milesgallon.com | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | www.mustettatulostimeen.com | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.secretsearchenginelabs.com | udp |
| US | 8.8.8.8:53 | www.simonbyholm.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 147.185.221.20:2421 | tel-form.gl.at.ply.gg | tcp |
| US | 147.185.221.20:2421 | tel-form.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 147.185.221.20:2421 | tel-form.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.204.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | id.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 147.185.221.20:2421 | tel-form.gl.at.ply.gg | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| GB | 172.217.169.14:443 | lens.google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 172.217.169.14:443 | lens.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| NL | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
Files
memory/4004-0-0x0000000000E50000-0x0000000000E68000-memory.dmp
memory/4004-1-0x00007FF9F8B43000-0x00007FF9F8B45000-memory.dmp
memory/4004-6-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp
C:\Users\Admin\Desktop\JoinSplit.mhtml
| MD5 | 36b4e27e87683467d829fc7f367e507d |
| SHA1 | 0af921d0afee3c0c9a95f8e29a7ba26b518038d2 |
| SHA256 | f1682ab0dbd11d8c1d468f77f1f5673cd89ded75055adfdc66ce396ab509485e |
| SHA512 | 2be0e82ed87eccd5cb58057ed6cf2566abb816438533cdc07bed3e8492886748c51db720359563f589677abe751296d3642f02d59dc1490c2e191fe9be5fac57 |
C:\Users\Admin\Desktop\OptimizeRegister.au3
| MD5 | 9708f2f06f0dba5ad9f2f83cc8d91574 |
| SHA1 | e11ef3013148097ef600dbd2ae0b1529bf109f9a |
| SHA256 | 03d30663bf6a0b2c5e80a8103275b38277c36f92c5e622a23e738a3f4006f5f8 |
| SHA512 | ab97333e39e9964ab9229278a6925c2f5e0f07c770a796c3ee93d654a67250d8214852dfd124d785d46320dd48eadd509e11b66e4fd4e2ff25172395d649d67c |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 6457f1c557069026111b2bb46d936271 |
| SHA1 | f191805065766f814c90e43b563e0e06e86916c0 |
| SHA256 | 34ec3210bd6992f95932016636d3d0a71036c976cf55b44b2a4d6fcc994b9267 |
| SHA512 | b083a8f84ebd2bee4f55eed1f5bea8ed7c0eb325a18351b25d4d0453b2a7bf0fabd0a123dd8de009a55707fdbd262aa63282ee07ba6f4b9334931049d5e1bf0d |
C:\Users\Admin\Desktop\WaitReceive.rar
| MD5 | 6bf3888c22aadd942cacc4c2471f80bb |
| SHA1 | 17b6bcc5022d67a6ae83dcbc6106413d614a2c91 |
| SHA256 | 4a8d2254e4578751b7b0acf24e0b590dbb4dc3ea84b713e8253673fd7826493d |
| SHA512 | 60c8aaa47a8a6e0508991d2c04ef26878157863a8de0c99e932dd2862c4c99c70c5a9dd17c528518157216bccce8b1a537e7177a7526c133e3092a5651818777 |
C:\Users\Admin\Desktop\SendClear.mht
| MD5 | f3c2ee43e10734df52ddcebf1465cbee |
| SHA1 | 3211fb7633030345c530ea1c6e03086a9e1ac2a4 |
| SHA256 | 9e0239f672ee7d45dae47498065d2a083ee75f0a2b77ed5c16ab72cfa89bb268 |
| SHA512 | fd75eca634ba7e5be47c789949df00ea136e34fb5501e761e54cd026970023eeb9524263b0763158ffedf1952f0007c402714b01b4238357f2b5942fb9905003 |
C:\Users\Admin\Desktop\ResetPing.cab
| MD5 | 156d89f84165df25ce0184d53982080c |
| SHA1 | 2e830b3f0c83d47e20429f9bf8c1cc1eb166cfb4 |
| SHA256 | 3bae45170e76b0057c3f0a500f252fada6f0011f4d2371d50b07e37b8509e912 |
| SHA512 | 36ceaa5ea022b968273b6718f94e2959be0c48a2dd2c770f4877aca41797561210f3a9cdd037dad4ba5422d129e038cf6ec1cd33358722e942dc64665e35960d |
C:\Users\Admin\Desktop\ConvertFromRename.ppt
| MD5 | e536452397b041f7104e4e4891a99bb0 |
| SHA1 | dba7bafa4132d68236d49fee4cf1fa7fecd95fb6 |
| SHA256 | 557c968b008112fea1fd9a4d3c00b5c28cf72872d29acb642972c81969dbb828 |
| SHA512 | ef0dddde969c3da6e7f89b3c28279281f64072c5004d070294da3c6afbc0fbb25cee7ad7bd4fbcd2b2e4b7af66fbed9121f29e7f2eebe2ac74080583b4187a5b |
C:\Users\Admin\Desktop\CheckpointSubmit.mpeg
| MD5 | 77c7717a714698447449d8f36d75c691 |
| SHA1 | f587a8eadabe0162160c035ac2d92c4a89490646 |
| SHA256 | d3c134c68eb98200ebe7db2bcfaefe7d8f683a3fe7dad1e96d6f0e26b1d91ab4 |
| SHA512 | c150d9232dfbb1e2fefa60a5d8bd6680e4972fb867e21919996a338ff3e597a2f482fbb468224fb8bd1670900717eb59968f0a6ea1f7e79e679457721a1a79bc |
C:\Users\Admin\Desktop\BackupClear.vstx
| MD5 | 77f402677298a365de0a2a784ea053bc |
| SHA1 | f27f81b149e1e1cef89e9ed729f1458b279cf26a |
| SHA256 | f73f78991ecad408f5829960bb06e34fe752694bd10bd2c47f5e735945bb9c5f |
| SHA512 | 9eb85f17820df5e0299e8fc5d72a6421a479b06f8caa91e126882e45b2525a876e2b8af4e50f563ed8875bf43c7ca43b72c0ee52bb998f481ab26a0f6d140406 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | baac45a88c46f44ec092d4aa0ef92436 |
| SHA1 | 0662390a1458f2b79ef5436c6f8521ace42ab936 |
| SHA256 | d527e66804325d1e80a63d503102a1ba3325dc76524d3f97710cb7dfcefbb8c2 |
| SHA512 | 28d1badf47c986a5fc58f85b4b68fbd9bb7aafe31bdbb4b3e027275e8de9f8606b0c233823c7d0f9f4426a91a72ff79b1b7dff2b350a123b4cea7e515dd212a6 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 10c11d4d9404b7013a859543715137ce |
| SHA1 | 01b1fdf41a86f91a237f3490cbbe4c10936a0d7c |
| SHA256 | 8d136d5424d196a57507fe1a0899cd2d6b3ec758a86bad34a1cf9c45a436153d |
| SHA512 | a2056faa5a7cda1673948f95c36002e7b217e124f16f1745e491c845057188599f7047220a20ac3bab480600bb830b67831d5ad471861f3dc72ae7dc0fe8cc30 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 45b344f6e87f77f19431c1cd63294bb3 |
| SHA1 | 5ce5b76bdbd7b1d0ea361c330e1c69078afcd385 |
| SHA256 | 909a9f81c890ea0aae20fc98e8e2574b6332a3cf72bf692c54879836e052a134 |
| SHA512 | 5f39a058da4bd0152ee4f60809d524738a0ad1afa1be41ccbe225d5c99ef69496a8d5ca6b11cce7c739ebeae7d5ca00e2676ccf903e6e96a0a7fd9759fb40ff3 |
C:\Users\Admin\Desktop\ConvertProtect.mp4v
| MD5 | e383706571930aba975a980b3e4b4668 |
| SHA1 | 3c260486125191a6e14165e77ad8834b6059eccc |
| SHA256 | f309b457889553c4ea5be3a7685a18d6f916fbce804927bcba39cddcc339de5f |
| SHA512 | 198ba251904d3bde2e32064b02bd1f8ae54c4af30cbc698403ec16667f044f2bf4fe669708228e3909e6153fbeb7edef030d57cbaef7482c9a38eff8767fb076 |
C:\Users\Admin\Desktop\LockInitialize.wmv
| MD5 | d1c77ffce17ff7b1fae4126d51e4015e |
| SHA1 | 8fd1ac950f5da29607ff5c21318dc057e72df5af |
| SHA256 | e6db68cd004b0fa440c6be87b8deb36acb49e5bf6868ecef80acb58afd837915 |
| SHA512 | 927e17dcd6f3a7347dbf4d66b00131956e2c9ade70deedaf6332a3fb4cdd6a475d4ae9fa8cb25c0b8fdd1975b1a9bd127297beb8e49fc21035ed535f155fa813 |
C:\Users\Admin\Desktop\GroupSync.clr
| MD5 | 4f2f2c0ed99c9386674e9a097a0a0620 |
| SHA1 | cbd87b9173d3df8daa5ed8252cc81bf00ebe5fc0 |
| SHA256 | 82dba0270bf129627f1769399de46cf72bfbcdf79f82ca9c7f7db959f2dbeeb6 |
| SHA512 | 4ef07e5a154171a841f48943bebd253ade86100c3ac7f95d23ed0c2554963a46d75db99760d6cefc879ca682f534c4141927486318e270178aa101b72e6874dc |
C:\Users\Admin\Desktop\RemoveConfirm.mpg
| MD5 | 0ed44cc54e6327f37b02a026d1666d7b |
| SHA1 | 3cb4de30f47f79383138848e84a6b03eee301009 |
| SHA256 | 7ce2e6ede21bce19c4bcb26bd7cb7453829effba9b29f350d9ff6b12b77dfb72 |
| SHA512 | 661018cc33c14a250454ed0d4cb9797ce8a2d9b9f5705a0085a883d8fb52264a76142aa93d72f7df312ffa25b17995a92bd916c708caacab92952a837466e51e |
C:\Users\Admin\Desktop\EnterRead.inf
| MD5 | 450b4481c74ed5319a8ba6f43e0a005c |
| SHA1 | 80a7fa1ba772233d8f4e669d52922b195a5bc8c5 |
| SHA256 | 98fb40bc5efced5109170ec395239fb652065da59b5ffb3a77fa585d3b0eecc7 |
| SHA512 | b26dfc00f130c624317d66562643f5aa944e3f7fdbafdc02b60b4f6218982ad744807dd5016d9712a55dacc8672acb8c03ff642543486be15c2254dbee388973 |
C:\Users\Admin\Desktop\EditConvertFrom.ocx
| MD5 | d11fcc58171267305a248c3339781e34 |
| SHA1 | ed179bfc720c4c1394ddb913a01b9860b71758d3 |
| SHA256 | bfc41bdd9f119b70741593db2e1ecda4a6a2fbbbf5c96eca3abc192021ba076c |
| SHA512 | 7accde220deaeb1f737e1e1df4b963d2bc43c5d5ef6a96233981624eb10837a2a523055701734da0b6c72e5c9e243bbade32d373fe4446527a636cf2cf161bf8 |
C:\Users\Admin\Desktop\DisconnectSuspend.xlsx
| MD5 | a8adda99b26085a9d033d17adf270bfb |
| SHA1 | 1a3827de7a92c402ca28806fec735d0925382138 |
| SHA256 | 65c625d11d9b9a68e0329212ebc09b1971293799820949dfcc36b9c1a88ccdee |
| SHA512 | 64ed64b75a65360532aa6e13baa71c6d46cc3f6121da16c5e1a572debfcb4637c62649106747639ed40a626fa7c021abe5b84a217e08053406ce6f63862dc660 |
memory/4004-21-0x000000001BB70000-0x000000001BB7C000-memory.dmp
C:\Users\Admin\Desktop\DebugRedo.jpeg
| MD5 | f19af155e36aebe30ca596f68abb1796 |
| SHA1 | 2bd8e5f6d34279a6d1e651a8bb05daa16f7c7352 |
| SHA256 | 9093e3373c322a49ea93529a6b0843bca85da0c79bcbe268e3d160f1c3376ba0 |
| SHA512 | d2efe3b1ba5639ae80396435c73013751f0bf943fd2072dc064414dc6618399e5945e7d883bf2c9e952ac9fb8d81e58783fb1e5b5b4cea7c9bc84951c1e1ef7a |
C:\Users\Admin\Desktop\RestoreSearch.3gp2
| MD5 | 8cac4a9928884d0725535789514f6c51 |
| SHA1 | 9dabdd6c6941733b443af5a5cdd5558da36e722b |
| SHA256 | c67294c89c9692921f8ee5edf6453e5073966f669543bdad126bf28fa13fac32 |
| SHA512 | 0e6d7ca6f933078bbe63f271a8ae8d325afb040a38c0402f5fa0f5eb0d7ebcdea5a9713e98c0b2aaf4185044d17d07db7e70d8195e2fe59ca996c07a727615b0 |
C:\Users\Admin\Desktop\ResetAssert.xht
| MD5 | 4aaff065503c8012b871546fde649aa0 |
| SHA1 | d301647829af07fc1edb44187fe5c2e0d3b6a445 |
| SHA256 | a0bf0f3fc9b26bcb81fb92f89479a075adf93fe4004c5591037a8e1cedcbee70 |
| SHA512 | 5fea0a5c24ca61c526821feb0e43d501ba88f131efda5e8d09c39ac54df5cf71da4f62069115aa60b68be8cfb2b81a292e9f10bebb958536e6dd4311f9a6d2c6 |
C:\Users\Admin\Desktop\SetFind.mp3
| MD5 | edddb66b2a54c16ca769a64b9eacdfe6 |
| SHA1 | a6b33e03d5f05b9e191c7ff45e7c3151b40afb4c |
| SHA256 | ca91705128fe4ea56f76c23af178489e9a8046aaac76e4be23c2ed34d73388c2 |
| SHA512 | b3c9b04937c4486860bf0de20589f88884cddebbe2e4801931da1fdb6611bde73ce2773d8ed550f6251cb9e1dc3e9c5f02f5c7a00797f7a33b0866378c71ac69 |
C:\Users\Admin\Desktop\SkipRevoke.xsl
| MD5 | f179589bd7ef0f318626bcb129915c5e |
| SHA1 | 7f50fb8dd6e6beda767506a9ca03a4d38faf46d3 |
| SHA256 | fef5a8a57b9e4166722afa6bdb08d4a3acd9b98bb65b8b56a154da6785de4220 |
| SHA512 | 631be8e2f070222ee12442a38b9335fd708889dfa797e316969a3a5372fe9163764a5b808e281c91784e6e36fc29fa250f53756bea405f6b236c0e4428d63edc |
C:\Users\Admin\Desktop\SendCopy.ogg
| MD5 | 7fe8a674c75e28c19094930fc2d08ce0 |
| SHA1 | 2de956d0a8c2e404917e4063e0d0bd59af242f86 |
| SHA256 | f4d8e070cae6252b7d496068ab2a49b52cad512ec426073ee542dfa3671b3257 |
| SHA512 | 51d5d030c1d61312cf83d8700d7d678f6a4d6faa26a79689c276ca39ae8b07933b6259327cda386bc0d1b4e103c0d185db336dc32533938d75f583346afbdebc |
C:\Users\Admin\Desktop\UnlockRequest.wmf
| MD5 | d82e57a97678a5d9e12b48eab30944af |
| SHA1 | 1236e460a96947619dd5e5e1095dc169baa140a3 |
| SHA256 | c443ab36d5064b2eafb2a4cf534bece4a0d8c8caa71bfbdc77fdd73dcd7cb4e6 |
| SHA512 | 48ad5aac91445d547e9cde278b264e27a04613e7e8b39626bcef115c8700b4ed7a3a5ac86380e3d61d38237e078c3ac6e9e145a47d579b6eca8b8b8876fd99dd |
C:\Users\Admin\Desktop\UnprotectLock.TS
| MD5 | 2c19b85783c03d24937c72fe05d4ee72 |
| SHA1 | 856941d188bbbf643d7f30e6bc46127dc160acab |
| SHA256 | 045250bd62032256236042f01fc2eb3daeb67a97e196ce926c6a154465b8b07c |
| SHA512 | 445cb5d256d1b56c8ca1ea473974e31f675b07935ddc3e635e5ec3f764eb470ce2de92dea92b3c0aac18517ae516404329296860b24d0217c03a335de22d8c3b |
C:\Users\Admin\Desktop\UnpublishOptimize.DVR
| MD5 | 9dc9689f799a0e588eaf7cdd025df9eb |
| SHA1 | 9d184f52624ed2048fc14ff05c57596bfc42ea78 |
| SHA256 | d7cb68607dff4b665984928eda1e044709472b72d31b519a794f5c836b828c84 |
| SHA512 | dc9545bb38067d569d59efd2629245b4d9321a3c4b7456d4285a375604142034dcae27c1d43b514ad3cda7438b936c8516d417d61cc4fa596f250924a0fc626b |
C:\Users\Admin\Desktop\WatchClose.vstm
| MD5 | bf5edaede3d6bff69499c686a40ade49 |
| SHA1 | 5394898ef6d9f02bcca0428b637669cb4bdda350 |
| SHA256 | 153b216ee95c5b5e97dc171da476dcec4be193a4c5327ecd896b75e3ebc9070b |
| SHA512 | 6e38add27f7c33b78d78d28bd506f0df2dd77365646744ddbfd2a8d3345d917e7d4209fbd01e034fb2c4693ac4430d3a4107e8503fade23d6cb02b9dcf829386 |
C:\Users\Admin\Desktop\AssertDisable.ADT
| MD5 | e4a9d08d292a214cc89bc380d7ee18bc |
| SHA1 | 63d82e7dbc4e85210b0c50181e3a28eb7f5694de |
| SHA256 | 49b28eab3d82e0924e76995cb8e5875d745e11b73548b1d1c44a6a2be7a5e1cc |
| SHA512 | b4246b55c4a13212bdc3112a87ba8c178090795b124d8e4f3eae42e35eb8660fd94a90c391d40acadc006f1ae7265fe0aacb2785bda954272358261f75d40b08 |
C:\Users\Admin\Desktop\DisconnectRestart.odt
| MD5 | 3d7346ceaf55b37e55f95d72f7a89902 |
| SHA1 | 63634cdda8c04102783e800dc7496c908bc883d7 |
| SHA256 | 461247335f766ac8455b7448544bf5d138e6327c44df44db34716ac1efc24046 |
| SHA512 | 02c39c37484031d91a3e84aad8c82107fdd3112dc9cce3b2070f3713003de30915b7329ae150f373343fe28fc29da5e2666218f5e91ceffadf830505b647d131 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0ae8a2070de1c1ab26d40aea0bf4f293 |
| SHA1 | b3f489ad6eda6759e9b1e85fe6e1394e906a2a16 |
| SHA256 | c1fabf845bc44983b0679d777323b60de2dc3405d6c1824fafefa75bc6f06c6e |
| SHA512 | b98c9c36c8ce102292e9fbfb7369a1ffca58464c5bec18f5c0e31f8346a48610a73b843d871e3dd73ec2c1ea6bca527732a766c11b442c4a286d2dc98742c1cc |
\??\pipe\crashpad_2428_FBKJXTINHTFNQNOF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4004-88-0x00007FF9F8B43000-0x00007FF9F8B45000-memory.dmp
memory/4004-108-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7be79c90ee2c75376c0c8dcc97d760b3 |
| SHA1 | bbffe0d544b7aefdfb271b68cb5ec782b9899409 |
| SHA256 | 39cfcee9e7686d32687d14af29abd5f8bffab8cc47b1fb4762a0af065f7e9965 |
| SHA512 | d04514256df8d1019a561372821945ed0ac6e32224b624fe7aa0534502070172c37edeaaf07be8f2ee1e8f8bd18b7bc8878ec5da4aef2864469d8848b8847ba8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7193f7351eaef70344510d8e77c8a42f |
| SHA1 | 83a3923ebb104924ac0580593c4bd5d193935fd3 |
| SHA256 | 3ba1fdc3aae51f5033037ff72589b22d038edc5b9cf6830bf1f7a8d26d8b09f9 |
| SHA512 | 8e0232855d75014ff84539dee766eddd4a1ff4cff3a011347bc4f95909a9871f4a2ea5aa0fb8ac973beed134df3dc14842eaefc61a6b3e1aff6074aae751aee9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 10a5b508f0dba183f09dc74879aa685a |
| SHA1 | fc833b6fa0d181d74f830c3d64df7d8a12432db5 |
| SHA256 | 1b0104226f65071032d4f9f3bd60a3da6ebd58f31801c38f607299955f383f5e |
| SHA512 | be0ea49b03a6ec26168671c68c3a08c142442fd256f176b73261be96b7bbe59ce43157d84f90c1e0f57908dbd316ee17a3c606fd0f89035e0d58a05cf207e31b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef3736113a9b4101d174cf26189a55ad |
| SHA1 | 90fc239ae5f9aaad7b65da3108114b0279baffa5 |
| SHA256 | dbda70f4e561b85a92f2fc75cc337d971a120b744cf3617d11c002d088a10628 |
| SHA512 | d27205b5a5fcf4fe85d6451b66ea14aaccc6ca64b0c7a380105b0fb69fee543c6d2b63c65957251c24a6528c838105d6e961e551b1b5ddf46be17045bc0dd434 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d37fcc32da69eeae482482bdfbf148a9 |
| SHA1 | 12e26a7a1c3599d8cb859a8564f34d2c87da9ad7 |
| SHA256 | 59e0a40438a6be25ac94f90ea19f1385754d5e53da77cc2eb858479cabe08b02 |
| SHA512 | 4a51add5a0f82400a2d0f101a66b78d2326746ac19a720e85b6fee8d7b1c49c21f172ebdf42dec0fd3c606a67d84892be55e7cea124bd2017ca0bdc420037852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9a7ff2ee976a6782009b32718169b711 |
| SHA1 | d5a25881a5932d3826d2aff1acb7b975e5657dd3 |
| SHA256 | 8613ae7562f6d0bfe436692b629382773557a451673a6fa61649e510c65dba4c |
| SHA512 | 0ee2a19bc30e4ce5d134a5029ce91c45d6aa179e2d0ed1856b247032c3a20b3896292e13b542a77e410bcb350300978cd29bbc27768ccbe0af288f6a5b2ae6ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 57dffb88b5ce62d3e7f2a25cfdc893ce |
| SHA1 | 31aa64f05a504c19f2bff1fd3a9dc7b891ec6143 |
| SHA256 | a129385d51291293d036fe08ee20ddaaa313d964e7a6a7a8c4fbddc742f3a86e |
| SHA512 | 658b6fa8be0640066653da84c75a05a5c0d1acdc7d1ff74dc20dbb6f8f86c1d26f6f6fc438f56e693c5830ebc4f5f794f22baf210cf74aff66508272bf733e16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 459362ca298171139ddf0aad7f017c5c |
| SHA1 | 6bf932bef81ecab6f0b8795d9367a8030ef01db1 |
| SHA256 | ff7d8946fb3c8fbe1b892f8b2e51f6a241306514cd4d6d6c4f9bf9c7698e6f4f |
| SHA512 | 0dbcb201937e26a540317abd3dfb97eeade9f7e432d101862cd99881b6e191dfc893346269bd1e0e3e66332eed7bfd72231dc5a84ba0e1f1213c655e585b2485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | efa3b79297b792ddfa72609e2389407a |
| SHA1 | 7c959b0d9c508607119d7c112fe81939169c8ccb |
| SHA256 | 04371cb7276a5868761433e311d805f97da580075fc9bf1a66f0a9d8ac9a4017 |
| SHA512 | 1f08b7ea9823ae979382586db83b05c0d0dc5cb565b3946fb8134c0dfaaf61fdf80d6c666ceca6522964ac446d2a2e798e1f0eaff3dd2ab5cae88a793db20eaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90e2a5383e4d0bce9510cf32d3e2d770 |
| SHA1 | cf9f26028b71219dc76e76d26ed53123be8f8e97 |
| SHA256 | 8d7d8a11631d8e26753968f5739f781b7e08c382e3e29d56c03083cfc30c998d |
| SHA512 | 0506ec9f381261f5dd5452a1cfd22292e4f177cf706a17dfced629d93616cc6b22df91645c11e13c88ca7c1a6968c2870d3f5619bab7f8768535415f51af5256 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 018919495c22dc5f7a4a0a82b24e9b70 |
| SHA1 | 876f60e48de7f5d06e2f9897af95e10427ecadf2 |
| SHA256 | 561854c0cdb56030ce7e03dcc6d7373f84d4fa5c3b7af4854aa53f786c18025f |
| SHA512 | 7480c469b7c610e66b5e9df263f53ed7811e91337f1260cdeffa2ed85499283a31aee464d115b71de1246eeda136d2df6b9269aa30896da5b7a4f5851a41a32d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583e6b.TMP
| MD5 | 6fbc3e20a132fe424a06fb81ae998f72 |
| SHA1 | 1990aa9339a60e7af10a452cefd6b6cdb6eadd18 |
| SHA256 | 82405338194a9885861e4a57f0608f5e89e73e85f55a2a08c1a73aac3fecfbd6 |
| SHA512 | 87ac6428c112eb46011e472bd2e955612930b48b3600c7d9cab2dc6672e1fead59cdfc633d2c3bc493c07d684ba49028f2875226965b69e2072f263bbb7118f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bda4b49597f92f448e6db6b7e45841d8 |
| SHA1 | f76c00d27f57a2abb67e1fb8d8dc08fccf099890 |
| SHA256 | 228b0e9ca589d9485856dfe4a32a3b1fd4218d66f0913a7cfaf1be2cedf03310 |
| SHA512 | e43cbaaf6f3ea224128753a3dcd8fc54fbce852e2c045d769b82d3f20e36a7191371767fc8581b602560f56fdd100ba9ae2e059c674cf2dc21861e460aede605 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7c66676567c1e9096a2ee89d14f9a45 |
| SHA1 | 01a25f00c16a9fa227f4c247a926444c0eb63c52 |
| SHA256 | 0d39c51b7b3695927d8f02b6560f7f29a5cef744c57f2f2ee2cce79846817e46 |
| SHA512 | 18bb7d9fd62b51ca9736922a27894c7ccb3abb423deb1d1f4773b1a3ac6acc01eded4bc0ed9970a3a25edfa743f20ebc78eed3ac7a2c3c9422240699e6a46808 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8ce13d66c334333ae35cc1ffe293446e |
| SHA1 | 5573efec21d812039abe8496dc0b50e39c3268a2 |
| SHA256 | 55d0e5258bb2c95111b6c252e1901053740527f5e17a31bc13e3fc88fdf48b64 |
| SHA512 | ed5d7cb88bcac1ac4f653e9b63f436ecc4bece9277f0148ccbe97ab4e2982710d0532393647c163fb7979e0e5e0ba6c454445eafa4c980992956127e57e2435c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dfafc0e143a508353e25ce1ebd4cd5a4 |
| SHA1 | 86968d178024ce453300a00101e790f6faf83780 |
| SHA256 | 492bce1c1281b69c7303fd6985d42f90f538930d994f0628325cf74e5155943c |
| SHA512 | afe243b7550076990e8d0f73b26500dbf0de8d01fdce167ce28c8dfd1bb469a67ad25f01a4806307ffc37860ffc1639e750515e0909cbc41bf8e8069cb11cbba |
memory/4004-401-0x000000001DE30000-0x000000001DEBE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fea86e262903f62e1499a52a0e190ce4 |
| SHA1 | ac7e6828950a0ab6f9dd695cc66b58cd5a6db37f |
| SHA256 | af995d2efdd182eb7203d26f815274892fe6fd85e8dbe74750b5d00d6b158f22 |
| SHA512 | 3ae3c6f40110f09181fac7180cc98cb608d1860b6bb437d3a2242de6ef9905cfcbe2a2e18d58c2f2302fe4b1c816995a645eb79949408a8f979f500a9431f273 |
C:\Program Files\Google\Chrome\Application\SetupMetrics\20240530013905.pma
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 80060235e009f2fa14beb81014ceb73b |
| SHA1 | d19c2a41d58103f6df66a7cb702bebab544fb1d4 |
| SHA256 | 4a06b498335580edc0f29ab26528edf8dd8ce9138cd5f5c946138320c81de297 |
| SHA512 | 034db7073df8637f754e254c8ed58f414becd41ee403697e14edb38399540f58f700c2aa1c7641397aa1c01ffdfbce5ecfe40d9be6758e1474e6d17931c9296b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aa08af5b7c7d04fad82014bae843b898 |
| SHA1 | 1e6a22d35ff63b001b441588eadfd668bf00920f |
| SHA256 | 7944cb8aa24c6a0e643c90fb903b88f0e7f84cbc45baad984383e91169db7f83 |
| SHA512 | e85ef629e2b18ab17425a76f0790dd19ceb052bd243bab0f294daa9f7986531f74a33c54b56cab69f675f24a79d5ec5870fdf37c22a6396f2253de77f7284f92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 91e6b8f4ca80f7afe9b770c7de9c6897 |
| SHA1 | 1cb29c6d5b396f5f79a1a545d617cb30cb83b219 |
| SHA256 | 21354dbea17ca97499a6814a55e6cf0c4364803b26b96818112aaa792690a428 |
| SHA512 | 0e3758ee8bdad12e5bace8f732014479dff3be763e5dc234991dedf3ecf0583f62a6f211b35b0b5dc61f700b57207d8db8f5a4889da79e36c46b6a91e9830945 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 14aa431b3a75f683cbc38c5acf025cf4 |
| SHA1 | 9aa70f37357f6c96d7e731f66c3ed424bbcdb2be |
| SHA256 | 9fd2a11477652a5cada7f0f265863f4e2a769d1bcb4ae5e930da202102714240 |
| SHA512 | f49e4e896f0dc3e3a43ad2be514aa15da4033d5bce440887e4341d417fc506cc1560978f48bcad32604f765ec44108ed1ca7d1106fe1e0b5b7a6ab4f83234db9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3b376006d45b22faa3c4a15e06fe60e |
| SHA1 | 30948b7302370be8fc32b335342955b2832c2731 |
| SHA256 | fe466604e2d0b3fa0debf3d6d115c991722b18c505201634b2d6047310a03aaf |
| SHA512 | c9014f7840e68be44928a3f2269054455b6bc21b9675e986931d7475e851c528c06ccaae5950d70230274fa0d8623c59b0b0a00d51b26779a2a0d5dbb97428a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4efc238d74dc4f5065f3bd0360beaf21 |
| SHA1 | 64331c0f9c06f477c2065e4280097edd7f4fab2f |
| SHA256 | 226075e8cf7c14331c2c182c2e7090a689a5e5bb003e515104802e148aebae7a |
| SHA512 | f722e1507cbc084db0e72c77211247b010d48bbaa7ae0958ae4da2ad79fc838135f66d49d95f8db2b0a1a8d7f04fd1a5ed1db102534731ec57b00a833ed5d160 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72dc44e5e88e988b54fdddf37be9ab6e |
| SHA1 | 615d013c0c04dfa178f839539c99258037c00354 |
| SHA256 | eb650a7bfbe3ade1362b6da17e8db6085d57258b83a3867ca8e7cc6667472bcd |
| SHA512 | cd1eaa389f324ee8cd221f4defe082b5eeaa1f1d73bacb14d3438436c2f5ca29ab9686f394aa3084a9ff78b079fa2bec925925f1b7d533497ba49714cea766a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cbb7707fc585433e2103cbeefc5b79b3 |
| SHA1 | 7f03bd59e7c973dba108d6e2fae01dd3c64c7611 |
| SHA256 | d32ad5b17066cda4a7eee496f296bc4100b7765eda7d566d981aeb48379e9251 |
| SHA512 | e0f13c6e4b43c3eb80c8e1df1edaab41b860a9184b4b0d82a0156a87b2365402c9d1857ac469df610076a253cf76dc71dd61ba26b3720df883333a0d0285fda0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c18c1232f0b4e7be90c2ebe626cba8c |
| SHA1 | 52a6697a6cd9d44d488ab60f8f38759f52455a7b |
| SHA256 | 15ba2acc8f893dfa38156b812fd25d296ab6bc7c89e61870943223f020ed974b |
| SHA512 | 5f59660acf7380692416eda4e05409fb2024af338623b159659460a6b436a31c97bf7cb534a63f5c331b3e25484e4339efcd599c69f07aa4db528ba78c5dd606 |
memory/4004-639-0x000000001E250000-0x000000001E5A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8401a889226e75732d9b87df184abaeb |
| SHA1 | 66591cc410610b9019742086903ac55007a793f5 |
| SHA256 | 7268d99dd1bc343858ecb4e51ccdc5b5497a5ec1263e7d6de5a5d8040d8a19a5 |
| SHA512 | 9ff2250ef3f01cf414addcfb296c9b72759f0cac8aee9ebb2d72186a87462da93faeba59c43f953b5674be179b824b808d9cb6ee7d253b8a0932e5ba7514a54d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a05a35d5d2b7a74336e16bd60fca2ac6 |
| SHA1 | 1d6c00fdf6a2fca224d06fe3d744ab90f7e2c47c |
| SHA256 | b0e84962793c76987e73ec7961d0479ab76bce08ecb1e2292c522e157a84bbfd |
| SHA512 | b62ecff11e46addd4ce3dee62953bb287ad14e8824561253652bfb9fe408f5d7787113530aab2e612984b1d70e1d06476a43b19c08dda3cf3512e96f5f7f81fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | de5cebb80b16d136f77107d9f5ebc599 |
| SHA1 | 02e6fd17bf7fc0dd49f5068f2969e8dfa9b7e407 |
| SHA256 | 0225ed435ea0c2aaff1a410502efc1df741f3881213daffcd6d86370e484821e |
| SHA512 | b0e6b45d0531970c9c5120aa18d4b9bde44a9ed0dbdfbe73c95f32ab19a5cedc480e24b59dc87304b1dc1fb0a83439bd51b3f5482a807ddad0418e7d4081c631 |
C:\Users\Admin\Downloads\897c21d1-f506-4c31-af4c-0c2e5941a4a8.tmp
| MD5 | 926eff7abf8f94579d34c71ed85ccc6d |
| SHA1 | 23b9b6164037d0eaf4d258a8ff09a8899da3725e |
| SHA256 | 454141d9d5fe953feb9d2620e9f428030364d29904c3116c9abef7fd5fbcca41 |
| SHA512 | 926d9d6551c8cba273759e32a37de996c2c0460b8655786d6d3d7b6a76cc8bb1a17e15944f9ea62e5a1dc2aa9252989ebc8f5eb9a8cfd3265cfc39c82414191c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8486e768cb37f145a6fa79c64eba7baf |
| SHA1 | 3ca665341f656492f3a643211ae5deaeb7f673b0 |
| SHA256 | c7207c215711e715c5d17bf5598ed1afe94c26d556181787a46963087671ca16 |
| SHA512 | 27431693f0c477fad88bfbc8a54821c3ba678ce50d84d1dda94776ef71391906d7592fb86ec8e2f8dd6ab4cdcdade63981ddb7619b519c76a5a21af77dfe8fdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68447fcfa5c8f4747bb49f14e681f0dd |
| SHA1 | 19df9cf466df27c9d324c6092931b8b746f43cfc |
| SHA256 | 6adb1191baf5fa200d1062796a2adc46d8d5be7d04498e5aaaed46a55755f1cc |
| SHA512 | 3276d874cda532f57134b515c6865b551c24fd9097d263aad046fea0d0b966302ab7824f4d48bc0d90d4d197d24aab3fb4dcc9de27758c87654907d9eda33e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2317f4e2417239ddce19b1fa810db27 |
| SHA1 | b38703852fa3a0d4c05aab1a0ae18ad1fb631e3d |
| SHA256 | 638a92e21cd9b0ea6a0ba31042810a514ab668bc8d3e7b4933e43e2ed483760f |
| SHA512 | 52a61dc42fe7d587441487c76a1d1ce1dd43689accfb5c849614c3a2555965cff2e0f1521e6ac616e18341aafb285d6b6959644ac6c4e9726badcc7d1383448e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | fd10d98fd2a35312747e1e68c2e69eaa |
| SHA1 | 76e612543e4ad3604395cfe74e840632828ca817 |
| SHA256 | 2607b882f9e2a4f4ab5d356e7797bfa8787a56339b00a88af9ef5e519dd2411e |
| SHA512 | 93f630852ea74a524a95d231f6466567cf529c7a401f57a2b6093748dc7c3e95719727eb3d2950409a47ad77d268adf086fe02b6ee40c14cc736b45646da1627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cfc6a6bd8b703f485c8abe206f56f116 |
| SHA1 | 351b4524817b9d83b2e90251a09e4e6258280ad7 |
| SHA256 | 595131b6e9322044bde24d26c1b62d9bcbcde3e4bd3d8aa3939d157917d17fe9 |
| SHA512 | a3be243f271d662630b95e8a0a113c70ac5a216da25e2e4f6b4d12cbcac10e957b932eb3bf73a52c0945806d00dc53d01bf60de4fda2bb3e256e04eca30c916e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e9f246702c75705934405b36c90e6a5 |
| SHA1 | 8fd146bc12d02b6eddd59692f7f01918fdd3f443 |
| SHA256 | fc24584e6a54c17fbf308da3cd19803572dce4574ad5b5e8caf6c4ee5677bf1c |
| SHA512 | 69647179f006b4ebffbdd2ef693ffde1c0682c8bbf7b42bb50265059381a9665cf20856f7233dd6071523ff4b48a45c312d8a2e3aa4dce5371fb487304f47aa9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ddef47e002ce802599dfc4c96a2a92a4 |
| SHA1 | 8eafae4526d21df01dc4d17395be80847b19db8a |
| SHA256 | bd0a03b35aaddab4814640568ae5baa7a8d487416f9397e9996911b15229540d |
| SHA512 | a701fb4959170447cd1242c2dcd0191077bc2f504f177f040e0e116d1c25b331188f5db100af703359e1905b0ac438a418c2b62470dfa80dddaee2314882ea17 |
memory/4004-793-0x000000001C170000-0x000000001C17E000-memory.dmp