Analysis Overview
Threat Level: Known bad
The file https://google.com was found to be: Known bad.
Malicious Activity Summary
Amadey
Vidar
xmrig
Stealc
Detect Vidar Stealer
XMRig Miner payload
Downloads MZ/PE file
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Executes dropped EXE
Checks computer location settings
UPX packed file
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Delays execution with timeout.exe
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-17 13:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 13:37
Reported
2024-06-17 13:42
Platform
win10v2004-20240611-en
Max time kernel
299s
Max time network
302s
Command Line
Signatures
Amadey
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dcom.au3 | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe | N/A |
| N/A | N/A | C:\ProgramData\GCBKECAKFB.exe | N/A |
| N/A | N/A | C:\ProgramData\FBAAAKFCAF.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dcom.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dcom.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dcom.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dcom.au3 | N/A |
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | dpaste.org | N/A | N/A |
| N/A | dpaste.org | N/A | N/A |
| N/A | dpaste.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 544 set thread context of 5924 | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 5212 set thread context of 2844 | N/A | C:\ProgramData\GCBKECAKFB.exe | C:\Windows\SysWOW64\ftp.exe |
| PID 5544 set thread context of 5004 | N/A | C:\ProgramData\FBAAAKFCAF.exe | C:\Windows\SysWOW64\ftp.exe |
| PID 5004 set thread context of 2968 | N/A | C:\Windows\SysWOW64\ftp.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe |
| PID 2968 set thread context of 5276 | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
| PID 6092 set thread context of 408 | N/A | C:\Users\Admin\AppData\Roaming\help\fxcloud.exe | C:\Windows\SysWOW64\ftp.exe |
| PID 408 set thread context of 4796 | N/A | C:\Windows\SysWOW64\ftp.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\TWI Cloud Host.job | C:\Windows\SysWOW64\ftp.exe | N/A |
| File created | C:\Windows\Tasks\Watcher Com SH.job | C:\Windows\SysWOW64\ftp.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\dcom.au3 | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631050820426489" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\ProgramData\FBAAAKFCAF.exe | N/A |
| N/A | N/A | C:\ProgramData\GCBKECAKFB.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\help\fxcloud.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb922cab58,0x7ffb922cab68,0x7ffb922cab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3984,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4884 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4992 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3296 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4344 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4512 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4932 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5020 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4648 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5256 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4528 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3904 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2296 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4e4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\" -spe -an -ai#7zMap32123:124:7zEvent26890
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\" -spe -an -ai#7zMap25072:188:7zEvent30846
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe
"C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\defenseman.pdf"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=778F35DCEA4B462CEDEEA6A49C7217F9 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EBB39F1126A3C625E9E884B6E38560F0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EBB39F1126A3C625E9E884B6E38560F0 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A8152BEA38EEE401CA93965595DFAD3 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ED10155900E4A682A0CEC5C5B2C276A1 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2DBD0CD6A4211BE62EA127FC402AB3F7 --mojo-platform-channel-handle=2464 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Users\Admin\AppData\Local\Temp\dcom.au3
C:\Users\Admin\AppData\Local\Temp\dcom.au3
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe
"C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe"
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe
"C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=3124,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=3136 /prefetch:3
C:\ProgramData\GCBKECAKFB.exe
"C:\ProgramData\GCBKECAKFB.exe"
C:\ProgramData\FBAAAKFCAF.exe
"C:\ProgramData\FBAAAKFCAF.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4076 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\CGIDAAAKJJDB" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe -a rx/0 --url=65.109.127.181:3333 -u PLAYA -p PLAYA -R --variant=-1 --max-cpu-usage=70 --donate-level=1 -opencl
C:\Users\Admin\AppData\Roaming\help\fxcloud.exe
C:\Users\Admin\AppData\Roaming\help\fxcloud.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\updater.ini
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1472 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5280 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3216 --field-trial-handle=1892,i,5268907213514656719,1959934003134106207,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | pcfullcrack.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | pcfullcrack.org | udp |
| NL | 80.89.239.48:443 | pcfullcrack.org | tcp |
| NL | 80.89.239.48:443 | pcfullcrack.org | tcp |
| US | 8.8.8.8:53 | c0.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| NL | 80.89.239.48:443 | pcfullcrack.org | tcp |
| NL | 80.89.239.48:443 | pcfullcrack.org | tcp |
| NL | 80.89.239.48:443 | pcfullcrack.org | tcp |
| NL | 80.89.239.48:443 | pcfullcrack.org | tcp |
| US | 8.8.8.8:53 | cdn.ethers.io | udp |
| US | 192.0.77.37:443 | c0.wp.com | tcp |
| US | 192.0.77.37:443 | c0.wp.com | tcp |
| US | 192.0.77.37:443 | c0.wp.com | tcp |
| US | 192.0.77.37:443 | c0.wp.com | tcp |
| US | 192.0.77.37:443 | c0.wp.com | tcp |
| US | 192.0.77.37:443 | c0.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| GB | 18.244.114.55:443 | cdn.ethers.io | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 172.67.39.148:443 | static.addtoany.com | udp |
| US | 172.67.39.148:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | bsc-dataseed1.binance.org | udp |
| US | 8.8.8.8:53 | 48.239.89.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.39.67.172.in-addr.arpa | udp |
| US | 52.223.34.155:443 | bsc-dataseed1.binance.org | tcp |
| US | 8.8.8.8:53 | cococuy8.xyz | udp |
| US | 172.67.182.149:443 | cococuy8.xyz | tcp |
| US | 8.8.8.8:53 | 155.34.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.182.67.172.in-addr.arpa | udp |
| US | 192.0.77.37:443 | c0.wp.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 172.67.182.149:443 | cococuy8.xyz | udp |
| US | 8.8.8.8:53 | temler.click | udp |
| US | 188.114.97.2:443 | temler.click | tcp |
| US | 188.114.97.2:443 | temler.click | tcp |
| US | 8.8.8.8:53 | onstriatex.click | udp |
| US | 104.21.73.190:80 | onstriatex.click | tcp |
| US | 104.21.73.190:80 | onstriatex.click | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpaste.org | udp |
| US | 172.67.210.192:443 | dpaste.org | tcp |
| US | 172.67.210.192:443 | dpaste.org | tcp |
| US | 8.8.8.8:53 | 190.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs240n100.userstorage.mega.co.nz | udp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.10:443 | gfs240n100.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 10.89.30.69.in-addr.arpa | udp |
| NL | 52.111.243.30:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | poocoin.online | udp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 137.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 8.8.8.8:53 | businessdownloads.ltd | udp |
| US | 172.67.212.123:443 | businessdownloads.ltd | tcp |
| US | 8.8.8.8:53 | 3.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.212.67.172.in-addr.arpa | udp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 104.21.63.137:443 | poocoin.online | tcp |
| FI | 135.181.22.88:80 | 135.181.22.88 | tcp |
| US | 8.8.8.8:53 | 88.22.181.135.in-addr.arpa | udp |
| FI | 65.109.127.181:3333 | tcp | |
| US | 8.8.8.8:53 | proresupdate.com | udp |
| US | 45.152.112.146:80 | proresupdate.com | tcp |
| US | 8.8.8.8:53 | 146.112.152.45.in-addr.arpa | udp |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | 68.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.advancedinstaller.com | udp |
| US | 44.207.183.174:443 | www.advancedinstaller.com | tcp |
| US | 44.207.183.174:443 | www.advancedinstaller.com | tcp |
| US | 8.8.8.8:53 | 174.183.207.44.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1992_OABCJHLPHILLKFNR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e0e054475fc18f61ed5c68ec6d2924f |
| SHA1 | 141a87d6b996494470a9fb4a7734893ee1d05fd6 |
| SHA256 | 9a087436d7ee7e77b6595ef9cfcb9b7e243090f5bd7c444283ab0b9b202ee242 |
| SHA512 | 7d869154c80bfc71edae6407b2760025fe8abc1d0258070f254b1f752c533ab81285c5c5de676d5cc8d5fa359cd2ba6492df2244c499b8478c3e2799122f3445 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40ffea8b9b797bd9d2828bc6cb109a79 |
| SHA1 | 814d43896b8504f3bc3f92409b019b6e0619a11f |
| SHA256 | 3546f51d3d67aa123d2401c77a316fab1fc7f070baebda91d2e5917bf63de367 |
| SHA512 | ceb6ea91ba799e87e1600aa5093ea9cfb9a15ad6d05fd2798fa0eb4c858f21a836a4302127ce087c6978511823b3c84ef25fe7e29f88c67764cdede49a58267a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e9222da7e724322b65b9087bc002ae43 |
| SHA1 | a70deefa40a479dff1c0a41dd01f4159d6ed2101 |
| SHA256 | c10f28c61fe891d0db7f218b3bba093b28799a22f98a87ff955b90a316ca5fa9 |
| SHA512 | af2b9000ee60aae285ed5b555cb7616577458493248825639a87bb4b3dd6d5d184f90efe4685ba7331053dd98bf0102f5eebf61db800b5a2446799c381129f8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 01a48296011a85c08776ef4a4c606dbb |
| SHA1 | 7fbedb36d78f1e38953308538e3e80710c40a638 |
| SHA256 | b469a76114cc396018938cd1d4fa08b598d2b879c7d87e7f17bb6af31d2c5034 |
| SHA512 | 2a22bc5928306e8422ddaaca485fc917a95952428717eaf7de5e1222ed478ec44ec6b4ea444a6137d98ba5384f6b08f65d1fe8d176a72ae29c8b27cb96f5a74f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03248f7c3e5eb257a5b2fb5c1fea7b0c |
| SHA1 | 0b1735409bf89fd6b5f67efad5c4aaeb60062d27 |
| SHA256 | 9bd9353a1f67ea717a01643e3d0aa8c258a1875a507c1efc317e231ed7cc3931 |
| SHA512 | e6468a0656a32e838d7e4854738565ca4368c595ac2386fe3eaeac6f507ad0173029033e5de76b8c32f2e67f687487fdf4da249d8f40bbf610cda95898057c93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5da937cab73e4d5cc9f4218bc2d7822b |
| SHA1 | 26875b8e5c6f531181a9061c7c2bdc0e1d973509 |
| SHA256 | cd177c4da716a5a5fa0e2e9b71ce8a52032e2283444290e2c52f88d7d2c33ef7 |
| SHA512 | b356648ad8c3cfcf59ce7e7272216fbb9daba1d4379c44079c7abf96920d90775defd73f6607f8ab3d06e9897ca9a51eb8c019c5ad23770342c6fbc0cf03fa6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61aeda1c4276f4af1502da60faa73edc |
| SHA1 | 644bbaf888e61bd383f36d1f1441d255aa141ce6 |
| SHA256 | 60bfea294ebddde97cf47536ea22113c4be78dbcc30b9465590a0809d2b49a24 |
| SHA512 | 1176be4fcf998fc21a771356c81de1b7f5bcb673cdbc62a7af55a3f2cc8c21c8b93cccfbd26e6159d25726b6372cfdd0d7108d229b280104327b16575ba86b5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c733cfb197c36ae3e418767fd815ddfa |
| SHA1 | 8e659dc18d99ca227dd5963590543c1f477d2ccb |
| SHA256 | 59f2bb026866ffa5db724aa86af64db60a2c929b9fc7cf5ffc12ced9fe27c689 |
| SHA512 | 65584e1a754a5e31fbd51160b4d9f887abc35f44bd8a8e4a3855cce273f823c87c04c370cc830e00f85258950dd0c8006f72ac1ab0c3f1ee896e987fe647e3e9 |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$.zip
| MD5 | 3276c5557002eb2d0f35e5d27b22bd48 |
| SHA1 | 9f8499c4eb7f8aa7c3a4aeb7f07beb8e4c257424 |
| SHA256 | b1d63e9790b11446d970690b713b55923288c68e3288202c3c3df3a4b9e76611 |
| SHA512 | 1fbfe219d9533fcdbb3bd831b8e073639998061005f173bcc06d7f53b21d60ef58f7669ac4cb22947ae641ff32bc6d571fb9d182b256c3c30d2c17722f841d4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df55fe47f4306c9f01d147ee3e63b527 |
| SHA1 | 5222cb739420691d245ff32378c99ceb402324da |
| SHA256 | 250d0f1f966659c7b9142349458b608f599a2f391f33721dfafbd8b4e7209fbd |
| SHA512 | ace240d9c96eed67cf9eb23549796978739f1e80a26c3e090f591385698c50a29938fa7d4c627cedb1cc53e94d05c804e7a18f3eba85877945efb4fef529ab7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9ae4c9a9de3bc471adc82b52a8f62486 |
| SHA1 | 0eba5fabc4acb7463b6c745b1d7a4ea7b0238412 |
| SHA256 | 117cd651b1b93668290fbfd7c11440858605741a3d264f89595debdde4275a03 |
| SHA512 | c010bac1cc2beffceacaa8f7d92f89453448ffa641e1799da941ee45bfc7b6c98100bfa3c39c233b950d2f863c570a81c561451da86a9db91afcd8c6d5997d9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589361.TMP
| MD5 | 3c3f592e7b51b40f858fc017e840dac5 |
| SHA1 | 1e15eac638eed0d1b3a6df84ed58213cd77b6606 |
| SHA256 | d7bf92ead27b053f4eeb01012ac57fb0bac451063020620a4564da5acbdd0cb4 |
| SHA512 | 807d14b7b20978ee892868488d267baa8e5e1b99c7c82bbcdb6ddb35d3d2b43c427dc1893ca25d73b31894bf4aa2de67e1063ceee51919f5d0c3fe812fdfdebe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | cd7f340ddc6e5073941cad73fe34a443 |
| SHA1 | 47fb1a3d55aacd6c3c263dfdd29334dc77b6b84c |
| SHA256 | 2dc0c9312dbfb3616dd84835aecb818557e3377f5a4e276c7bb9cd9aa11c4e03 |
| SHA512 | c14f55ed61aa9ba08f19f56c521b8d3c399c037cfcdefa61e2461040f8f9708d9acb58607eb6077e57b81d24726e2349584470fbe46fe48a5519211d2ab2916f |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$.rar
| MD5 | 6b24fd9993bf62f394d4f4ab99fe5aee |
| SHA1 | 40e801114813b9f8d32ad7052ad71d4073ff56cd |
| SHA256 | b33e0233338c12ae421beaa01892eca8c3ee5cad513335e72c5a320261a1f89a |
| SHA512 | 17946119ea542ef3377455a96d3c90f72a548e820750621ec64283578124327a425af277cbfc60dfa4571c318aa2e88f13b6367a91e7640960b3be4c9f5241a8 |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\Setup.exe
| MD5 | ae697c5f8ef74fbe8daf09358afd9324 |
| SHA1 | 8e18a9ee76df13daa5cfaf079872c77a25f15338 |
| SHA256 | 4fc64e114f80ce755040ac2891bd1fab0492a831177491f3fe1382adf94030f9 |
| SHA512 | 6f2bdd0c9d746218ab8c215e7d9fe1acaaf39763077eaf1a03754acb4d8ccfd518b052d98675ebf0233bbd3aa87ceffe1ffcdc14219b0a6f308d84a978a5f23a |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\MediaInfo_i386.dll
| MD5 | 2ddd77649ac05573776dc4a27d4fb598 |
| SHA1 | 714e151efc0e4969e046331724ddfb9e42c9d9a4 |
| SHA256 | b4c0b0770533bb976736abd105565e5bbb480dc3ce711263af3d31de07fc8946 |
| SHA512 | e55fb097925ffb2cad2c6a681a517d2dd894d595b6aca44d437575de1cdfd33f7b3693d1b7810250ec42d181a8a3cdcc97cab5c42a83eab6ba62b2d73037d97c |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\forehand.gz
| MD5 | 94e790448ae63899557111d712cbc504 |
| SHA1 | 52194d57885b43133369a52e08529e333ba481ca |
| SHA256 | 0c66300068c1befacf6f3f1bdf46567e5cc9e41401955ccc2b08350118d43347 |
| SHA512 | 864e4c1f1f481c8089c7f353ea00df91fb4f40c4b86ecfe4fbc86aca560f3d9c6cea5380ec83900b4a741efc2729cbbc01ce78e8e6082fc710f6b23cc1e0fbce |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\defenseman.pdf
| MD5 | 75f07e7e1bca4a032ced80b89f53453a |
| SHA1 | ef103f876163b13de9659489bf4ee845540e5c5b |
| SHA256 | 591d52b70a39c2aab3342af8f37f71f77786c1802f3e233f90cdaad3dd722e08 |
| SHA512 | d62940637c73ee978f9780b0b1fe3c8c63f7e00a74726d9a2dc8792ff4dd76e1941732066fa704c4500afcac914d9e7a2797b68f3cee217e4bea88ce61b93d48 |
memory/544-443-0x00000000727D0000-0x000000007294B000-memory.dmp
memory/544-444-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
memory/544-457-0x00000000727D0000-0x000000007294B000-memory.dmp
memory/544-459-0x0000000000400000-0x000000000099A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\f35722fc
| MD5 | 551aebf23aa98c81c0111c5f0dd9b8f0 |
| SHA1 | 039c1b598b9dbe817845f007c06640428988ee6b |
| SHA256 | 542b867a8c16cd18dbb619c52a2c7c335640f63bfe8cc14d23b71047d96ec974 |
| SHA512 | 79ec65641c89256394fbf3bcd3763403a7a8a87dabc86f9cda1f5cac65a85c4b5b6f7771449d2d15498c4ef70b46d6f56bceac88e70feea2009d2f539cbb9c33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0793b193a1d7e2198020093006bad616 |
| SHA1 | 32b5c381aa882a31586172d43ee9fb6d78d997ed |
| SHA256 | 9db41343e8374cef48aab6bcbfdea66f9346c0e364f1f2adb6242557347f83e5 |
| SHA512 | 32e48b1a91e12b387d0d6858c0d94fa54df5a4a05e754b22722d8578db32880c5165ed5b94afc5111bf622110bbe2e282f0028259883ca924d210fe74df4ad1f |
memory/5924-489-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\VSLauncher_[0MB]_[1].exe
| MD5 | 7a7bb3b0e57e4fb32c57b74e78e657ad |
| SHA1 | f1dee943b1b6238b1466d83325c4099d189cd4b5 |
| SHA256 | 87048cff2227d2901314760618d23917cfbc5cc15fc22dc355e803c5ee5fb211 |
| SHA512 | ef0c9985b640189ed9991b301cfbf9771df961e1bf67bf68c5833667db53977c9745bcfb42e059d8bb5bcd7a88253a715d86f65612dccc33514ccda3baaf24c2 |
C:\Users\Admin\AppData\Local\Temp\dcom.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/1588-512-0x0000000001600000-0x0000000001D4C000-memory.dmp
memory/1588-514-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 4e45bd1ae70462fd540060eb4bd7b79b |
| SHA1 | bb3d985dc7f30018dcd1a45e8c55bc0a7d026f01 |
| SHA256 | 32dc4e8037112b1503d47b19fe3a0f4693e35eee35d821feb45735cbcf113cac |
| SHA512 | 531b293899a35030a7cb95638d5aa1334d85ff12ea3cb710ce4e5bb9e5c0774e7a1087670ec65ce3cb06301273fc95dc06ab0271ac8d7e4ff4d91ab2fc50014a |
memory/1588-521-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 814819a541e87be67687e360833f3907 |
| SHA1 | 3907bbc5b34e4414a3783a7db6bdbaa7b44e518b |
| SHA256 | 38396c92d76f791ff2b7b80c65a5a25bda61167fd83b56ac83bbb8afc6f651e6 |
| SHA512 | b1819648c14fd651ce8a4d15465def99b2b6e01ff007e1d3f81b0d1cab55eee34752344ea1e24b146b223fbf4565f341fafc089e87bb032329ccd36146575dde |
memory/1588-544-0x0000000001600000-0x0000000001D4C000-memory.dmp
C:\ProgramData\CGIDAAAKJJDB\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\vcruntime140.dll
| MD5 | 81b11024a8ed0c9adfd5fbf6916b133c |
| SHA1 | c87f446d9655ba2f6fddd33014c75dc783941c33 |
| SHA256 | eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829 |
| SHA512 | e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1 |
C:\ProgramData\CGIDAAAKJJDB\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\ProgramData\GCBKECAKFB.exe
| MD5 | 6cfddd5ce9ca4bb209bd5d8c2cd80025 |
| SHA1 | 424da82e9edbb6b39a979ab97d84239a1d67c48b |
| SHA256 | 376e1802b979514ba0e9c73933a8c6a09dd3f1d2a289f420c2202e64503d08a7 |
| SHA512 | d861130d87bfedc38a97019cba17724067f397e6ffe7e1384175db48c0a177a2e7e256c3c933d0f42766e8077f767d6d4dc8758200852e8ec135736daee7c0f8 |
memory/5212-611-0x0000000000AC0000-0x0000000000FD3000-memory.dmp
C:\ProgramData\FBAAAKFCAF.exe
| MD5 | daaff76b0baf0a1f9cec253560c5db20 |
| SHA1 | 0311cf0eeb4beddd2c69c6e97462595313a41e78 |
| SHA256 | 5706c6f5421a6a34fdcb67e9c9e71283c8fc1c33499904519cbdc6a21e6b071c |
| SHA512 | 987ca2d67903c65ee1075c4a5250c85840aea26647b1d95a3e73a26dcad053bd4c31df4ca01d6cc0c196fa7e8e84ab63ed4a537f72fc0b1ee4ba09cdb549ddf3 |
memory/5544-622-0x0000000000700000-0x0000000000948000-memory.dmp
memory/5544-628-0x0000000072250000-0x00000000723CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dbe01f31
| MD5 | c62f812e250409fbd3c78141984270f2 |
| SHA1 | 9c7c70bb78aa0de4ccf0c2b5d87b37c8a40bd806 |
| SHA256 | d8617477c800cc10f9b52e90b885117a27266831fb5033647b6b6bd6025380a8 |
| SHA512 | 7573ecac1725f395bbb1661f743d8ee6b029f357d3ef07d0d96ee4ff3548fe06fab105ee72be3e3964d2053de2f44245cca9a061d47c1411949840c84f6e9092 |
memory/5112-631-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-630-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-629-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-636-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-641-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-640-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-639-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-638-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-637-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5112-635-0x0000024D5F760000-0x0000024D5F761000-memory.dmp
memory/5544-642-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e1b9b982
| MD5 | 8d443e7cb87cacf0f589ce55599e008f |
| SHA1 | c7ff0475a3978271e0a8417ac4a826089c083772 |
| SHA256 | e2aaaa1a0431aab1616e2b612e9b68448107e6ce71333f9c0ec1763023b72b2a |
| SHA512 | c7d0ced6eb9e203d481d1dbdd5965278620c10cdc81c02da9c4f7f99f3f8c61dfe975cf48d4b93ccde9857edb881a77ebe9cd13ae7ef029285d770d767aa74a5 |
memory/5212-649-0x0000000072250000-0x00000000723CB000-memory.dmp
memory/5212-650-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
memory/1588-654-0x0000000001600000-0x0000000001D4C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/1588-660-0x0000000001600000-0x0000000001D4C000-memory.dmp
memory/5544-666-0x0000000072250000-0x00000000723CB000-memory.dmp
memory/5212-667-0x0000000072250000-0x00000000723CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e1bf579b
| MD5 | b3afa2aafce44cd2069b2579a72e0b1c |
| SHA1 | d2729468babdabb344727eae5ca940736ebe5149 |
| SHA256 | fa838b2c0b155e2547ae9fe82857e246028e400f9a04e23f8a7e8134b382a5ea |
| SHA512 | b371fa8e16e528ca36299f165262ce2a44101f545c9cf3976d4c011687907d7ecff9bafe9074946f319a65b68cffac6f4d37e8531dbab446f07f1640b33be2bf |
C:\Users\Admin\AppData\Local\Temp\e4d5226e
| MD5 | 0aa819c831442ac72c6d0724686ed946 |
| SHA1 | 06aab893efaa6587ec10afb77e7fc2995898066f |
| SHA256 | 011135c00af43370d1ca1312128393be466029d8d3cb77fdd3ab873a694cea81 |
| SHA512 | 54b4c67bc53d351f5438428a21e66458f37ffa35e1b8b93c424aa77bfd1dc63cf8177e0ce1115719683ea381d725f34f29823d498b40bd8224f8dd077507b198 |
memory/1588-681-0x0000000001600000-0x0000000001D4C000-memory.dmp
memory/1588-684-0x0000000001600000-0x0000000001D4C000-memory.dmp
memory/5004-685-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
memory/2844-686-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
memory/5004-688-0x0000000072250000-0x00000000723CB000-memory.dmp
C:\ProgramData\CGIDAAAKJJDB\VCRUNT~1.DLL
| MD5 | a37ee36b536409056a86f50e67777dd7 |
| SHA1 | 1cafa159292aa736fc595fc04e16325b27cd6750 |
| SHA256 | 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825 |
| SHA512 | 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356 |
C:\ProgramData\CGIDAAAKJJDB\softokn3.dll
| MD5 | 4e52d739c324db8225bd9ab2695f262f |
| SHA1 | 71c3da43dc5a0d2a1941e874a6d015a071783889 |
| SHA256 | 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a |
| SHA512 | 2d4168a69082a9192b9248f7331bd806c260478ff817567df54f997d7c3c7d640776131355401e4bdb9744e246c36d658cb24b18de67d8f23f10066e5fe445f6 |
C:\ProgramData\CGIDAAAKJJDB\msvcp140.dll
| MD5 | 5ff1fca37c466d6723ec67be93b51442 |
| SHA1 | 34cc4e158092083b13d67d6d2bc9e57b798a303b |
| SHA256 | 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062 |
| SHA512 | 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546 |
memory/2844-702-0x0000000072250000-0x00000000723CB000-memory.dmp
memory/2968-706-0x00007FFB80730000-0x00007FFB81DA7000-memory.dmp
memory/4872-709-0x00007FFBAFBF0000-0x00007FFBAFDE5000-memory.dmp
memory/4872-710-0x0000000000890000-0x0000000000901000-memory.dmp
memory/2968-711-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5276-717-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/5276-719-0x000001CD633B0000-0x000001CD633D0000-memory.dmp
memory/5276-715-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/5276-718-0x0000000140000000-0x00000001407DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4ffee124
| MD5 | 4e00688162b5c5355973bbcbeb5f21ac |
| SHA1 | 6c2754a4d955132715bc0c0d6515722bfbc4544d |
| SHA256 | 3fa35d8cdf671bfa5114512bec4739d66633b1cd362c01d775dae60bfd886853 |
| SHA512 | c4b28192c200e2fa37eecd2fdd8054c12b65f5e12de6373fc1a901b9c46e787415f0a487c5b33673cea816acbc6fd8c7e0433aee2b30f63ecb9102e8a046172f |
C:\Windows\Tasks\Watcher Com SH.job
| MD5 | 155bdc62d96a3709a4433b1cbe80d750 |
| SHA1 | d4930e2635f6099b59e9b95ce07fbd3dbea66ce7 |
| SHA256 | eae4ce5e3384c5d583dc066d89332e070a0d61ad00475e590f0760754eccd122 |
| SHA512 | 7145cdd146c3648e37b72dc2a24d5ed1ad84c730a2170c29638b91ec018f560c37f8afc850a0473a8dfe6c4d85ba07f27ccffed8430e94a65912d147516a1281 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5b1c04c2c2acc1fb9626cd8c47257e5c |
| SHA1 | a3ded069784208b98d1639eebc4a618d536cc8c5 |
| SHA256 | 8485cef339fc57df588c781e91ac346e4d0d2b1d5d468fb80dc981ecd1c630cf |
| SHA512 | 239545ce3f674d1d28d2c3e007b29424af795833981a89cd3ade995b28681c511052a01bdb0c8e53bcc64894a3b9b49a733dc98ffc30638731d4516e7f0fcf95 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MSBuild.exe.log
| MD5 | f26118d675c61402c218ac6794d90a63 |
| SHA1 | ffc8d592f3ca8255ca5119eff5b576eb16ac7fac |
| SHA256 | d049789c187b2f58c900eab10205bc037740dca8640ab40c314790fefaab66ff |
| SHA512 | 6f14b71dae095131053a1b590e60ccec4e14c47c745bf9d52de48988d7b93b1f50bbb6bac0222dc49e3e45def052b20be2d34e116991027718da2e0fb8eb45d0 |
C:\Users\Admin\Downloads\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\@^NewFile_2025_UseAs_ṔḁṨṨCṏḌḙ%$\x86\updater.ini
| MD5 | 6499b6ec03c720c897b9bbe4cada2647 |
| SHA1 | 4b85d520ad8aa77c5df4cdc5b4b9669b205ff354 |
| SHA256 | edd1a68585ebac3872b7ab0a085b0a5c92f58f7dc59b926b6c647cc172f69ac4 |
| SHA512 | eda8e07e04ac8b1b300f907a10fe6294d8bcff16d7aecdc3da36be6efd29aeda022a0428f1a31837eea19202bd5e559f3f19c541b4aa22dfce313aed8f1a0d69 |