Malware Analysis Report

2024-11-30 05:44

Sample ID 240619-mxb4lsyfjd
Target BRUUUH v1.6-protected.exe
SHA256 b7a1d7f6783f7cf4f28bd62a3f58ae14942b4a10d699aba919a4793532dcad09
Tags
agenttesla discovery keylogger persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b7a1d7f6783f7cf4f28bd62a3f58ae14942b4a10d699aba919a4793532dcad09

Threat Level: Known bad

The file BRUUUH v1.6-protected.exe was found to be: Known bad.

Malicious Activity Summary

agenttesla discovery keylogger persistence spyware stealer trojan

AgentTesla

AgentTesla payload

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 10:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 10:50

Reported

2024-06-19 11:00

Platform

win10v2004-20240508-en

Max time kernel

595s

Max time network

599s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Program Files\Everything\Everything.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Everything = "\"C:\\Program Files\\Everything\\Everything.exe\" -startup" C:\Program Files\Everything\Everything.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\A: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\E: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\H: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\L: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\U: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\J: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\M: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\N: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\R: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\S: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\V: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\I: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\K: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\O: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\P: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\W: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\B: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\G: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\T: C:\Program Files\Everything\Everything.exe N/A
File opened (read-only) \??\X: C:\Program Files\Everything\Everything.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Everything\Everything.exe C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
File opened for modification C:\Program Files\Everything\Everything.exe C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
File created C:\Program Files\Everything\Changes.txt C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
File created C:\Program Files\Everything\License.txt C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
File created C:\Program Files\Everything\Everything.lng C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
File created C:\Program Files\Everything\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe N/A
File created C:\Program Files\Everything\Everything.ini.tmp C:\Program Files\Everything\Everything.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632678419477945" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.efu\Content Type = "text/plain" C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\DefaultIcon C:\Program Files\Everything\Everything.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\DefaultIcon\ = "C:\\Program Files\\Everything\\Everything.exe, 1" C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.efu C:\Program Files\Everything\Everything.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.efu\ = "Everything.FileList" C:\Program Files\Everything\Everything.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\ = "Everything File List" C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\open\command C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\open C:\Program Files\Everything\Everything.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\open\command\ = "\"C:\\Program Files\\Everything\\Everything.exe\" \"%1\"" C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\edit\command C:\Program Files\Everything\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\edit C:\Program Files\Everything\Everything.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\edit\command\ = "\"C:\\Program Files\\Everything\\Everything.exe\" -edit \"%1\"" C:\Program Files\Everything\Everything.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.efu\PerceivedType = "text" C:\Program Files\Everything\Everything.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Everything\Everything.exe N/A
N/A N/A C:\Program Files\Everything\Everything.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Everything\Everything.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Everything\Everything.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 4164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4752 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe

"C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x308 0x514

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4396,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf090ab58,0x7ffbf090ab68,0x7ffbf090ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3664 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4700 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3192 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4824 --field-trial-handle=1980,i,10745776667260817998,7962163238083682873,131072 /prefetch:8

C:\Users\Admin\Downloads\Everything-1.4.1.1024.x64-Setup.exe

"C:\Users\Admin\Downloads\Everything-1.4.1.1024.x64-Setup.exe"

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe

"C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe" -install "C:\Program Files\Everything" -install-options " -app-data -install-run-on-system-startup -install-service -disable-run-as-admin -uninstall-folder-context-menu -install-start-menu-shortcuts -install-desktop-shortcut -uninstall-url-protocol -install-efu-association -install-language 1033 -save-install-options 0"

C:\Program Files\Everything\Everything.exe

"C:\Program Files\Everything\Everything.exe" -app-data -install-run-on-system-startup -install-service -disable-run-as-admin -uninstall-folder-context-menu -install-start-menu-shortcuts -install-desktop-shortcut -uninstall-url-protocol -install-efu-association -install-language 1033 -save-install-options 0

C:\Program Files\Everything\Everything.exe

"C:\Program Files\Everything\Everything.exe" -svc

C:\Program Files\Everything\Everything.exe

"C:\Program Files\Everything\Everything.exe" -disable-update-notification -uninstall-quick-launch-shortcut -no-choose-volumes -language 1033

C:\Program Files\Everything\Everything.exe

"C:\Program Files\Everything\Everything.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BRUUUH v1.6-protected.exe.log

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BRUUUH v1.6-protected.exe.log

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe

"C:\Users\Admin\AppData\Local\Temp\BRUUUH v1.6-protected.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4132,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 104.26.0.5:443 keyauth.win tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 id.google.com udp
GB 172.217.16.227:443 id.google.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.16.227:443 id.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.voidtools.com udp
US 162.211.80.236:443 www.voidtools.com tcp
US 162.211.80.236:443 www.voidtools.com tcp
US 162.211.80.236:443 www.voidtools.com udp
US 8.8.8.8:53 236.80.211.162.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 104.26.0.5:443 keyauth.win tcp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp

Files

memory/4008-0-0x00007FFBF8B23000-0x00007FFBF8B25000-memory.dmp

memory/4008-1-0x000001EDF4FD0000-0x000001EDF57D6000-memory.dmp

memory/4008-2-0x000001EDF7370000-0x000001EDF7382000-memory.dmp

memory/4008-3-0x000001EDF7D80000-0x000001EDF7F94000-memory.dmp

memory/4008-4-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

memory/4008-6-0x000001EDF8990000-0x000001EDF89CC000-memory.dmp

memory/4008-7-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

\??\pipe\crashpad_4752_DHBAYVMOZWTNUFGO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f2db551673c03bcbe97d27bfa20ad0df
SHA1 d1457083d07613b4a59a4c40549c4b0d94b39dce
SHA256 5fd33d44566641ea5d0fb0241ef888be5ff19ee821708ba9ae2fc7a7811f370b
SHA512 0151e92f8b4ebeb32a79bb2e44efd83cf68e92bada0791da116ce639a55db076bca50d5eb17f0f8ae0c552d52b082af7fedd450fe667df19670a0af0fdaeeb54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24999949011c5d28261c20b6cd95caa5
SHA1 1fc88676baf2eba12912d22036f5d8676cc243c0
SHA256 a10c86cea11128bfee8b1854eb1f547cd301e9714018572a76472b937024f05e
SHA512 2f893722f21fba76eaa79d10b2bd5178358a82ff94cdc954ee4a118dee201ed56022b089f85e5b64da6016e04e61c5dd060896afeced60db821104fd17ddf8be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8a99fe3ff85cd0378f6385cb39f32d20
SHA1 75ad646b6dd236030c7be696cd91f025782c61bf
SHA256 cadec5bd7f4c6f8ce1b44c69ce4c6ac8a6fa662658bf14a8eec48f0e4ca43d19
SHA512 ab48ff8799573bdcb070e1c05a79dfeb7d40aca1c2e573c97fabd5179fc656ad78da0c955b168465c46b188623c554fddd95811e874e49e759069aecd5a6bed5

memory/4008-85-0x00007FFBF8B23000-0x00007FFBF8B25000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f341cf5363c93e2e95e3cd079a566fcd
SHA1 ab9e4eebefbabd8215a472302ef5546bfdd30211
SHA256 d78458d3aaf2a38c2bc1c47ea1ed9f7dbeae2a82dc7c9a8713d2faa3c708e1a4
SHA512 44e81552ff5c53e3f4161d51c4aa45c9bb1ca5d90187c2b12d56d9059d7210bfc3657734a190351b35f6b3c01f02530d3f24239fa77b4de80d5eb3100e8a63c6

memory/4008-93-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

memory/4008-101-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c98a6c5ffa297533e3816aa8005eddc2
SHA1 12ba706f528bd62b08f4389ca60eb70ca2eef909
SHA256 a6ce9efeee355e39ac9afe8a0221ba12f073edbf50b2a426ca929fd016239c62
SHA512 090466b7c06ee89c32b67272f7dcdf3067087fe833ed89d1518cba095bf8a95bbd79ac45a9d88107ed13cd06699b906d5c71afe6b5d8d9e100cab02a93185967

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3291f7eb09cea9b023d764b53597c3e
SHA1 ef0eb02b03e94bab23816940d46828cf9ec414bb
SHA256 44d469a3c535a30c482867602f08e012ea0f7f54784e8e0071bb5a48f9f2a785
SHA512 bc2710fca911d5fe725fb1cbc79ed7f381208c9477b32448630f76e71885f3d1067d6963f33de88b40485b53d917ee64af46d14a37941622c19da5804738a183

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 40e01c775b4f150dec2ff43bdf0f1816
SHA1 29cc0f7eb904aced209cec12ebbf8e6ab192da53
SHA256 4d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0
SHA512 c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c054cddd96069f22fe75e7a2c17ae412
SHA1 d38822115595dad9af041a2ac43dd74c782276c3
SHA256 5f2af02562178807d98ae12e1a8e1aeac6928440ed40276a8c3ea791a733ae71
SHA512 64506610fa6074e56f710f5e7b21ea47662237751121e2b73d77a9c1fc72ae61f2b3a2fd7cfd95c9b6a9500f56c307d0176f365e426aaa641b2afda81aa136c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 570efb21241c4a53cc4ff151342bd289
SHA1 5ebcfa6a9e1bb83e9e5d541743604a3603d3b1da
SHA256 9f934ef89841dd7b542e0a1cc620c61057f07f33503165075fe6aaf6456e782d
SHA512 e56c1cc5a9403e96225ccb607051c90dbbc5fde0ae8e864f7e0f4bfc7b1b59886fb1a82fbecf37a11f1f7f4eb4f20354bd1c274ad8df526d48251239e8083f22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0ff894f3b8057f77a2f6e8a7a334b3b
SHA1 e367d6297cb2c09fcde8ddb5a943ee07391237f8
SHA256 72050ddf23bf37a3925dc48b6e332c2e1e7244f7f469e5a46fb7c8644a80a099
SHA512 a86bd2e7727125477745da3271863f8dca63b970f112ac7b0b6af35534f9fc36afea51201eecc5c4898995a7d0a8ee8d63dad14a1ea0118dad4f9d80524e0d90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58972a.TMP

MD5 00685ad6ac88087c0058c623fea6004b
SHA1 441ffb2ab5a9440a22a3c2358f70d8b29bb7097f
SHA256 5cfbe8106adf1f42ef159fde2df57475dcbdcdf96c211d1d27c70d51a737a778
SHA512 d72f6aaffba1ed0c7e02607dce1524db85038d43195fd251a28a4b3168250f1abba202acdb4fb29f92a859c33f56e230513dee0ef60fc3f70e210ef767693e2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\Downloads\Everything-1.4.1.1024.x64-Setup.exe

MD5 5036e609163e98f3ac06d5e82b677df8
SHA1 176db10a4cda7104f24eece2d87e1a664b7fb929
SHA256 b2afe799584c913532c673f99ade45113bf5a5b605a964ce9fa837f563b6fc21
SHA512 40c4332e2e4132fc7f3a5f0738a67e7725b329c4a4b0643fbc65f5d1de3ca4b6bf7374c2a722ea05f01a5e2ddd458344289fdb39bbb092a0b64e63eb168313e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78ecb93f13aec47ecb15fc86e51d5790
SHA1 850febf481822c94bf14a390e5c9754bf82c1070
SHA256 b131093b9d11d4231d7dc2f19f1217dabe585d58ebe68ac89017ea9b189edb9a
SHA512 aacadb43c93562fc18c7766d23fddd565cb0d0676102677a208d6d4b6f197cbebbd8ade52aaeaec5d4ffcf3c9b0d6cb62b79a9037a6a88a1e576bf8941219a01

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions.dll

MD5 ece25721125d55aa26cdfe019c871476
SHA1 b87685ae482553823bf95e73e790de48dc0c11ba
SHA256 c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA512 4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\LangDLL.dll

MD5 68b287f4067ba013e34a1339afdb1ea8
SHA1 45ad585b3cc8e5a6af7b68f5d8269c97992130b3
SHA256 18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
SHA512 06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f31b5c26eadd953502661c744059bcc
SHA1 9b51245375e856ca78bfd7a832f5820d158b213e
SHA256 1474a36a36671572ba95df784662dd0534a0697530f23e9f5767e2e5b7532ecf
SHA512 bbbf6c72aaf5dfdb4de4bc4c1b3efc833f0bd0440b0d599821637d9212bc2badbd6e4d24bc4e77316f386ba292d45934158265789efb568be30c7c2e57b407ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d2bb6ee17a7737f40b8f3b81e845840
SHA1 0b5a4b245d1489748452e93e0fb65934cc0b7963
SHA256 45f644f49596883cad58beda05abd22e19c9722a23b01438e95d21b28fe5cc06
SHA512 55a1795a06b55e4e6290c5ae4891044ca008bb258bc014a869f207f58dd5250bef815e70a379a9266a885275fffb90fcd0d61145d753cf5c7c29c793fae39687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 578210c182e667900d966d0956ccc395
SHA1 3975410ddd70cf824732308b5a5d005be5912b4f
SHA256 7cc1b044c7e4b55de4f73caf7569679195823a776d848b7daaf6eee833dd3310
SHA512 aa47a5f6d52f75209066284812200a2472e3c29111a3213bd78943ae88a3a23c9e4306d732962bb9f78443911acb6b88bdee1c7289a9fd595ff97f5c77b896f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f64152a22f94956844ca28fd396940ff
SHA1 d5153fe3b86682b24508b8ee8cf5dab1f3b9172b
SHA256 aa80c172904bcb2ff614042d26535a612f0e72cd03ff4ee5772da9f0467d56a7
SHA512 8ba7d49a700362de12be130eb7c0c96bb83bb28fa2b2c9daadbfd2fa58a5636b1a0165fadec8ac210a49165bc81f712c41ff35ce739f6259be56fd8f4d6c7307

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2d3a1aca98ca0f3c1a29671af0185035
SHA1 d24ec7c1869d6fa7ea1c6a966ed7c4775f5fa24a
SHA256 7e3e054fd4c4ccdd5722d197bc8269ac7a72d9bffb43143826c9dfa2336daf83
SHA512 d009c213d6326751f170c8c97f3a2a12b3a522c41f9bce7415423a57812359039ff2e506f3fac60b9d8c946533b465ca2ef40b15f1b345561dca2141ab27e1e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 0535c37a637f52bab27cb407e73a1ce2
SHA1 a72e06f6c17ffe4fbc993c857248f5b0065867a9
SHA256 c90e67db71353580416f53affedd7af6412c635fb6204aa522950f77d393ca49
SHA512 a84169e9fab1d38b7e40e08e12f809ba058f80be28bad13198364e8e84f17010051f11d58fa971993757b39f74808f279fef891ce5a647b0a11ee8bd39d4b033

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

memory/4008-637-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions.ini

MD5 e2808f4be298a32ae279ee9ebacd0a0c
SHA1 b7929c346ba7a7aa690a766e4f70bc1d44f75460
SHA256 99b98f333848dacc5df866402181a6e2441fff0f9cdbb2a26f5f2c5d5dd12c52
SHA512 a305986b1eb907caa77616bcf3b9929fcbef8156b9162a942b1720ae32b34e1ba0537c553b54e750a22c3106fdb33870c346dd1f9d72db7d0baa6d318c3752a2

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions.ini

MD5 ffd9af7b559e533b535a543316242d1b
SHA1 9602394db8a16740a61ddb3b6e8b2d0440bcb204
SHA256 a5b9627caf66a6fc7b9ab65e502d5e5a27562db7d20ff88222fb42c3f5676127
SHA512 7a7231bbd04882041340db99147c2d0241b9dfc63a22ee900554273b0e65df1b64a17143da8600790b61527e1b77e92a806a83f4885a9720eddf294eca284394

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions.ini

MD5 e0e9fedb3c6153095d9db1e30aea42d7
SHA1 688e2d2c556ef1933c8c6b6bf5c1ca2adc91c9e8
SHA256 42be8184e892e1c4a1ab892f27330d86a7e05bd1abd4585536557081c516c00c
SHA512 38b75ff00419ad0d91907b5e3f5cb328f90b0ae847cd50ecf8e355cc966730cf89ab3c881879146bfa39f13f1911c53289e888759e05eb3db287055586671b3c

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions2.ini

MD5 a6634dd375de49a06ff7c8c65f03bb42
SHA1 2834f907bb17d0916cfd1285718695f866e319d6
SHA256 caf045fdf50d8706410dabb4b4db6edab64d09a1c4229854666c5fdcbc70f35d
SHA512 c2d65ed0b99084753447711ea46e2805017b51917851bc7b53a96e58c49b92acf9f3f32fdb9b68beea400050703785ef49f7d7bf77131cb683663375654b71e9

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions2.ini

MD5 5ba0a6ffb1300ddde188e44c8620c793
SHA1 0c7048876890ef2d6584e249a4c1609d897e06f6
SHA256 c2dcb25a8977e2fe312268cbe610491a4a07668aafb284db5efe3d204cbe88d7
SHA512 c3a9f509c347979438808b9fba0896c28815ad6428553b930baed55932af664ae2c1292dccde60b91f900fcd41c18323557af1550f4777e9130bc18c0524a6ad

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\InstallOptions2.ini

MD5 30fc1bf951bc4daf20413cddb3746b23
SHA1 692f205305d3b5c49f3d9c81e6dc2b1aec509fcc
SHA256 4c8f3677826e447f843d689cc949e2a092b7577f1b89db0918654665b93cd8e3
SHA512 1384943137af76b2f7e774c42bfe7daf72265317a652f0daa458ad0250bc5e09d633ae4ebd531043727124cb2245a3979a20e93a16977946778e1df712f324b5

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.exe

MD5 0170601e27117e9639851a969240b959
SHA1 7a4aee1910b84c6715c465277229740dfc73fa39
SHA256 35cefe4bc4a98ad73dda4444c700aac9f749efde8f9de6a643a57a5b605bd4e7
SHA512 3c24fa02621b78c5ddaf1ad9523045e9fa7ccc02d85a0342e8faafc31be2a3154558d3cefcd9ae8721973fb01450ab36e6bb75a1b95fcc485a4b919f20a2202f

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Everything.lng

MD5 ba118bdf7118802beea188727b155d5f
SHA1 20fe923ec91d13f03bdb171df2fe54772f86ebba
SHA256 270c2dbd55642543479c7e7e62f99ec11bbc65496010b1354a2be9482269d471
SHA512 01d8dd2bf9aa251512b6b9b47e9d966b7eda5f76302e6441c5e7110ff37b4be325a4f8096df26a140c67bd740dcd720bc4e9356ccb95703ad63fe9fdbbb0c41f

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Uninstall.exe

MD5 9619f283a8809f06d9f25818df792798
SHA1 c959694843937043b09da5189d50553aa6c24a6e
SHA256 f5e05a0afc32604d961f2c1b8e500d33018718c3a1d47cbc3f4a98fe0d0e9ca8
SHA512 cd84eb50fc8ad582e5b60f1fed3174564ef356673f6dbc71e14a8f07baa7efa28ec434aaa9594460364a15c006fa4c56ce27d58d687dcc765fe07d5caaa3b73e

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\License.txt

MD5 2d8c6b891bea32e7fa64b381cf3064c2
SHA1 495396d86c96fb1cfdf56cae7658149138056aa9
SHA256 2e017a9c091cf5293e978e796c81025dab6973af96cb8acd56a04ef29703550b
SHA512 03a520f4423da5ef158fb81c32cfff0def361cc4d2caa9cfa4d306136da047a80a6931249a6b9c42f9f2656a27391b7921a64e10baa7468c255bc48bd488a860

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\Everything\Changes.txt

MD5 1ebb92ac516db5077a0c851565b7a2cf
SHA1 9adabfbb11b070169429fd43a250285ee8881213
SHA256 e64b60048b375f0c7d4c1fb4329957a297f2e60c306ef9c380175ea7a42223d6
SHA512 3fba14d13a602937b8600c7d5cc8011f7369857be288510b142573e411b2296cdb3ce58beafdf268d04aa1c5130503a63ba38f87239fc7b0be2e0170bdfc86de

C:\Program Files\Everything\Everything.ini

MD5 b2b308d8c164f75bc11bccf7baf3df67
SHA1 6f1e5561268b2db5b46bb6f738c0f7a637fd6b6d
SHA256 f0969f438d2869641d8f76d5b9fd2b82c7232134a90972e96abb3783d1e2fbe5
SHA512 5cb56d715d35a33e5bbc7e7deb43e4f143e4193ae59282892fe72b82c66a21a62cec85222a9879d5126479a59b9a5e715568f4bb62040a4c03b706f1ebde9659

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\ioSpecial.ini

MD5 33f046487bcd5ab01fa1947376a20ea8
SHA1 fe2e15bed145e15a164b322230d7f5f6ada0d962
SHA256 bd3dd8c88eab5b9ed5ce10133f4d88c3dfc09b6bb9a7dae7a218f5d6b2f50bd6
SHA512 3c757100f830eb5ed26d89ad01474589757ab5cfd1e2c0fd40d77474560d86ff8693b3ab3edbc604539f8acd89c096358c200bf10e1bc00341a39315fd8cdd3c

C:\Users\Admin\AppData\Local\Temp\nsfB795.tmp\ioSpecial.ini

MD5 1072dae8d670e6f13f0b60c1d198de9c
SHA1 6e5f64944cb43edaaca6d37f3d1621efad62ffaf
SHA256 11399acf27de709bbcc43031e0922248ed203172cb95619ee4febd141ebb1650
SHA512 b67571f5cfc0aab8bbed337eefd432b9b4b2c39cd299f2a966d043a938b975430a6e3e0b87c28a70845cac74c1b5abba2786470697108b8db09e71ef94fba77e

C:\Users\Admin\AppData\Roaming\Everything\Everything.ini

MD5 49b6ff446eddaf88ea08a7c16792952e
SHA1 c0dc334f467d867f0e1d3fabd555ebcac395fc8b
SHA256 2fb724dd202047575842ab8b47f7c395b06c84879af5a1cd5978b3a0111e3580
SHA512 77caea2889ef3c8396cf333e6f99656cf087ba69e20f86279cf415e9b3ef598a98a0a2bada407443910ef24b8d51602ef3d1504f3826f0f9837d07db488bab2b

memory/4008-1132-0x000001EDF8C00000-0x000001EDF8C12000-memory.dmp

memory/4008-1133-0x000001EDFAAF0000-0x000001EDFAB0A000-memory.dmp

memory/4008-1134-0x000001EDF8CB0000-0x000001EDF8CCA000-memory.dmp

memory/4008-1135-0x000001EDFC270000-0x000001EDFC320000-memory.dmp

memory/4008-1136-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

memory/4008-1138-0x00007FFBF8B20000-0x00007FFBF95E1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BRUUUH v1.6-protected.exe.log

MD5 27ec96356df076ccfadcf005d723ea00
SHA1 734fa2a074fa4f7d3dc4c818828e4e2f1167661b
SHA256 0aa6a64c70e4346489cb02a4b548e8f6927c18bdc851a6df5bb8b2a12fcb13e3
SHA512 fc2da5eb558f15c88590e00175c6667b7fad6297b62c3044d4b18324a9d2ee39bcdb1b0eaf598f0ad1a462c532d9f3864feddf84914f482453f9abf4980adc22

C:\ProgramData\KeyAuth\debug\BRUUUH v1.6-protected\Jun_19_2024_logs.txt

MD5 6ca225fc8eaacd68fa7ccdef5bec1141
SHA1 bd9c75106bc62052c87bee51545b3d00a5207470
SHA256 b15d3c9fedf3daa659e6603067c6da2c5c9f4a64d6aa716168873e2ef69243d9
SHA512 59a983cc4670fb8ccc437aa1e1df72e295a1ce46699b1f251170b62cc55bfc89c69260aa575e107438c05d860c6d3585e5f269cfc9209e54eaa7101144486fe2