Analysis Overview
SHA256
e09150ad7900be094ce6ae093029695261c7d23970c02f01cb3a420d69e74b70
Threat Level: Likely malicious
The file evilvirus.txt was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Blocklisted process makes network request
Downloads MZ/PE file
Modifies file permissions
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
Opens file in notepad (likely ransom note)
Enumerates system info in registry
Kills process with taskkill
Modifies Control Panel
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-03 22:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 22:46
Reported
2024-06-04 00:08
Platform
win10-20240404-en
Max time kernel
192s
Max time network
323s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Monoxidex86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32 | C:\Windows\System32\wscript.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\s1159 = "Bolbi" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\s2359 = "Bolbi" | C:\Windows\System32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619329942084116" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Monoxidex86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption = "ATTENTION!" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext = "Your PC has been wrecked by Bolbi!" | C:\Windows\System32\wscript.exe | N/A |
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\evilvirus.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffea7aa9758,0x7ffea7aa9768,0x7ffea7aa9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1988 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4788 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5856 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1916,i,6342806621569894747,11975225463040905668,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Monoxidex86.exe
"C:\Users\Admin\Desktop\Monoxidex86.exe"
C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.exe
"C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\Bolbi.vbs"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\Users\Admin\Desktop\Bolbi.vbs" /elevated
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x334
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\af.txt
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\az.txt
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\eo.txt
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\fy.txt
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ga.txt
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\tk.txt
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\License.txt
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Common Files\microsoft shared\ink\mip.exe
"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff65ac67688,0x7ff65ac67698,0x7ff65ac676a8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c C:\Users\Public\Ghostroot\KillDora.bat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\reg.exe
reg delete "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal" /f
C:\Windows\system32\reg.exe
reg delete "HKLM\System\CurrentControlSet\Control\SafeBoot\Network" /f
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /Grant Users:F
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\
C:\Windows\system32\icacls.exe
icacls C:\Windows\ /Grant Users:F
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | pomfcat.000webhostapp.com | udp |
| US | 145.14.144.16:80 | pomfcat.000webhostapp.com | tcp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 145.14.144.16:80 | pomfcat.000webhostapp.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
\??\pipe\crashpad_5092_JVFSHXSVPZJQOARJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d678874d261080ffc829d08b5e73cca5 |
| SHA1 | 8eb57df841ac77718e2877e702b026431eeb485c |
| SHA256 | 90781e2082d52b28d205c85e4b3ddcb64670e3669cbdfa3a512510ef42691b8a |
| SHA512 | 1dc31eb238496be9409396cae4f2d246e1358fb2c1562d465ebee06ce590316c4247956fb44459be04ca3a0024e25b014713b128d57ab19dd9948a3af8e92d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 478caca274798907d0d4cc54c8cccd2d |
| SHA1 | 3eb6efb6088d18addeffd9b31c4966da733d9d8b |
| SHA256 | ce0e6e5c53c8575cd4260094314b3e20ac197d3c81dc31777e8b294e5662de20 |
| SHA512 | de2e7f6ca6142c054949912685bd719a08a62184d70b8e4de660e420ba7e1ef970a0c8b2dbe79a08e8eb190868a256abc83a1c7972afc93004bdc8e655481886 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 67f7bf549d7eddda2fec9f7244638616 |
| SHA1 | b16ec2c2ed85c0137af6cd966bc0d807d6968e63 |
| SHA256 | 7de3b7f5d697a5a2eaa7c568caf1d546d384fc801483d24677da7da18ff9b7af |
| SHA512 | d764a1e0e295fcf74aea8705656c99fb6af254a4eb55b5aba09d69232e476bbb95fd7bd4b050d5558ae0c2d9c0cfbd392aae5116129c8ae469bf25a411a14f38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2002be27c6e7ee053609e20ed9edf94b |
| SHA1 | 94df7bb098872b0a6331ccbf86089bab2637909c |
| SHA256 | 00cae7c686dc207ca9021dfd895b4dcc5ed801d7469ab17a739f34a87fb73cc2 |
| SHA512 | 7b85433ae035fd60e6c47adf2fcec3596a2465b85a92098481fefd3966989d08d896b7f01b5c7977d9de6965ad221916da5aeaf0d338313b07d732850a07bd1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4545052219db35b74cd49454472f477d |
| SHA1 | 4f856a6c7dd03a94d32e0c49e33a545a10bfcdad |
| SHA256 | 1092843471eb424bff2ea0a13e4c5b74fb436f004ea932717825ebee1847f1f5 |
| SHA512 | 0d46e3c2e5a6f08812aa6e1b789bb5ab9c57b64705e9b3e2f9b85f8dfcda62be275d9f0e63e056d13b1870272a9a4f16260d73b1458a5f938eb26a92dddc221b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d79d3294e100009a3b77f5f84c51751f |
| SHA1 | ecfe0d20c84b1d9a1a7741948b38c3e8a062a0d3 |
| SHA256 | 517a892a360a053da242d85a4e72e99267fdf7494c29b440415b2db85e62580c |
| SHA512 | 56a94ea719328234eafbe75cc14ddfa33da1df709438f744635b084620546221bec7ac5cd6740b61c462f0ec7a9d6ea2aefdb007ea3a6eb0dbdc660ceaab76f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ba401a0afd537046168ca98cf42b3e30 |
| SHA1 | 9b94d31dec1eda1cbf281fee207d8a04222519dc |
| SHA256 | b99d7e5fb86fb5e89414666812d7bf2c65cc5a3895d1a464541a03b6b995912b |
| SHA512 | b97c61a40ccf25db25dcd9f86d899d59fbde41554e17a25a96fa16077e1910d8ea77531101d8268c532e357c801196a1e2583ee679f137ced809a31fe0888f88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5cfaae88ec211a0ab3533c05e5afa8c4 |
| SHA1 | bd50a665927606d7ce70b6f12b77ea5cba51537a |
| SHA256 | 1583122a24481964b28afad3cbe956c6626d2e32fabbb985bade493435dddcda |
| SHA512 | 92d92bdbeede7009c61bf01068903ffda0f1189ea60298513ddb64337c59461f7ebb105ffa6f10bc56d57d538f337a22f0721774665242185e7093d6e1596800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c1222da94fa13808256b64014a03cb2d |
| SHA1 | 18c25430b8578a3112bf7ce9c9a9df98df638ae8 |
| SHA256 | a4135f5cc7c3949c988b2fab7ad13bf04c293666214e4aa6ca21f82c75e07171 |
| SHA512 | d20057972cbce888e46086be77bdab4f7c9af5a1ee709c4bde181e5bed5f08ad7111a771a01fc4e7f3f5d2c776eed370ee51a8e5325186a8b233bdffcdda7685 |
C:\Users\Admin\Downloads\Monoxidex86.exe
| MD5 | 5c378b11848ac59704c2000b4e711c30 |
| SHA1 | 6a46c53fd89b1f66d3fdab7653181e8a3e56d418 |
| SHA256 | bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e |
| SHA512 | c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 29442d623dd158e65d2f9734ac4beac4 |
| SHA1 | a02ff2fe790dd6d6aeb144d886905c856565bf62 |
| SHA256 | a1bc459dc4ec75ed44082192c15157c87499ae50e232b14b1d9cec6804cdd9ac |
| SHA512 | 3fd96fbe2cd24cac8685c716878d4eee06e12735bef3a90477b7bb2aadfc6b16d310c9d53deb170ea20a59083938b3d720c769913b3ca2f65cfc370238e92a58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ffcaadb5e69036b00c1947bc25a18b8 |
| SHA1 | fb661a70b7761a888a8dd6ac8d9be14e6ea0912f |
| SHA256 | aca7e3a84f5fe549889a5a15069fbc0f846decb9e0cfa753ec77b4a0089413a3 |
| SHA512 | f37b708a6220c2bb49111fb844580bb3c3c5cd0ea0c8405f084dcf4921744e8f43192e243e52b485fef43f7e818e698f6297f03ea42888ce9f5bfbda2e24a4d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8dc0b955ba57e1f2ae8ce4898738d0ce |
| SHA1 | 7e1699081125de515cb5c92311a3ddaa1c365824 |
| SHA256 | 39c075bafa3f94f3c7e83a720b0c6c1e484cce8a49e52bf41e1956fa07024812 |
| SHA512 | aafd5a1753e9b7267622e576e55082036696ad49a33fd49c7613d5777bdf7e4a0c9c954caf18612f51365ee79254b48e570696908f6beddfae51057ca7bbabd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afa9879d4e08796fd09b90b0f4f797b9 |
| SHA1 | 0f1874091f6d1f43273fe770e9f396f9d6911bf9 |
| SHA256 | ea4403d52a07e426ac45d570da19d9f7fd3dd264d459b6f7f1482d6162e10c4e |
| SHA512 | a6f5f8c05c8755f8b6a8c96347cca28aba6323900a9d2bd49abed61cb6922fa5c4b67ac84aad1edb33a5beffc3bc348fbcecc74719c102d1c38e17b257e51a90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b9777fb863174b7a29d823465929d443 |
| SHA1 | 021bd6f485802fac5597e3346df63a347de09ae2 |
| SHA256 | e9dcb36baffa513b096b2025d79719a22873567dca774347859bed026852a1b1 |
| SHA512 | ed43baf212fc711bc56559fb028d25359bbec13087be726ce4fd537416fda711a47f0c2b864faf94fe4d8b1f20d7149ab3621ef4883305350a8b68559c0b2eaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2e0075bcaf4597accdbd090f4ea15260 |
| SHA1 | 29aa4a5585c02afae6ee9402b1a4a6f9314eea39 |
| SHA256 | da34921a62bd8da5520d2d195789bfbd93cca13d33b2c7ce3b0263587f6ab78d |
| SHA512 | fa515d9dc6d1d698939523475f41f3a8ece863b3db5ed9cc1edac5bb89e360e7655b4f68b1c6cfb603a15f4de3306bf94ca332a6e7de2880dff92947f7e15092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 685cf0bb2d60dd8b51bc57a7d10adbcd |
| SHA1 | 0f8a9ba2f3ba98e19d61f19257921d85f0941e8d |
| SHA256 | 0099973aa9ddad2c663110c76fb178f53043ff114171bf734ad7cddb1852ffc9 |
| SHA512 | f2ae6f6b2b12b2aaa27d95911bbc41654e4f4e95d9d633ed56b22d99d9e1b4f97482ef5bc72270781abab1767d473a2e760239465192c978b88b7a0fd446270c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 18c865e748a898c47ec5e46783e43ae1 |
| SHA1 | 12205377e032e69b268eff506cdc185e9955b360 |
| SHA256 | f8782bd277b796f91bbfeed30c26530c49ec28dced41766a74da70d9cb9c2f08 |
| SHA512 | ecb3c83e2ab9d43f76c6c3c1921fbb5804b4ed8637c3abfa2511a4fc61fbb81d66532b0fa13359b14aeb893a5e6a83c5b65c951b0df257a1cbb96ada42fa099a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b96b3364846e552a5eb218bd0fe1c4d8 |
| SHA1 | a32c58ad0800c504473ede884d31811f961053d6 |
| SHA256 | 4cdd84b32a05ac5cac5f59080ee07218eaf7066725c9b59d86bdb21b993d859f |
| SHA512 | d1af9973bbbaed119cbc7fbff021165a142970796cdfcdf1e3fac1d093143e0d6da3d921cee7218cece1fcfc66d231da272e39da658f3b12289939dbb432ca28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 9a1d921b0c770783e0357041099e9680 |
| SHA1 | 42beddf4b39fb2fbe9a7260eea3019092684f249 |
| SHA256 | c808451098c0df5a9b719330399c705c02a821dabd88dbe68e3dddd550396972 |
| SHA512 | 16989cdac587729dba0a07ad2bf53d91f3a74f318ac018792547f624f58af7fc1f904dd0bf4d781ad62f5fea62c412ba6587c5c4d181136fe5cd7fd45a51c0e0 |
C:\Users\Admin\AppData\Local\Temp\迲敫遅東薕摁淸攐飅蹅貒鮻庍晈閕鱩.txt
| MD5 | 2c8074140e0328819408a247f61020f1 |
| SHA1 | f66e5af002a390d4731cc9b88630b1138042113d |
| SHA256 | 1d445f5076eb364b9de23afc0501703a97f8c0fd20280c63237af25e9de48ac6 |
| SHA512 | a559e1ecdcf0eb271e126141509f1b73e66acb98b487695f3c6397fed8aa2cbfe9363166765d604b160c598017f7133a9e64ca2be9ff46cc042f2a330415d5d9 |
C:\Users\Admin\Desktop\Bolbi.vbs
| MD5 | 99ec3237394257cb0b5c24affe458f48 |
| SHA1 | 5300e68423da9712280e601b51622c4b567a23a4 |
| SHA256 | ec17f950f6ee9c0c237d93bc0b766aa6e2ab458c70320b534212043128177b51 |
| SHA512 | af2394d18f672def6d5d7081def759093759205aac0390ca03591c58c15a02e463a68b583b6fc28ef1368922b4bd5f9072d570ee97a955250a478cdb093500cb |
C:\Users\Admin\Desktop\Bolbi.txt
| MD5 | b37ed35ef479e43f406429bc36e68ec4 |
| SHA1 | 5e3ec88d9d13d136af28dea0d3c2529f5b6e3b82 |
| SHA256 | cc2b26f9e750e05cd680ef5721d9269fe4c8d23cabf500a2ff9065b6b4f7e08c |
| SHA512 | d1c1ea6292d8113ce8f02a9ad3921e2d8632f036bdfa243bd6600a173ac0b1fc659f91b43c8d9ec0beaabb87d9654f5f231e98fde27e4d9bdfd5862ca5cb13b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 2d9f034fe011a3626c641622da4e1fe2 |
| SHA1 | e79ffce5333c61d94a36ccaf9cf1a72e03268656 |
| SHA256 | 34b2d6b896be4a5c8771e65da5d9342ef5f69880e9948b6a9522c06ca50efc00 |
| SHA512 | 703dae4d2a4f7ece62ef72c964d232b229964ca84638c916804a983bab85c5da30a2af269359261c3044a56e362341f442e0137eeef6f82ddb4fc97b358fd580 |
C:\Users\Public\Ghostroot\KillDora.bat
| MD5 | 4f08159f1d70d41bf975e23230033a0f |
| SHA1 | ea88d6fbdcf218e0e04a650d947250d8a3dfad40 |
| SHA256 | d6e7530e3879225bc21fc17859e5b5c71414375baac27bb361fd9162f4b49e0e |
| SHA512 | 958ac467e54d35c4ca5459853d661e49ea81efaa1ce3044114d577fcb757343a40ddb30b9f540cf9c100f05958a843bf312fa879c43bda7513643c824b318d6a |
memory/3472-599-0x00000000030B0000-0x00000000030B1000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-1739856679-3467441365-73334005-1000\desktop.ini
| MD5 | a526b9e7c716b3489d8cc062fbce4005 |
| SHA1 | 2df502a944ff721241be20a9e449d2acd07e0312 |
| SHA256 | e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066 |
| SHA512 | d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88 |
memory/4600-607-0x000001DE46100000-0x000001DE46200000-memory.dmp
memory/4600-612-0x000001DE467C0000-0x000001DE467E0000-memory.dmp
memory/4600-636-0x000001DE469E0000-0x000001DE46A00000-memory.dmp
C:\Users\Public\Desktop\Google Chrome.lnk - Shortcut.lnk
| MD5 | 9197e3c727eea8538be7f3490eea2430 |
| SHA1 | 764fd15c20bad754189692505fd176949b2dde17 |
| SHA256 | 2e0d78bf6f02f2bf1ffef3cc8b6046686d19ecb57c639a6d17b3b20305bf95c5 |
| SHA512 | 0a998d2da6587e8165867f77b6c02b3db53c5345d087ff740ac665146b7b5e8855046ffc1103abb7cb8ff95cd40608c20d9e1fff4b4059d66511f1bde8d44bf6 |
memory/4476-703-0x00000270E1F20000-0x00000270E1F30000-memory.dmp
memory/4476-687-0x00000270E1E20000-0x00000270E1E30000-memory.dmp
memory/4476-722-0x00000270DF290000-0x00000270DF292000-memory.dmp
memory/4056-729-0x000001F4F96D0000-0x000001F4F97D0000-memory.dmp
memory/1116-739-0x0000014AD5700000-0x0000014AD5800000-memory.dmp
memory/1116-747-0x0000014AE6300000-0x0000014AE6302000-memory.dmp
memory/1116-745-0x0000014AD5CE0000-0x0000014AD5CE2000-memory.dmp
memory/1116-743-0x0000014AD5CC0000-0x0000014AD5CC2000-memory.dmp
memory/1116-740-0x0000014AD5C90000-0x0000014AD5C92000-memory.dmp