Analysis Overview
SHA256
5303b0ca9cb27d649f528bef5f8f904ea1036f8f3833da3933e44f5c7109e099
Threat Level: Likely malicious
The file pretty.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Modifies file permissions
Reads user/profile data of web browsers
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
Creates scheduled task(s)
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Views/modifies file attributes
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Modifies Control Panel
Modifies registry key
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Delays execution with timeout.exe
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-08 17:44
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 17:44
Reported
2024-06-08 17:47
Platform
win10v2004-20240508-en
Max time kernel
151s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\Cake\\yae_wallpaper.jpg" | C:\Windows\system32\reg.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\cursors\\aero_working.ani" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\ = "Windows Default" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Accessibility\HighContrast | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Accessibility\HighContrast\High Contrast Scheme | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\No = "C:\\Windows\\cursors\\aero_unavail.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\NWPen = "C:\\Windows\\cursors\\aero_pen.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\SizeNWSE = "C:\\Windows\\cursors\\aero_nwse.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\SizeNESW = "C:\\Windows\\cursors\\aero_nesw.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\SizeAll = "C:\\Windows\\cursors\\aero_move.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\Help = "C:\\Windows\\cursors\\aero_helpsel.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\SizeNS = "C:\\Windows\\cursors\\aero_ns.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\IBeam | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\Hand = "C:\\Windows\\cursors\\aero_link.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\UpArrow = "C:\\Windows\\cursors\\aero_up.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Appearance | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Accessibility\HighContrast\Flags = "126" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\cursors\\aero_arrow.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\Scheme Source = "2" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\SizeWE = "C:\\Windows\\cursors\\aero_ew.cur" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\Crosshair | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Appearance\NewCurrent | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Accessibility\HighContrast\Previous High Contrast Scheme MUI Value | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Cursors\Wait = "C:\\Windows\\cursors\\aero_busy.ani" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Appearance\Current | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\UserPreferencesMask = 9e1e078012000000 | C:\Windows\system32\rundll32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "95" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623423097252104" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\pretty.exe
"C:\Users\Admin\AppData\Local\Temp\pretty.exe"
C:\Users\Admin\AppData\Local\Temp\pretty.exe
"C:\Users\Admin\AppData\Local\Temp\pretty.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ab89ab58,0x7ff8ab89ab68,0x7ff8ab89ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1828,i,10145888755236968771,12077481927674909010,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Cake'""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Cake'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn "pretty" /tr "C:\ProgramData\Cake\pretty.exe" /sc ONLOGON /rl HIGHEST /f"
C:\Windows\system32\schtasks.exe
schtasks /create /tn "pretty" /tr "C:\ProgramData\Cake\pretty.exe" /sc ONLOGON /rl HIGHEST /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ctt.ac/6qjil
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8af4a46f8,0x7ff8af4a4708,0x7ff8af4a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13923807149493085313,5525622593823919671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start "" "C:\Windows\Resources\Themes\aero.theme" & timeout /t 3 & taskkill /im "systemsettings.exe" /f"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\themecpl.dll,OpenThemeAction C:\Windows\Resources\Themes\aero.theme
C:\Windows\system32\timeout.exe
timeout /t 3
C:\Windows\system32\taskkill.exe
taskkill /im "systemsettings.exe" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v EnableTransparency /t REG_DWORD /d 0 /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v EnableTransparency /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v SystemUsesLightTheme /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v SystemUsesLightTheme /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v ColorPrevalence /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v ColorPrevalence /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent /v StartColorMenu /t REG_DWORD /d 0xff7878e7 /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent /v StartColorMenu /t REG_DWORD /d 0xff7878e7 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent /v AccentColorMenu /t REG_DWORD /d 0xff8e8eeb /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent /v AccentColorMenu /t REG_DWORD /d 0xff8e8eeb /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent /v AccentPalette /t REG_BINARY /d ce43aaffce43aaffce43aaffce43aaffce43aaffce43aaffce43aaffce43aa00 /f"
C:\Windows\system32\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Accent /v AccentPalette /t REG_BINARY /d ce43aaffce43aaffce43aaffce43aaffce43aaffce43aaffce43aaffce43aa00 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ActiveBorder /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ActiveBorder /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ActiveTitle /t REG_SZ /d "255 120 150" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ActiveTitle /t REG_SZ /d "255 120 150" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v AppWorkspace /t REG_SZ /d "255 180 200" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v AppWorkspace /t REG_SZ /d "255 180 200" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v Background /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v Background /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonAlternateFace /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonAlternateFace /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonDkShadow /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonDkShadow /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonFace /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonFace /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonHilight /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonHilight /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonLight /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonLight /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonShadow /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonShadow /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v ButtonText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v ButtonText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v GradientActiveTitle /t REG_SZ /d "255 120 150" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v GradientActiveTitle /t REG_SZ /d "255 120 150" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v GradientInactiveTitle /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v GradientInactiveTitle /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v GrayText /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v GrayText /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v Hilight /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v Hilight /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v HilightText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v HilightText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v HotTrackingColor /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v HotTrackingColor /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v InactiveBorder /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v InactiveBorder /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v InactiveTitle /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v InactiveTitle /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v InactiveTitleText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v InactiveTitleText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v InfoText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v InfoText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v InfoWindow /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v InfoWindow /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v Menu /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v Menu /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v MenuBar /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v MenuBar /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v MenuHilight /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v MenuHilight /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v MenuText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v MenuText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v Scrollbar /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v Scrollbar /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v TitleText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v TitleText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v Window /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v Window /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v WindowFrame /t REG_SZ /d "255 200 220" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v WindowFrame /t REG_SZ /d "255 200 220" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Colors" /v WindowText /t REG_SZ /d "255 255 255" /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Colors" /v WindowText /t REG_SZ /d "255 255 255" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoThemesTab /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoThemesTab /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add "HKCU\Control Panel\Desktop" /v WallPaper /t REG_SZ /d C:\ProgramData\Cake\yae_wallpaper.jpg /f"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v WallPaper /t REG_SZ /d C:\ProgramData\Cake\yae_wallpaper.jpg /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispAppearancePage /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispAppearancePage /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn pretty_lock /tr "C:\ProgramData\Cake\lock_file.bat" /ru "NT AUTHORITY\SYSTEM" /rl HIGHEST /sc ONLOGON"
C:\Windows\system32\schtasks.exe
schtasks /create /tn pretty_lock /tr "C:\ProgramData\Cake\lock_file.bat" /ru "NT AUTHORITY\SYSTEM" /rl HIGHEST /sc ONLOGON
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /run /tn pretty_lock"
C:\Windows\system32\schtasks.exe
schtasks /run /tn pretty_lock
C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\ProgramData\Cake\lock_file.bat"
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Cake\pretty.exe"
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData\Cake\pretty.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Cake\pretty.exe" /remove *S-1-5-32-545
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Cake\pretty.exe" /inheritance:r /grant:r *S-1-5-32-545:RX /deny *S-1-5-32-545:(de,WO,WDAC) /grant:r *S-1-5-32-544:RX /deny *S-1-5-32-544:(de,WO,WDAC)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /delete /tn pretty_lock /F"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn pretty_lock /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn ModifyIndexTask /tr "reg.exe add \"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pretty\" /v Index /d 0x0 /t REG_DWORD /f" /ru "NT AUTHORITY\SYSTEM" /rl highest /sc onlogon"
C:\Windows\system32\schtasks.exe
schtasks /create /tn ModifyIndexTask /tr "reg.exe add \"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pretty\" /v Index /d 0x0 /t REG_DWORD /f" /ru "NT AUTHORITY\SYSTEM" /rl highest /sc onlogon
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /run /tn ModifyIndexTask"
C:\Windows\system32\schtasks.exe
schtasks /run /tn ModifyIndexTask
C:\Windows\system32\reg.exe
reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pretty" /v Index /d 0x0 /t REG_DWORD /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /delete /tn ModifyIndexTask /F"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn ModifyIndexTask /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn pretty_lock /tr "C:\ProgramData\Cake\lock_file.bat" /ru "NT AUTHORITY\SYSTEM" /rl HIGHEST /sc ONLOGON"
C:\Windows\system32\schtasks.exe
schtasks /create /tn pretty_lock /tr "C:\ProgramData\Cake\lock_file.bat" /ru "NT AUTHORITY\SYSTEM" /rl HIGHEST /sc ONLOGON
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /run /tn pretty_lock"
C:\Windows\system32\schtasks.exe
schtasks /run /tn pretty_lock
C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\ProgramData\Cake\lock_file.bat"
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Cake\prettyhost.exe"
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData\Cake\prettyhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Cake\prettyhost.exe" /remove *S-1-5-32-545
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Cake\prettyhost.exe" /inheritance:r /grant:r *S-1-5-32-545:RX /deny *S-1-5-32-545:(de,WO,WDAC) /grant:r *S-1-5-32-544:RX /deny *S-1-5-32-544:(de,WO,WDAC)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /delete /tn pretty_lock /F"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn pretty_lock /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn pretty_lock /tr "C:\ProgramData\Cake\lock_file.bat" /ru "NT AUTHORITY\SYSTEM" /rl HIGHEST /sc ONLOGON"
C:\Windows\system32\schtasks.exe
schtasks /create /tn pretty_lock /tr "C:\ProgramData\Cake\lock_file.bat" /ru "NT AUTHORITY\SYSTEM" /rl HIGHEST /sc ONLOGON
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /run /tn pretty_lock"
C:\Windows\system32\schtasks.exe
schtasks /run /tn pretty_lock
C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\ProgramData\Cake\lock_file.bat"
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Cake\svcpretty.exe"
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData\Cake\svcpretty.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Cake\svcpretty.exe" /remove *S-1-5-32-545
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Cake\svcpretty.exe" /inheritance:r /grant:r *S-1-5-32-545:RX /deny *S-1-5-32-545:(de,WO,WDAC) /grant:r *S-1-5-32-544:RX /deny *S-1-5-32-544:(de,WO,WDAC)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /delete /tn pretty_lock /F"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn pretty_lock /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn "svcpretty" /tr "C:\ProgramData\Cake\prettyhost.exe" /sc ONLOGON /rl HIGHEST /f"
C:\Windows\system32\schtasks.exe
schtasks /create /tn "svcpretty" /tr "C:\ProgramData\Cake\prettyhost.exe" /sc ONLOGON /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn "prettyhost" /tr "C:\ProgramData\Cake\svcpretty.exe" /sc ONLOGON /rl HIGHEST /f"
C:\Windows\system32\schtasks.exe
schtasks /create /tn "prettyhost" /tr "C:\ProgramData\Cake\svcpretty.exe" /sc ONLOGON /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn ModifyIndexTask /tr "reg.exe add \"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svcpretty\" /v Index /d 0x0 /t REG_DWORD /f" /ru "NT AUTHORITY\SYSTEM" /rl highest /sc onlogon"
C:\Windows\system32\schtasks.exe
schtasks /create /tn ModifyIndexTask /tr "reg.exe add \"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svcpretty\" /v Index /d 0x0 /t REG_DWORD /f" /ru "NT AUTHORITY\SYSTEM" /rl highest /sc onlogon
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /run /tn ModifyIndexTask"
C:\Windows\system32\schtasks.exe
schtasks /run /tn ModifyIndexTask
C:\Windows\system32\reg.exe
reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svcpretty" /v Index /d 0x0 /t REG_DWORD /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /delete /tn ModifyIndexTask /F"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn ModifyIndexTask /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn ModifyIndexTask /tr "reg.exe add \"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\prettyhost\" /v Index /d 0x0 /t REG_DWORD /f" /ru "NT AUTHORITY\SYSTEM" /rl highest /sc onlogon"
C:\Windows\system32\schtasks.exe
schtasks /create /tn ModifyIndexTask /tr "reg.exe add \"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\prettyhost\" /v Index /d 0x0 /t REG_DWORD /f" /ru "NT AUTHORITY\SYSTEM" /rl highest /sc onlogon
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /run /tn ModifyIndexTask"
C:\Windows\system32\schtasks.exe
schtasks /run /tn ModifyIndexTask
C:\Windows\system32\reg.exe
reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\prettyhost" /v Index /d 0x0 /t REG_DWORD /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /delete /tn ModifyIndexTask /F"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn ModifyIndexTask /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown -l
C:\Windows\system32\shutdown.exe
shutdown -l
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38f6855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ctt.ac | udp |
| US | 134.209.68.5:443 | ctt.ac | tcp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| US | 8.8.8.8:53 | 5.68.209.134.in-addr.arpa | udp |
| US | 134.209.68.5:443 | clicktotweet.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| PL | 93.184.221.165:443 | t.co | tcp |
| GB | 199.232.56.159:443 | pbs.twimg.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| GB | 199.232.56.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | abs-0.twimg.com | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.43.131:443 | abs-0.twimg.com | tcp |
| US | 8.8.8.8:53 | 131.43.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| NL | 23.197.89.48:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 48.89.197.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI44762\setuptools-65.5.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\ucrtbase.dll
| MD5 | 0e0bac3d1dcc1833eae4e3e4cf83c4ef |
| SHA1 | 4189f4459c54e69c6d3155a82524bda7549a75a6 |
| SHA256 | 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae |
| SHA512 | a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\python310.dll
| MD5 | 63a1fa9259a35eaeac04174cecb90048 |
| SHA1 | 0dc0c91bcd6f69b80dcdd7e4020365dd7853885a |
| SHA256 | 14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed |
| SHA512 | 896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\base_library.zip
| MD5 | 483d9675ef53a13327e7dfc7d09f23fe |
| SHA1 | 2378f1db6292cd8dc4ad95763a42ad49aeb11337 |
| SHA256 | 70c28ec0770edefcef46fa27aaa08ba8dc22a31acd6f84cb0b99257dca1b629e |
| SHA512 | f905eb1817d7d4cc1f65e3a5a01bade761bca15c4a24af7097bc8f3f2b43b00e000d6ea23cd054c391d3fdc2f1114f2af43c8bb6d97c1a0ce747763260a864f5 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\python3.dll
| MD5 | fd4a39e7c1f7f07cf635145a2af0dc3a |
| SHA1 | 05292ba14acc978bb195818499a294028ab644bd |
| SHA256 | dc909eb798a23ba8ee9f8e3f307d97755bc0d2dc0cb342cedae81fbbad32a8a9 |
| SHA512 | 37d3218bc767c44e8197555d3fa18d5aad43a536cfe24ac17bf8a3084fb70bd4763ccfd16d2df405538b657f720871e0cd312dfeb7f592f3aac34d9d00d5a643 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_ctypes.pyd
| MD5 | 1635a0c5a72df5ae64072cbb0065aebe |
| SHA1 | c975865208b3369e71e3464bbcc87b65718b2b1f |
| SHA256 | 1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177 |
| SHA512 | 6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_lzma.pyd
| MD5 | 7447efd8d71e8a1929be0fac722b42dc |
| SHA1 | 6080c1b84c2dcbf03dcc2d95306615ff5fce49a6 |
| SHA256 | 60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be |
| SHA512 | c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\sqlite3.dll
| MD5 | 914925249a488bd62d16455d156bd30d |
| SHA1 | 7e66ba53f3512f81c9014d322fcb7dd895f62c55 |
| SHA256 | fbd8832b5bc7e5c9adcf7320c051a67ee1c33fd198105283058533d132785ab4 |
| SHA512 | 21a468929b15b76b313b32be65cfc50cad8f03c3b2e9bf11ca3b02c88a0482b7bc15646ce40df7fb42fbc96bd12362a54cffe0563c4ddc3fc78622622c699186 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\select.pyd
| MD5 | a653f35d05d2f6debc5d34daddd3dfa1 |
| SHA1 | 1a2ceec28ea44388f412420425665c3781af2435 |
| SHA256 | db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9 |
| SHA512 | 5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\pyexpat.pyd
| MD5 | 1118c1329f82ce9072d908cbd87e197c |
| SHA1 | c59382178fe695c2c5576dca47c96b6de4bbcffd |
| SHA256 | 4a2d59993bce76790c6d923af81bf404f8e2cb73552e320113663b14cf78748c |
| SHA512 | 29f1b74e96a95b0b777ef00448da8bd0844e2f1d8248788a284ec868ae098c774a694d234a00bd991b2d22c2372c34f762cdbd9ec523234861e39c0ca752dcaa |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\prettyhost.exe
| MD5 | d9a669c08cee8983292a42a13b95fd53 |
| SHA1 | 874899f70d9f0682a631ec5a9243fe9028a5d54e |
| SHA256 | 09e077c52dde9d278fd90db9aa045e064fe8bcdb70b2af6a6f50b82034ded3b5 |
| SHA512 | 5bd6ad8dded647dc357eebc22ff3b6b6846dfec3d26c54a1ab04d70545ae56009ae3e7712a5d8d408cfcd939f0184587fd05b9f1283077c2960e70f17503c2c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\pinkpfp.jpg
| MD5 | d9fcc67f6ea4e7f7719b1f7ae1b483e0 |
| SHA1 | ef9dbb3e1c31d1ab4c4c417c1b9b3d5df5be535f |
| SHA256 | 82205d551b09b0398c61521a3fd6f35a7bb7e6bb2a204feff2a962f0c9a9c841 |
| SHA512 | 01e75a4511283fb000bfc8af3303fcbc1a1be7aa94d85169054fbc770ccaf5e78c8053b41398e609f00fe55bfa91339eda536dacc2f833914bd9a4dc4e710ee0 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libssl-1_1.dll
| MD5 | bec0f86f9da765e2a02c9237259a7898 |
| SHA1 | 3caa604c3fff88e71f489977e4293a488fb5671c |
| SHA256 | d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd |
| SHA512 | ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libcrypto-1_1.dll
| MD5 | 9d7a0c99256c50afd5b0560ba2548930 |
| SHA1 | 76bd9f13597a46f5283aa35c30b53c21976d0824 |
| SHA256 | 9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939 |
| SHA512 | cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 57d3ee548db3a503ac391af798e0e2a2 |
| SHA1 | d686a96c5046d6d7a022c4266a5d0014745360a4 |
| SHA256 | 2c80280e51c242466e10a36a0bf2a341607983b6f6648f93b0718b34ab5285c5 |
| SHA512 | f3ea9c8f2f230d23bc878e37044599b2c77f0bf6dd84b07c2f87a84263fb9ac7f44732f05e14781b6046afb2a39f27135c96d2da2ab9605bd00e55d9b0fffb0b |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 816a8932759bdb478d4263cacbf972e3 |
| SHA1 | ac9f2bed41e340313501aa7d33dcd369748f0496 |
| SHA256 | ce9a8e18923d12e2f62ce2a20693113000fc361cc816773037c155c273b99e7c |
| SHA512 | 5144f01bee04455d5b9a7b07e62f4afb928605331213eb483265016640198c175dc08673903ed5bc16b385ee76657aa4303776233d04347d9d1daadce39525c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-string-l1-1-0.dll
| MD5 | f9297b9ff06295bc07b7e5281b1face0 |
| SHA1 | d0eb0fddbb3eb187df0f0e5f9ddffcfc2e05f9b7 |
| SHA256 | c56a2ee0cc6dc1e7283b9bda8b7b2dba957329cb4bc9aca4cd99f88e108f9c04 |
| SHA512 | bec6222776015996eba744698d3254945dfe4bb4dc0d85528ee59a0f3b5fc5bb054bbf496d562cfc7b4cc81b4d3df5c53761931162a0091a49386233afba4f9c |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 8341f0371e25b8077fe61c89a9ef8144 |
| SHA1 | fc185203e33abed12e1398440cb2ee283ca9541a |
| SHA256 | bd9a5d4554ef1a374257e8dd9436d89f686006ed1fd1cc44364b237bf5b795ff |
| SHA512 | 9c7e4e8d8e9e620f441ab5106820ec021d2b2323f44ed8cc8ec9673745dbc531347356f1ff195d63b62b09cc5c27e8f8641ce25be12ee9b700b5fc766337228b |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 364bc49cc7034f8a9981ade1ce565229 |
| SHA1 | fbd76c1842d1ccf563ece2db32fff4c71e7ca689 |
| SHA256 | 6254fd07ace88685112e3a7b73676aabf13a1b1bc30c55dd976b34fea12b7f1d |
| SHA512 | 65e59e3358eb1bf26823c9538c74d343e7383591c021d2b340ef68aa9a274d65b15b30bbbe55f4b32e3a08fc79d4e179a6ce92eadb8c4be09a2c35c348ce10af |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-process-l1-1-0.dll
| MD5 | e3914d51afd864a6c6587aa9192c491b |
| SHA1 | bae85701809bc259a8744aafa45cd7159e6c13f8 |
| SHA256 | 28257cc063431f78284335ce3002ffb71b75c1e7ccabf5417bb42392c35564b4 |
| SHA512 | 43b1445a80d309ec73d52d6cf68f4533a132fb55ab672e5e2a878bb42c1cb36d6e4c504d43fa4923e692c8be600f3f9d5a5edde80602636cb726eedfca23dfb8 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 0b057fa3a94c782da362d225c5974d12 |
| SHA1 | ca27a53ff2be1250e33045989e0fb515dfdfe3f3 |
| SHA256 | e1c519fef1622d35a05dd60e6464492f7b8ee6bbceee01563db82be66edb1346 |
| SHA512 | 2dc6ef4d2d1f1bc050cba52e1a96242468fa25372f216e399163bce2e5e17c4911e097106f5727db4379c9fb603091b32f1e818695b362596037d7a6f43e06c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-math-l1-1-0.dll
| MD5 | a592d1b2ecc42d1a083f0d34feae2444 |
| SHA1 | 29718af390f832626fcdcc57c107333cdb5743e1 |
| SHA256 | 18a827b01de7b1a3d5c8d17b79ad2462a90308124448a9b8c47eccda39c3a095 |
| SHA512 | 44bed6d24f1fa35b10d2b2b1574e7baf10182e60fdcb6cba5dd9de5cd7a5183198925e4fa5a7e2896564a30f7b70de69691713118d59bf5162ce35aff5bcf7a6 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 75f1a5f65790560d9544f3fb70efba51 |
| SHA1 | f30a5751901cfffc250be76e13a8b711ebc06bcc |
| SHA256 | e0e02ea6c17da186e25e352b78c80b1b3511b5c1590e5ba647b14a7b384af0f8 |
| SHA512 | b7e285ca35f6a8ae2ccbe21594d72152175301a02ad6b92fe130e1e226a0faad1bfad1bd49857401549c09b50feee2c42c23ca4c19b2845cad090f5b9e8e8f63 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 4b038cdc70357d2dec440717ac344a52 |
| SHA1 | f67ba87f6830858845a5763381a47893af061bf8 |
| SHA256 | 6a24e9cfb0efd9e1b90053d4ebd87fc35144e61ae3f6555c7d400542d648e2b5 |
| SHA512 | 9557f15fa3c06de89ea8be0c959b94575a1c4587151687730f9e66fed095feb882d43ea32262000f871e6d860ce0c6c341cf5509a6ce81866f6d0efacb8526fe |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 102a8c01049ef18cc6e8798a9e5d57f4 |
| SHA1 | 9adef547e03032d8c5525cc9c7d4512fbeb53948 |
| SHA256 | e13edab280e7b3410d7f4ce30a8e8cae64f38652d770fc3bf223206f0c57aaa5 |
| SHA512 | a9fbc726f33399f55f70967f3f1bf374589eaad9581d9e94228d39afa06cdce31ed25bdc04805aad361c7cafbeb56ca39f6693259d67457199d4423a61b32263 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | e41612752a7dfbbe756322cf48e106b9 |
| SHA1 | 0ec106e926c9837a43e1d7ec8d1a5f03edd5ec3d |
| SHA256 | 4bb9d36e0e034652f2331ddb43ee061608f436cbc9e5771b4d27b28fa10f5248 |
| SHA512 | 9bed9399e896d1cc58cc06e8d7ec6cc3345be6d15ca307c670e0f282c9ebe48a6cc1b145c2ecf94d84214cddff8f0d0d720ea984478c74c98e2499c2184638c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 87e2934e49d7d111f383673f97d5029e |
| SHA1 | 267603d5510b775de3667f7d92bfaa3bd60e6533 |
| SHA256 | fb9dd774b25ab8e661c922caffb976c37a4d10a631ab65665da60016ef0c4d7c |
| SHA512 | e6025ad419359ad3e06cc7a3b3b7436464dbbc71b91653833575264a5f8b0d781844a411bcd915d404b9a8c0a056eaf6d4d412723936845b53bfb5368bf5f7a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 9eb2c06decaae1a109a94886a26eec25 |
| SHA1 | 307ce096bee44f54a6d37aab1ef123fb423ed028 |
| SHA256 | da8fd2fe08a531d2331c1fbee9f4ae9015b64f24a2654a7f82418c86b4ab6909 |
| SHA512 | 7e701cb00a4cab8d5b3ecf55a16fef0103f9be1aa3fd7b53c7bab968708c21e8d1c763ad80a7a8d6c76dd45ddd244c9c9e8944455c2025b4195660b61ac1e8b7 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-util-l1-1-0.dll
| MD5 | f7fdc91ac711a9bb3391901957a25cea |
| SHA1 | 1cebc5497e15051249c951677b5b550a1770c24f |
| SHA256 | de47c1f924dc12e41d3a123b7dcce0260e7758b90fb95ec95c270fc116fc7599 |
| SHA512 | 0e03c998622d6bf113e8d3b4dab728974391efecf59df89f938bd22240488e71885c05fb0fa805948b3d9645758409a0966299b26625aa36e3fd6e519ee22769 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | b9a20c9223d3e3d3a0c359f001ce1046 |
| SHA1 | 9710b9a8c393ba00c254cf693c7c37990c447cc8 |
| SHA256 | 00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068 |
| SHA512 | a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | e4893842d031b98cac1c6f754a2a3f8d |
| SHA1 | 2b0187134e40d27553a85dd4ec89dd6c40e58a24 |
| SHA256 | abe4c1464b325365d38e0bc4ae729a17a7f6f7ba482935c66e6840e1b0d126c5 |
| SHA512 | fc61a66fdc7213857f204bd0b20671db7092e0010e07b5e0e8e8408ace8ac5b6e696a7d9fc969233b2b3ad5dae4d3b291b007ff27a316e7fb750bfc93257c532 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-synch-l1-2-0.dll
| MD5 | b962237df7ea045c325e7f97938097cb |
| SHA1 | 1115e0e13ecc177d057e3d1c9644ac4d108f780a |
| SHA256 | a24dd6afdb4c4aa450ae4bc6a2861a49032170661b9c1f30cd0460c5dc57e0f7 |
| SHA512 | 19ac4cccaaa59fbae042d03ba52d89f309bd2591b035f3ec3df430ff399d650fcf9c4d897834a520dea60dc0562a8a6f7d25a1fffcd32f765a4eaffe4c7d5ea2 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-synch-l1-1-0.dll
| MD5 | bccc676f2fb18c1a1864363e5a649a88 |
| SHA1 | a095a83a32a4a65fe16aa0be9a517239fac5db0d |
| SHA256 | 9d3f803dc791d2ff2e05059f9bb9207cc8f4134e1ac05f20edd20cfadd6e72c0 |
| SHA512 | 55aab9fa6f7c4904e4beea4ce250f45fb71c2dd6a6f099f4017101ebc45c0a6e303b6a222f49c971992cafe8988a042b7ef8e94671be858c926105021514737a |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-string-l1-1-0.dll
| MD5 | b65933f7bcadc7072d5a2d70ecba9f81 |
| SHA1 | c53561755b9f33d0ae7874b3a7d67bedcb0129d8 |
| SHA256 | eadf535795df58d4f52fc6237fe46feb0f8166daca5eaaa59cec3cee50a9181d |
| SHA512 | 4cbb8bda8609404fe84ca36a8cbfe1d69c55dee2b969231b2fa00ca9139d956196a2babbb80a1a2bb430a34e6bd335294f452bcbe9e44411561ebdf21e4aba91 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 0b30c6862b5224cc429fe2eb2b7bf14b |
| SHA1 | 5c3affa14e3bfdafe09e9841a2920b57c7fcbc56 |
| SHA256 | d9c6f93c4972db08c7888d55e8e59e8aba022d416817d65bc96e5a258c859b5f |
| SHA512 | b378f2a2812245ea948d81a925d041dbd7e7a8fb2770cf7dd47643da20f5c685c6121479f95b293177a9480290b17c49e7b4fc10d33734cf883d2c614daae1bf |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 1be729c6d9bf1b58f435b23e7f87ba49 |
| SHA1 | 4b2df3fab46a362ee46057c344995fa622e0672a |
| SHA256 | 4c425fbb8d2319d838733ab9cec63a576639192d993909e70cf84f49c107f785 |
| SHA512 | ceccc5ff2bd90a91cfbb948f979576795ff0a9503ddaafd268c14306f93d887975bd376b62ed688be51bb88b3a0c54ef332be93b4b0d8737b5ab70a661b11416 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 774aa9f9318880cb4ad3bf6f464da556 |
| SHA1 | 3a5c07cf35009c98eb033e1cbde1900135d1abf8 |
| SHA256 | ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346 |
| SHA512 | f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 73586decad3b3d90653750504b356a5c |
| SHA1 | 39a7ee1660ca1291314ef78150e397b1d8683e03 |
| SHA256 | 34f560c3e56f40db5df695c967b6e302e961085bc037bb9a1c2d2c866a9df48f |
| SHA512 | 9ec299e930d2b89ad379613f8fa63669ec7c858da8a24608b92175f42b0be75f8aa2e1727dabf7638ae9d2942d03840f288eab53f2c9f38dbea1325f1ea8b22b |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 4f1303827a67760d02feb54e9258edb1 |
| SHA1 | 340d7029c39708d14da79b12a0e2ed0a8bc7c020 |
| SHA256 | 77fc9adf1a734d9717700b038b98b4337a494fc4f7e1e706c82e97dbca896fd8 |
| SHA512 | 20f067d1c2749c709e4fc45da8d9eb5b813f54d0e09fa482d00bc4a7e5744c587d0afc00cdd5263b4223fe94baa3f8ca110d010339f9e3f1c6b2700888dbe3d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | d1bc9b3a7aa94d10c41fa16210aa9dba |
| SHA1 | a358b824b1f26ead420d2100e5f1a3fb74af2b7a |
| SHA256 | 75652caf05e86adc88ed214fd208b4a289489cac2b28fd358e302e2e7c3c338f |
| SHA512 | 149478dfca0165d5a68e89070017cda3400926284eaa2143a810138ff710079cde413c031721de5b58cb834f03d4c5df5b4bd6c2bdb65687755ad77cae778b30 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 064fb2e1b5e90796a68d1edf91269ad3 |
| SHA1 | 6e3a8c568f038879b7b102975a4471b2489f5493 |
| SHA256 | 3500935e638f7d0ae2bf564bf77f9329811329261185fcdb9cd702b999889ffd |
| SHA512 | 821f091529d45531811a73664473cebb372a310d855e1a4c1a028ad4dc7d36146d3030dcf10de8a4a4bf16fb535fe3d0d2e1fcd22959690842388abb177b0036 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 3589557535bba7641da3d76eefb0c73d |
| SHA1 | 6f63107c2212300c7cd1573059c08b43e5bd9b95 |
| SHA256 | 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6 |
| SHA512 | 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | d042aa497ce2a9f03296f8de68ed0680 |
| SHA1 | f483a343a18b960630ccf0e6de2f82883550f3bf |
| SHA256 | de3d2c5519f74a982f06f3f3fda085571c0cdcf5ad8d2d331c79d9c92062bdc3 |
| SHA512 | 4e157c8701860982ce0dec956fe4bfb684d2db3eaa9e784f179d385be905fd0551ba90cc27c54179fc39a693d9c742364f2bf1a5444424ba5eae38103b5f0e02 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 5872cb5ca3980697283aab9007196ae6 |
| SHA1 | 26e8de47d9bee371f6c7a47f206a131965b6b481 |
| SHA256 | 0dff50774693fcb71782b5e214419032a8c00b3031151d93be5c971b6f62cd45 |
| SHA512 | 9b3e2fa9f66d29bfc7a4ca5d673b395bcda223a85fd06c94a11217047c1a312148c9c6270d7f69dfef06b25f8b5ad46717a829bde55f540c804a4ba4c4af070c |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-heap-l1-1-0.dll
| MD5 | a8b967b65232ecce7261eaecf39e7d6d |
| SHA1 | df0792b29c19d46a93291c88a497151a0ba4366d |
| SHA256 | 8fcc9a97a8ad3be9a8d0ce6bb502284dd145ebbe587b42cdeaa4262279517c1d |
| SHA512 | b8116208eb646ec1c103f78c768c848eb9d8d7202ebdab4acb58686e6f0706f0d6aaa884e11065d7ece63ebbd452f35b1422bd79e6eb2405fb1892758195ccbb |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 567ff20a8d330cbb3278d3360c8d56f5 |
| SHA1 | cdf0cfc650da3a1b57dc3ef982a317d37ffb974d |
| SHA256 | 47dfbe1ecc8abc002bd52dcd5281ed7378d457789be4cb1e9bee369150d7f5c8 |
| SHA512 | 1643e900f13509f0ef9c7b7f8f2401fb3b6f2c0c39b512c623615df92b1e69df042ef1a0c6aace82173ce5d4d3c672c1636d6ee05545ce5c3b7374ab745e0e87 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-file-l2-1-0.dll
| MD5 | bfffa7117fd9b1622c66d949bac3f1d7 |
| SHA1 | 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2 |
| SHA256 | 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e |
| SHA512 | b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-file-l1-2-0.dll
| MD5 | 2b36752a5157359da1c0e646ee9bec45 |
| SHA1 | 708aeb7e945c9c709109cea359cb31bd7ac64889 |
| SHA256 | 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc |
| SHA512 | fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-file-l1-1-0.dll
| MD5 | abf9850eb219be4976a94144a9eba057 |
| SHA1 | 3d8c37588b36296240934b2f63a1b135a52fcee2 |
| SHA256 | 41c5c577fea3ce13d5beb64ce0920f1061f65bcf39eafa8cd3dfc09ff48bcf76 |
| SHA512 | dfaafb43ce7f05b2db35eac10b314fb506c6aada80f6c4327b09ec33c170478ebd0eea19f1c6ca2e4832bfa41f769046deca8f15d54b7966134d166ee6036bda |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 98340ffd2b1d8affef27d4b1260aeac5 |
| SHA1 | b428b39aa814a7038a1ddff9b64b935f51833a26 |
| SHA256 | 7388a019922e9a0a3d05a8605a5307e3141b39f7d57b7faca5d34e72adfd5fa5 |
| SHA512 | 6165c5be0360d55403e9dfd4e9df4ff9a12e5fb6057ed9278da09e688751487e46d9dd64949375c00764cbb4355cc13a1ea714055050f2ab7d432977b8443f81 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-debug-l1-1-0.dll
| MD5 | a00ebd3cf88d668be6d62a25fa4fb525 |
| SHA1 | edb07eafd08991611389293e2be80f8ee98f1e62 |
| SHA256 | b44646453584305d4edf8ab5f5d1adea6b9650bd2b75f8486fc275be52b86433 |
| SHA512 | d63f0e9f2e079ee06aa3ab96a0bd2d169564896027b731ee2597327bdc55456c5fd0c2d8c7e68165fc80bbc3fe0c24a3388d4c3615f33fc9f9fc0b205ae9ba7a |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | 3095c9577395249e105410bdcc585f77 |
| SHA1 | 7dfc0c81f8f28cbf36c5acdb83523569b430b944 |
| SHA256 | c08be448195f46c4b423d0ce0c2cdc343e842ff1f91b16a8d3c09d5152150917 |
| SHA512 | 555568fc23ade238bcc13a447520d395546def4409a002d795dd3abea03b15321491bc63c97f4ed8eb78aa411a0b1267dce5c528e51dcac8ca9e93b8f5265786 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\api-ms-win-core-console-l1-1-0.dll
| MD5 | a148dc22ea14cd5578de22b2dfb0917f |
| SHA1 | eaccb66f62e5b6d7154798e596eabd3cef00b982 |
| SHA256 | 7603e172853a9711fbdc53b080432ad12984b463768dbc3aa842a26f5b26ae23 |
| SHA512 | 4e3c927692fc41889b596273aea8bbd776cf7644dae26c411c12bda23cd3299a5c9adc06a930294310f002de74592a244767378fc9e37ec76e86bfa23f4c0478 |
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_bz2.pyd
| MD5 | 86d1b2a9070cd7d52124126a357ff067 |
| SHA1 | 18e30446fe51ced706f62c3544a8c8fdc08de503 |
| SHA256 | 62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e |
| SHA512 | 7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a26c4a248bc2887f252f7e5740662db5 |
| SHA1 | 92e2f4ab7eb17f9f684d06fe3b9c1b1b6f7cde4f |
| SHA256 | c43ff408399c613933c6191d6fece1923f1e2a1d3177427cc8df3fafb635281c |
| SHA512 | 80466940c133b4fa347695974dccbee3c791e7e7d77f5362dbf142743fa98a3a234a4d50293e590e4bff44822c61da796f73cf6b7dd9fbb3eaef46e40f5cd29c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa211cd58d56dc340615c838912f7261 |
| SHA1 | 8ab3d5d0dda7ce72215ad0ce8a79ee349f02b794 |
| SHA256 | 8bcb14524149c7938475331f50687c113cad11421541ba7b1264e20623e37dc0 |
| SHA512 | 4c6dc29503ff24b1dcb5e8a0b5e5cb08e43094edcf041f403d9ccb1423610b613a030c811d38b813f10dffa25fbec0c0d2cd8ea2459effeea22ed066d14b93e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 265b1c7dca748c8fd3462e8134fd5c24 |
| SHA1 | 0e36e1e660035377ffc8d90f335c3115507dccf8 |
| SHA256 | 9426815c8d021a5a212ea0b7430539c633c9f03c5213951d25a884df0b43555d |
| SHA512 | 32ccc47736afc673d979fb00c80b2860abe001969bfe5cbdcda443a8a561b23a97ceff20b312e72285f7a9d441258ede37bcfa4cf8b2e1f2699f67b6962537ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3f49d6ceadbc15a482ee65a9d210faa3 |
| SHA1 | dc0d951985e51f8934fd3be01e9ce24f2c492173 |
| SHA256 | 748bfac69cd6c30c27dbc873325f28edcec98d820128cfebcfa4c7bb01198f5b |
| SHA512 | fbe9b00a82395c15207b90ef8383c97fc5f5655979889b17f9f60ca1d2e12c73331e95fd3c76a6aee9185bdf580c4e02586b088e31d9889529cafb5c8a57adf6 |
memory/4412-1246-0x000001C23A280000-0x000001C23A2A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2top3lip.phy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d3a22bdf22f872db99142b841461b72 |
| SHA1 | 0c0fb0c0173ee5af95fbcb229003fab3fe604b17 |
| SHA256 | 909b30ce4434f77c42d515455a69935d27825f2c737e10bb0674d940915d7efe |
| SHA512 | cfc894edd1d61daf2f6db26a51b78b7c6fad7c04c84fc6b4ae2b63e67de2ce23f19c3c7b59d9ca8f5f7965d96908dbda91896f17fb6b53f24d2c318ffd241ca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c61e7b42043154e5558cbd481f0b1862 |
| SHA1 | 536f19df8e2b602ef8aa4461cda60e9a0094cf51 |
| SHA256 | a3ee64338d80f4c3e5d5d41bb95d48ddd16a69d197538914bb30ef46aefa7194 |
| SHA512 | 6699bf541263dc5cccae3a51c6c926f71ee0ac4a36c651d6411d3c3c6eeab70bd9f650400be146af99f72552ebcdaef1ec022586703398140dd4caa77d56a163 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8b164b123749d3153494333a3c98daf |
| SHA1 | 3e9ef15ad02b8858dba487218f0dcef87dfa90de |
| SHA256 | f0a938f05cbbabd99cf3107a43a5029c27343785358fb2be4a558a075318046c |
| SHA512 | 63e70dce6f8b231d0c2bca2370d09c13782f3dafa94cabadeaed41fa12223a8db642fbdb3413456f843d04cc5a1ed8d1716fe82db12f97c3cdd13b70f1642fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0efc149cd369695beb4acd930d4838a8 |
| SHA1 | 4bf076a960e3053beb286a8db4b76a416fb0d68e |
| SHA256 | 071f1bf3fde21b41d618f1f0551a1ff501a5cc401a1897eb4629e5285854d015 |
| SHA512 | 4e5fc6c841fd672ff113fccd3149e0edb037e05a6f1d79c269d63eac3d8949fc5d1c1643b042a39191c0b1f692e28ad727894f0d127678d725d2fab542d3e387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f1dc88509c04db9bbc44397c5667395 |
| SHA1 | 7c6ea4c2baf2f6ae78f6215bd51c5b877cadc430 |
| SHA256 | 7e30fbc05468eb2b0b92fc025dbd8e4a9851a6c627c4b6f212be3c0d7508761c |
| SHA512 | c768557157fce1de1c04dab993bbe87d8db30739e224d2f2108901fa1b4217fd033f151e2e885ca7db6710ef1173cf61443eb150bdb30947c3dba3af9b0b85f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fe3632e189d1dedb6290aa5ab30e0695 |
| SHA1 | 0c8eb5211f65719646e17a7048dbd54057f22136 |
| SHA256 | 661058aa8a7c22e0e9d54368abeba28eaa20311db5d54876c63ae75612155603 |
| SHA512 | 8cf9d4d8addc868ca03d61e00992c4bc9d83f0f4d2b77b4312db11345428654e715b4df14773269114112b01c8be6ce8845946d481c251b0d0b9acd0d3dbcab4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2617e3e9-549d-487b-ae17-8d54dc1701b3.tmp
| MD5 | e95a2da6b9d01c1a18de48c1c2e282de |
| SHA1 | 1a7de60eb839d4e14b6cdf0eb8eff1702ea3d019 |
| SHA256 | 68d5cb4fca2304194de9f2cb37b8a349c3248623ee2e80f44595ec11861b18e9 |
| SHA512 | 5d0b3251022b0b2ae9c802c053233241d3c36bcc62d8c0daef9b1d7f2b0b9230f2a01b2e805d334871c0a955a1a0546f551de598866f191db1a6a7baedbf7014 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | bec23747f5a4221c5225cc194b949ee3 |
| SHA1 | 3a92c68de213e5eac3069031d152a2bb58125746 |
| SHA256 | 5138c0270a6d30ffb08dd445b89f272fb3a0eec7a485f08ce9a56b3bcc4c69b0 |
| SHA512 | 438cff54f250a955b028c33b81f1918c4afbf7c75489bf65bb900f921f5dbaf412b333699d8adda0e380051c31ccd2905ec37439a7b4e348e19b34795aaa9a24 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 063b9c5e98a321d54095fb9623c14b05 |
| SHA1 | eaf03323240f753ec4f6936efcceba03e035f13b |
| SHA256 | 7a4f53476244d7cda5a5ed79b4801977cd85956a2431d1881f14685a05238bb3 |
| SHA512 | babea8bd16bc28bb29cc2b629905032f8fe19ceda6a5d955caab690c8b63bd8ee49f57180b935d25b1aa243167dfd15eefd3fed422083d1a81b626b06e71b3c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bd8ec2a5c6a31dda0dc2ff4c9ecb1c89 |
| SHA1 | 6e85d0ac477e295c13eb0f8be62226473ca18618 |
| SHA256 | 742af1f5fc9d5773406bc1be670bd9e5588e594f9036cf1b8f2cfa9274219cd7 |
| SHA512 | 0b5dc9a68256b6f464b3d790586ff99bfb2620aa3a14c97a1c76c9744e6446802d6ada1f0a621b9a43f40eef997d963ac80af1d09d7a78a6c05942d591fc3b46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8083579175b466ea9e499acaed76659b |
| SHA1 | 63aabaac210b4b03ae683afb672f3a43c6311e5d |
| SHA256 | 1052c232b36ca3b043026307fd9fcf9d049074a1fbdbe7ae16ebc1da7f38ff2c |
| SHA512 | bf76059e4dce432927189fddd7d5f275f666eb9f1b0bed8af7077ef0a943981562218b09548c2c5e5612cef5fa428c14cba31f55a046b4f98664f4af4ca99a8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 245d07bf11e951d0edf23da3cb579ca7 |
| SHA1 | 8dc9356d0bc8f959b02fe2951f8e465af2198a85 |
| SHA256 | 09cab594c6ec5e19201c33095dd6c3ba34d30e748157950180e95a941f56431f |
| SHA512 | 75e748be7c8742306fcbf294a641cc933777a52f92b3d0dfa76eef29f73417f8c42e28c9ad3a91f8d4d6fce1da4a94d5a85689d546cce9e4ee37a75d93ee7088 |