Analysis Overview
Threat Level: Known bad
The file https://oxy.name/d/ZzSh was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Drops startup file
Executes dropped EXE
Adds Run key to start application
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 10:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 10:38
Reported
2024-05-31 10:40
Platform
win10-20240404-en
Max time kernel
82s
Max time network
83s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk | C:\Users\Admin\Downloads\noise + v1.7.6.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk | C:\Users\Admin\Downloads\noise + v1.7.6.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\noise + v1.7.6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\noise + v1.7.6.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe" | C:\Users\Admin\Downloads\noise + v1.7.6.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616255447685030" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\noise + v1.7.6.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.name/d/ZzSh
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdc6339758,0x7ffdc6339768,0x7ffdc6339778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=304 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3100 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4540 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5280 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5424 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5360 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5524 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4976 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4900 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5856 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\noise + v1.7.6.exe
"C:\Users\Admin\Downloads\noise + v1.7.6.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\noise + v1.7.6.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'noise + v1.7.6.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404
C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3080 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:1
C:\Users\Admin\Downloads\noise + v1.7.6.exe
"C:\Users\Admin\Downloads\noise + v1.7.6.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1772,i,8972180410724176668,15669658329271319787,131072 /prefetch:8
C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\noise + v1.7.6.exe" ContextMenu
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW87F8.xml /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j5iqvh0c\j5iqvh0c.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8AC6.tmp" "c:\Users\Admin\AppData\Local\Temp\j5iqvh0c\CSC6E0D9CF18BA2439BBD373BC524A23161.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ti0zy4c1\ti0zy4c1.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8B53.tmp" "c:\Users\Admin\AppData\Local\Temp\ti0zy4c1\CSC56F009CCD6804AF8A631D1F2DF4CC784.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\015z1j3c\015z1j3c.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8FB8.tmp" "c:\Users\Admin\AppData\Local\Temp\015z1j3c\CSCEF23266B7F3C4B4B911BCEB02C16A6AE.TMP"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | oxy.name | udp |
| US | 104.21.70.24:443 | oxy.name | tcp |
| US | 104.21.70.24:443 | oxy.name | tcp |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| BE | 2.21.16.25:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| US | 8.8.8.8:53 | 24.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.208.178.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.16.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| GB | 2.21.188.27:443 | lg3.media.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| DE | 157.90.33.122:443 | system-notify.app | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| BE | 23.14.90.90:443 | ced.sascdn.com | tcp |
| IE | 52.49.127.135:443 | adtrack.adleadevent.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| IE | 52.208.229.79:443 | p.cpx.to | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 145.239.192.166:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| RU | 212.116.120.34:443 | ads.adlook.me | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| NL | 18.239.50.97:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| BE | 104.117.77.187:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | 222.46.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.192.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.127.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.229.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.120.116.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.50.239.18.in-addr.arpa | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 37.252.171.149:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| IE | 52.208.229.79:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | 56.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| GB | 2.21.188.27:443 | lg3.media.net | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 104.21.234.182:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:53 | 182.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 188.114.97.2:443 | tmzr.themoneytizer.fr | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| IE | 34.255.81.198:443 | id.crwdcntrl.net | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.81.255.34.in-addr.arpa | udp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | first-milan.gl.at.ply.gg | udp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | compatexchange.trafficmanager.net | udp |
Files
\??\pipe\crashpad_1580_RYCFIBOAPWDBFRVH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4a047b5d49f4dc28080511647d7ec435 |
| SHA1 | 3d9f2a9a28f351f1b4b766301bd94a692a266927 |
| SHA256 | 44ff0da4d7c63a2658f275e0fcf81423cff38d5251dca2a752790f030ed4b723 |
| SHA512 | 70d6dfbe6f4d4eb2884d9c2967cf75230ef5dc5db50db968e6d297c7d55b51b83e7cce28d4865f2c8e17e25d2c8e67b9a63c164cd6fb8146b4c2356d5a126b17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05823f8eba3e74ce84aee03c9c61e932 |
| SHA1 | bec61ad30c2de77145b0e89b2535346026179c10 |
| SHA256 | acf24de13799aab96f8b83f370cebf3e8a27c72d06d9ca48872d941f990c226d |
| SHA512 | e632198fa7253c6d0646d9cd0c939028ddbd2bac465c93b40178312db15d24e48c0762e911c03c6355a3ab9a28428434b725d81a7ede0649ea25133777cba60a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b6dbb6c7a3fae102ba94b76dacacbb1 |
| SHA1 | d3e2d6176c4d2af02e765bad3c85b4df7c71f788 |
| SHA256 | 44ac26fb6442e8dd0c625fe2421641f14c1ef28bf09fe3e8ef1c55a4a3d9946f |
| SHA512 | 13c49729d4bb96dc44a2dbea01e8073400c10f0d80252e9411f9140d54e2ee6607116c7e0ea7379dc60745fa30a55c1663860665c26d6c6f52e97f43dd9fa6ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2acccb3b4b3b1b9c91b4cd6bb32be08 |
| SHA1 | e59a4a9f73b544e85f0c705731cacff2225cdb65 |
| SHA256 | cd6902c46bcbde7260e6da0ab3c1b0fc22ba4fcd446cc6d472ba3fe397930a0c |
| SHA512 | ec953a076028cacec407c6cd4aa9eee4a343085e1c07264bd1ca458d7799e6c344f154d63e3a7bba111fba95e72c9d46d873fb6b1ec71dc1a312ae97843586fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 987198a0dd38810704e77ab699446c56 |
| SHA1 | bebbbd9541d98ea7bd20f3db3a1c32d25d32bbe5 |
| SHA256 | 2b90e1a1acd74b074c259ff03ed0dcb69e538b369d801c90dd1e59e8106725a4 |
| SHA512 | 23409f0f9e42f08488e59cef537799ab52a7029503e03f69e8ff87cc9a8d7a7467a37b10f0fbee0600287349a3cdaa8945bb7037a7604253c16bbec6ab9a40f0 |
C:\Users\Admin\Downloads\e59d8f2c-bb08-4b93-bffa-4b5a884ba515.tmp
| MD5 | bd76dd12e2af9c7bec1c7eea9446fc47 |
| SHA1 | 1b76fe3d9c71b76a761be37f3de5828ecba92176 |
| SHA256 | 0b9f90a88fdabab36fc791eae84caef337180aaa70f90e05e626eb74b26637f0 |
| SHA512 | cb89b378ffa9c0a8aacdcf0e827700a5268f197aeff27fd52119b55b65442ae31845c795a1675b4b10de04c3f830eab9a7a8d6a96fb8854f335bbc54d1aa57cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 57b3bc40d459dff26a8dcc1bf2193524 |
| SHA1 | d4b3e09bf8479e70e81e70f83e1e11ef5375d514 |
| SHA256 | cbefe208b1fea05a2a33f776312f3d8ac8485e33ddc74ed3e111dbb907cc43de |
| SHA512 | f9a968037698b81a2b30e2302ee6dcd2b7b76da543eda4d627c272a8a9e729c2c3015ce452cc1691637d88bdc0575d455412481c8fd8a934201255cf9fb9a4a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e232.TMP
| MD5 | 3df0ab71eff0574e66d7aa346adedf7e |
| SHA1 | d2623629fa68fd628bee4e07a111ac245373cf00 |
| SHA256 | 8c141dac3f58ef98ea99a33a360f0006d3add37a4906b72915a4f20dd2bdb9bc |
| SHA512 | 6d670ecd1d603f5d3cfe0ef00d3a929e89777db77c483b0d45fc8cfbae98c0994d376876ea449e9310af613bff639359020fab36bb65b4a9de3545eec3d64997 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c412258e993be41f77cfef7151e77a3e |
| SHA1 | 32f0d3a2d5435e191f170704435c7b9632f6e4a8 |
| SHA256 | 7a227d63e2c0e45de213a5cf7fa25b6791ee5b3b179abf64b3c5acc4bac3d670 |
| SHA512 | 24cca5cb0c944d376f1d5b9b2b44f84eb01531859e154e2f0885d2c49c13725c234507d6a5946d5c8a8008398d928c2fe4897c505dc649e2269c96c6905c2160 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8e93ebe1d9a0203ff0750c1689adf93 |
| SHA1 | 6c8d7c686809f96e09b20abf4efb52f5fe250a3a |
| SHA256 | e60db32016c52a2d6eb2472fbc8c4399c4e0cd51ab4d6c1178c5b1da980971e3 |
| SHA512 | 76398244445d27a05e5f1eb73b067bbee81860f00cb3bd89e310622e23b3675249a9a92fe94b69f79325208a26bbe6d45439416f6a0cddde1b9f273cae4a9c4c |
memory/1556-314-0x00007FFDB3063000-0x00007FFDB3064000-memory.dmp
memory/1556-315-0x0000000000A90000-0x0000000000ABA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dc08bf9ad839b6b95d9023377473bf4a |
| SHA1 | 206b207231c4397540c2562ba97e72917dd9b4d3 |
| SHA256 | ca2325b072770253d1dbe6fb76eac608d9c178eb0a0cdd072b9b581cdd096b06 |
| SHA512 | f7f88708c124a8db51da9c9fe49da50448a012d3eba080d86798c0c0111321a42e278ee9febbd9088f484efb883cfbd708542545769f6d19fd17a6621ea4ab8b |
memory/396-325-0x000001FCB8940000-0x000001FCB8962000-memory.dmp
memory/396-329-0x000001FCB9430000-0x000001FCB94A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m4eejv32.pfg.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 8592ba100a78835a6b94d5949e13dfc1 |
| SHA1 | 63e901200ab9a57c7dd4c078d7f75dcd3b357020 |
| SHA256 | fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c |
| SHA512 | 87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f3f6d221cfad648abedd264cfb239ad5 |
| SHA1 | ea1cebf998f83c0afc7fb8e951704ee673bc9516 |
| SHA256 | 209ea643b7c7a2bed0ef3983fb4185d919268be3abdc4e243f785a3d29b2bb92 |
| SHA512 | 2b700ecf175162516ea399bf646c33e039372db0e4ddc9c4e911882304f80467f9412ddae8b8702facb978e1648e804b4c95051591758ea0905b8927df331712 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 056710188a47be52b89277bc6abbfc53 |
| SHA1 | bbbe51ab68d6df303ca71cd4439208b6648f51e2 |
| SHA256 | 6ad7a7a45b1fb6c7975e721825596a4e3fc28c814c33236caec9c1c8fd6afc35 |
| SHA512 | 34f9a2d16f86d1fb9bb05448d5bc902b47f7045fa53e7c3a1f6302e5f81d0c25481d405ed426151fc7129d54b816eff787f04c29aa3eac2277255bc2fed78256 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3658c9c43d32aa3628057e305dd35b2d |
| SHA1 | 32dfd649c258c13028f01dd07d76f34857bd758d |
| SHA256 | eab3f86cc1054e8cf60e87cfdb61b4fa23dce637ab83faf97c51e0a76f6d246d |
| SHA512 | e3d21a766c27b86c853a6b72d54bbcfa4e7f8940c1203979c55c227469edfef0692a96ac460bca906e28df297ca951fbb2d2889eb83f234def72b87ff3eb8288 |
memory/1556-509-0x00007FFDB3060000-0x00007FFDB3A4C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 09779ef96a08535116e673ca890e1b3c |
| SHA1 | e2082655462464e5110693706402e3698cc1909e |
| SHA256 | cb6a8daa9bc767abb395d5539161ef7d4c4d86c65ac5c115d8235dfc283b2d9a |
| SHA512 | ff2025ba3ec449fc01fc761c2f0210b4986a289bdab91b351ea6d15a1240b7f2c7e58a6f5155648168381cefe647fc477028736a53d1b7be6bcca791dc161ec0 |
memory/1556-528-0x00007FFDB3063000-0x00007FFDB3064000-memory.dmp
memory/1556-536-0x00007FFDB3060000-0x00007FFDB3A4C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c9e260a323722a95974058a1eaedcbd0 |
| SHA1 | 33b5d8301345ace5c2207a4063ced29df84ca643 |
| SHA256 | a579030bdbd1ee6204369b253bd7cadaae44f8ef7ba5e1f85d97e451914769da |
| SHA512 | f1447c8bccede6087852bb63082b22ad69b01c9ee5d77893cf7d62b0b70521f3e43ba08b7a404e30d5915eeb0a079397f3dac9c2b0797017c8b99d3ff72585fd |
C:\Users\Admin\AppData\Local\Temp\PCW87F8.xml
| MD5 | 31d71416acba3e8f74dac2f35563ac0d |
| SHA1 | 03e36076b9f29eb7d9e24803250c5e27c3bcad7d |
| SHA256 | 875fff721911bc8a0711782c6fd6c7e600da0c62e750ec3bbda5b505ee176906 |
| SHA512 | 29f5fc8386f753929f9efc62c7512e3ca8426fc0bb61e52b37168c1769f9db8d6e7bcdcbbaa833ffb63dbb18e280e38808329757e3fcb89eac24e18a89390bd4 |
C:\Windows\Temp\SDIAG_a1988231-3169-4d64-853a-39a8fb66afd0\en-US\DiagPackage.dll.mui
| MD5 | 65e3646b166a1d5ab26f3ac69f3bf020 |
| SHA1 | 4ef5e7d7e6b3571fc83622ee44102b2c3da937ff |
| SHA256 | 96425923a54215ca9cdbe488696be56e67980829913edb8b4c8205db0ba33760 |
| SHA512 | a3782bfa3baf4c8151883fe49a184f4b2cba77c215921b6ce334048aee721b5949e8832438a7a0d65df6b3cbd6a8232ab17a7ad293c5e48b04c29683b34ecee2 |
C:\Windows\Temp\SDIAG_a1988231-3169-4d64-853a-39a8fb66afd0\DiagPackage.dll
| MD5 | e99b38cf7f4a92fc8b1075f5d573049d |
| SHA1 | 406004e7acd41b3a10daae89f886ef8b13b27c32 |
| SHA256 | 812ebb05968818932d82e79422f6fd6c510fd1b14d20634e339c61faeb24b142 |
| SHA512 | 5637e6e949c24dca3b607b4f8b5745e0bb557e746fc17eff1274af36d52d5d7576723f4cd055fcf8fcf9fd267254e6d7fbb53cc173a15d3dfd3cce2015ac757d |
C:\Windows\TEMP\SDIAG_a1988231-3169-4d64-853a-39a8fb66afd0\TS_ProgramCompatibilityWizard.ps1
| MD5 | 2c245de268793272c235165679bf2a22 |
| SHA1 | 5f31f80468f992b84e491c9ac752f7ac286e3175 |
| SHA256 | 4a6e9f400c72abc5b00d8b67ea36c06e3bc43ba9468fe748aebd704947ba66a0 |
| SHA512 | aaecb935c9b4c27021977f211441ff76c71ba9740035ec439e9477ae707109ca5247ea776e2e65159dcc500b0b4324f3733e1dfb05cef10a39bb11776f74f03c |
C:\Windows\TEMP\SDIAG_a1988231-3169-4d64-853a-39a8fb66afd0\en-US\CL_LocalizationData.psd1
| MD5 | 5202c2aaa0bbfbcbdc51e271e059b066 |
| SHA1 | 3f6a9ffb0455edc6a7e4170b54def16fd6e09a28 |
| SHA256 | 7fd5c0595d76d6dec1fcbace5bbcd8ff531d5acf97e53234c0008ff5a89d20e2 |
| SHA512 | 77500b97fcd6fe985962f8430f97627fedcf5af72d73d5e2b03e130bca1b6b552971b569be5fca5c9ece75ab92c2e4be416d67a0f24d3830d9579e5f96103ac9 |
\??\c:\Users\Admin\AppData\Local\Temp\j5iqvh0c\j5iqvh0c.cmdline
| MD5 | 2fb7297c922aa4e17eb700f808c978ad |
| SHA1 | d8a565d196fa590b9f2c3fc42f56800f4cbe9dd6 |
| SHA256 | f5be449e02e42fd579c9174cbfd2eac9c68fb5fbc977480d9f3012c793237562 |
| SHA512 | 7aaa6de0e8ebad3fc15c0c65432d98703442490b5b1047a618dff8546ee18439bf965c8d047156f20ce7b49ebc7c1a977e79e59db68f4897a9d5b42af70d9eb0 |
\??\c:\Users\Admin\AppData\Local\Temp\j5iqvh0c\j5iqvh0c.0.cs
| MD5 | 26294ce6366662ebde6319c51362d56c |
| SHA1 | c571c0ffa13e644eed87523cbd445f4afb1983d1 |
| SHA256 | 685699daafafa281093b5c368c4d92715949fc300b182d234e800e613be5d8dc |
| SHA512 | bc91bb591368bc511ca5169b3c23cd69a163eeb77f0d7a083fe09cc6aa15d7044a24f95811fa1518f44368dffda6d346f44e1568e7a5373a6450a63ae31883ee |
\??\c:\Users\Admin\AppData\Local\Temp\j5iqvh0c\CSC6E0D9CF18BA2439BBD373BC524A23161.TMP
| MD5 | 131419581651910298103d928f3d5df0 |
| SHA1 | c025b8f2137d9764aa1a7407c9f441eb815e0a1d |
| SHA256 | a3c4b7566b120c4c0ebdeb15631ad52dfc71396f0f49b80b0a0e6ace5696c6da |
| SHA512 | b58197f03370b5e881a31b7507057858a6abd13cd6a338caa82b7e04ad5373f5afb25f416ac0de0a794d09a09e3de265bdb9496ff5a96fc69966e3df39ca5005 |
C:\Users\Admin\AppData\Local\Temp\RES8AC6.tmp
| MD5 | 459af482dc206f4b72f38f2c52a64da8 |
| SHA1 | c0400d731543fabc5888824635a16389e5adc1be |
| SHA256 | 01767a82f208133a2f4a6f859a717f3294adc6cc2289e1460189f546407b96fd |
| SHA512 | 4dbb7ec91e8086f0956574400bed2961f53f178833ffa4340f53b4b00510bcf46444c37b897eca66765c875e8602fcb7ff5ca0ce38295285f5663a6c31924374 |
C:\Users\Admin\AppData\Local\Temp\j5iqvh0c\j5iqvh0c.dll
| MD5 | a7791f64600c8bb64b2c253696c2d8be |
| SHA1 | 0372bf4c961e40c36a1d2cf4a1165389faa49cba |
| SHA256 | 0bac4c88b2924116e2e036efaab175912f350ad473eb6ecf333856489b4c3f41 |
| SHA512 | 9dcdfe9ce098ef44d8b5d4b041463054ceaaff5fc4e7f93858f1708afd186df5250424e6247940bcbda2c35ff3d8c4392b5b1bebfcd3e21a9d24682d46917be5 |
memory/5200-718-0x0000019293E50000-0x0000019293E58000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\ti0zy4c1\ti0zy4c1.cmdline
| MD5 | dc7dfd03b948235a3aeefd777a1f2173 |
| SHA1 | 0be62cbc4cfed7c70f3e72c196fdf1bc4f9b600c |
| SHA256 | 1bcc900487fceaf80f5fc2638bb329b47e567187b598cc4adf603851e1923fb0 |
| SHA512 | 1d4493dfa9d67b710bbd5abbfeff89bcda257df9335032406877ad60a8fc270b99580bc29a5a8513de3b7a57d74743554a477c01249c794ca0e449d480c429bc |
\??\c:\Users\Admin\AppData\Local\Temp\ti0zy4c1\ti0zy4c1.0.cs
| MD5 | 3880de647b10555a534f34d5071fe461 |
| SHA1 | 38b108ee6ea0f177b5dd52343e2ed74ca6134ca1 |
| SHA256 | f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e |
| SHA512 | 2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969 |
\??\c:\Users\Admin\AppData\Local\Temp\ti0zy4c1\CSC56F009CCD6804AF8A631D1F2DF4CC784.TMP
| MD5 | 41510a755682c37855602398d7513b0a |
| SHA1 | 125f61e4c55a58de7d13579f23b0695a1d4391f6 |
| SHA256 | fc74f00eb93095d3de3560ab9b426311a9264aecfe5d82f657bce30abbc8278e |
| SHA512 | f6f2632e9441e5472c33f8d33b6c110c98cd1b286764a844c3025e4e8d2804c2f6a4a2e85afdbbd473baf9a9e8abdeee8654ed68075b97a7034b58429a4f2bf7 |
C:\Users\Admin\AppData\Local\Temp\RES8B53.tmp
| MD5 | 1e7914672b0f52d0023720d2d47b4e9d |
| SHA1 | 721afb9d1ab52d65d08ae98aca9ad9330481e93a |
| SHA256 | be0c985b4700995fc437a8a8a2ff55f87c43188f2f199cec006a75870d8832c1 |
| SHA512 | 4628503be3f3ca8654c6ce10dd9b718d53dbacc63dcb946a4036e27962937c1175ce548b52b04189e19cf07151da5230d2e2e14bb105382008a6c2afcac0e255 |
memory/5200-732-0x00000192AC240000-0x00000192AC248000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ti0zy4c1\ti0zy4c1.dll
| MD5 | 664365ac21a65ae591de59fc1317e4f3 |
| SHA1 | afd05e59e17d18babfa1d7e8f6d13213e0c3cced |
| SHA256 | a4d8dc54a089c028aba316eae4a196e27827ba7eb333bf2036877e2ee8de5c8b |
| SHA512 | 6ca5f2b4b48ce62d7bea49378193f7bea7cb017abaf4c8fdc2dab064b9ede99cca765d6a0aa9b2da89aef411cb4c4046c3157c4d013e7a68b48805a13163367c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f556d30bd30d7c2bd47b5dd04338846 |
| SHA1 | 54ce35ee73ad925ec2da3bf704f782e32484acf4 |
| SHA256 | 14ca60aa6f9121ce783d2c599b186e2ed4d0658c3f3ab3d00a78609756e891b6 |
| SHA512 | e2b7689af3367a55b72b9f58927ba825cf7adcef33bd2f82ea431566d851e4e68f0c5b4bfd23fda175b87e10cab42506f7a389fb458ecae1c51b16846949834a |
C:\Windows\TEMP\SDIAG_a1988231-3169-4d64-853a-39a8fb66afd0\RS_ProgramCompatibilityWizard.ps1
| MD5 | a49550a947238f4e23a81f8c765da712 |
| SHA1 | 0c3daf73301d87c958d7f4f840bf060d87312d8d |
| SHA256 | baf71bcc730ab740670653283eb97a6991af6d52bc82ad83dcc66e9ce9a9dd68 |
| SHA512 | 3f0cb6e664bd7a998f81b783abaf37dc68ea55360ab021611c2336999b4b61bf6797ba9c427ad93b60c6382cb016c2f8474bc3fce0af85c823583be1d3013f02 |
\??\c:\Users\Admin\AppData\Local\Temp\015z1j3c\015z1j3c.cmdline
| MD5 | adabdefc81452aebbfa0c86d429718a7 |
| SHA1 | da714dff0444793073bf571e136d9966ecc2f001 |
| SHA256 | 2bbd0387341d6fbb1f3265e6463aed1439d14371a6bdcdd0d513ea2620b71f1a |
| SHA512 | 5e78b8139e860b3b23669378ad4a2bf72d0873ed2d530731b485b15ab09e943e62765369973f6abf7db965a1278a60648460ffc2b15f74fba60a9950a2a5391a |
\??\c:\Users\Admin\AppData\Local\Temp\015z1j3c\015z1j3c.0.cs
| MD5 | a6a5eb65b434fd6612543820a3e623f0 |
| SHA1 | a2034ad0126c821a52d46d7c8289f136bde963c7 |
| SHA256 | 5e06c62640983f93e9ec11fecd221c238f537cf110f03a61049a25eb6030c02c |
| SHA512 | 0bcd9e7662731750f90510fa9f3f83afaa688636f0e312343ed05b420e4d3311d25b08370a705e2e43b0b4619541e0af9f213b27845b4e95155180ecf989d483 |
\??\c:\Users\Admin\AppData\Local\Temp\015z1j3c\CSCEF23266B7F3C4B4B911BCEB02C16A6AE.TMP
| MD5 | 45f5c94675cac279af36010d1a0f0664 |
| SHA1 | 34a34ec38f1ddf245e2e3d7eec2612dc646bbba6 |
| SHA256 | 0d7809b48c81cad2e228f4865e87e5cc4d5b3ea355033e5d2f266c96b452cb98 |
| SHA512 | 4871969c90825c58a0c351b123403f0624ed79c08fe2d4d12817c5138dabb329012317b07cb34bfdbfcdb4f0b9752ab67414c900b52d3df036580ded2fddb994 |
C:\Users\Admin\AppData\Local\Temp\RES8FB8.tmp
| MD5 | a92d26e5da9ac92b81628e34a1b603c6 |
| SHA1 | a68bdc814d6b533a8558be9418a463a6e9ea437f |
| SHA256 | 5e302947358154cdc589cc09791dd33b19b08b12a01d6822b77076af8e59abe8 |
| SHA512 | ccf884a8b847ce531f58737699273f556277d845eb439212980baedb00fcfee764796a429afa238bc746f2f1cf219f38dcee985c96cc26783fa3b700d74c1de3 |
memory/5200-777-0x00000192AC3B0000-0x00000192AC3B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\015z1j3c\015z1j3c.dll
| MD5 | 644151f826509272ae9c4c7abd1a1ea8 |
| SHA1 | 7b2da49d8d58778ae70160cee696f6a2e2aa15e2 |
| SHA256 | 425c7cb236c0d8217e3743efa0ffc47d054cb8471743a1304bf42d8636a6700c |
| SHA512 | 6387d5f575125c87b72b9305bbf8d6297ddf6f49207e05aa169ffd03bb13775ffe1ee6203992971b4144bc64e96233e1ebf873ed6341cca99b2bc71cf4df0348 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024053110.000\PCW.debugreport.xml
| MD5 | e628c5f96e05f25edf0fe305f78d04f8 |
| SHA1 | 8b749f9a4ae66f6ec0a2f02be7f0a8f72d5cfba9 |
| SHA256 | 141d418e6ccfd83021fd716732f2c6b278c605d89fb28e9ab915af5d567df374 |
| SHA512 | 1b65e880174b0443974f62eeba7140fdf52f186cb2fad04ce7a2c54c987dcc2913e98597f3089d0c3ef1862ec337bbb3f2b15b2d3cd5b701b4c2e3e31113d7a5 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024053110.000\ResultReport.xml
| MD5 | 9f383c14cc9193e8d87e2774ee0e93ac |
| SHA1 | 103b7f9cadbf898b821ba41be2407b1852107f73 |
| SHA256 | 54d6842f04cf9f0eccfeb6e67f2c5bb88e786ec7d73b251f34aab0eb9740e31f |
| SHA512 | 959ba272d7c95df9af8b43c344a2facf88fffa93da3ea7fd8c3e506ee1a18564387b07408d3e1f60708005d86f2d954d8f055a90876a2e7b9f23b1573519c9ec |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024053110.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e9e4d130a198863e7497d8a015db4abe |
| SHA1 | 2e72fc51feb82aed5410893b46640f8f1b749b26 |
| SHA256 | 57f3225b762b2a73a36635af27970ffc7049b089ae239484f51d96dd777105ab |
| SHA512 | 38850f81bde9024246cc107df8fd836ef04839f2c83bb8ac29c6a236760b9200432b5bd59bfa159f1573561894569be647c43d8e57406a0573c10e7ead49d33d |