Analysis Overview
SHA256
2ddaeb628e70b156acc59ffb0dbe5313da7c46b0c8d8b852e8ae10a3fe69c13c
Threat Level: Known bad
The file Flash USDT @ZerodayExploitware.rar was found to be: Known bad.
Malicious Activity Summary
AsyncRat
StormKitty payload
StormKitty
Downloads MZ/PE file
Executes dropped EXE
Looks up geolocation information via web service
Drops desktop.ini file(s)
Looks up external IP address via web service
Drops file in Windows directory
Event Triggered Execution: Netsh Helper DLL
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-30 16:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-30 16:05
Reported
2024-06-30 16:36
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
1587s
Command Line
Signatures
AsyncRat
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
Looks up geolocation information via web service
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642372401418402" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Flash USDT @ZerodayExploitware.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff930139758,0x7ff930139768,0x7ff930139778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5356 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5776 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6032 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4536 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4532 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4496 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4556 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a1314451b67c46a7897bd70c0fe96a1f /t 4460 /p 2212
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3880 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6056 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1768,i,2478180092069046789,1554930691902970290,131072 /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\70be380aa84949eeb747978f29dee4e2 /t 4084 /p 888
C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe
"C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe
"C:\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\flash USDT @ZerodayExploitware.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filebin.net | udp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| US | 8.8.8.8:53 | 18.137.99.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s3.filebin.net | udp |
| DE | 88.99.137.18:443 | s3.filebin.net | tcp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filebin.net | udp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| DE | 88.99.137.18:443 | filebin.net | tcp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | api.mylnikov.org | udp |
| US | 172.67.196.114:443 | api.mylnikov.org | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 241.184.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.196.67.172.in-addr.arpa | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:7707 | tcp | |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 172.67.196.114:443 | api.mylnikov.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:6606 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp |
Files
\??\pipe\crashpad_3748_TDZYJQUHYJEGWHLJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 24ff217878c977f82bdd1898ffccb93c |
| SHA1 | 85fff6d61fe6e06960e809fd44bd1d9e2d520077 |
| SHA256 | 54e8712309f1ae60b46faab0c9341f8c9795e4458a23a489c3d67af77597ef08 |
| SHA512 | 465b78b37694283cb9657fe6d0a1c0b9df99bac954bcddc81a5fd3d7a9b001e7e62033f1bfc2c0af9140b302fee468c3087e55005ceebb11179276e49e6d87c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 831c16efb627f0e43e12dfde53518d27 |
| SHA1 | 555c908d4ff94af4be69c00defe9db9971891e92 |
| SHA256 | 05a93e99d416a34da6034747816ffbe7af8c8081fbc88a4155301f0a5dd7dd51 |
| SHA512 | 3f9d51f37a386fd7910171664fe3d4e32958f211d8e03c62b3a50f53fb4271184e2a32e6d7a039d34f7c1fa4889c0c515dad3ab6876b877d24faa107c185f841 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43808cff563f37741a2e249bcf6aa8d2 |
| SHA1 | fc08e50d9e043a6415342fc24918e2133348127d |
| SHA256 | a2f26b9bfcff4de495d67eae98814b267831da69e8507422a0fad5ecfe761e5c |
| SHA512 | 5eb1f8020bbe7d76dd2ecf4e04bee8d8602707c96e14e0fb4122fc0291d1f2835a27c7af736ca70d4e3e16cf520254268f9660dc0e5d1c7e600468d22818d62e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 8614bd84cf1909d5e223d9f0fac44d5f |
| SHA1 | 1d61dec0dc1c9a0bc546f94e37bfafe942822d0d |
| SHA256 | e4fe9712737f602b90ffc1e0058a9bf7edf2e32711b6bb36e40252d3d04b2b89 |
| SHA512 | 45da23759c74e70c499b1f517a27c5ad6138467a30af9ca51175088fc55fb88d2e56a57c6912ff647007ef0ebbfa15f2f7bdf492a232ba6de6a23a3157e81a41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1135f476820a37ecd576fa9d45cb6152 |
| SHA1 | 1d07306031b40cf6db07337afbe8585e4b7652a8 |
| SHA256 | f536027de58554f18727b4217dba8b3e91df5142ca60cac64bf9252a3d9a2cc8 |
| SHA512 | d47cc2ed4dda4b21a4966230049f0682d2b7926f4dc7d49e9729f828dddf09efe4e9d274eb7a610d0f74b94d72cef17e771976a10fc3ef6f7e11b30309783bf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d7fa93ff-f1bd-45eb-8a15-fe402533508a.tmp
| MD5 | beb01950f9011ece809da203c4b2c319 |
| SHA1 | f9945a20e73043c076183621d56cc1a394de52a8 |
| SHA256 | f843a08348751dd680b4709a1893e24713fcb0dda9ef3b57bd2e918f6c6ebe8b |
| SHA512 | f2be1234234f1a1decd78ca03c0ce1e788a829dbe93cf783d8ae6f8bf76bcda82dfd58432e4580432249f29cd7e74c414a1e23d3df750283ef4a3477a15201e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 04f875e95cf68404d7f6cfef5283ba90 |
| SHA1 | 5127c28c4772fcfb85249a9fcbc7316fd3b0b293 |
| SHA256 | d7c4e02df37280879f300b35afb4190b2016895ec1c9a9732bb961e655bd7549 |
| SHA512 | 3c51738d11ebd57928b7cca0441c0faa5abdf05b4322564220a40520610932a761fcda3b5bf374300afecf6bf15793d3b467426e7e8cb528bff889f9718ca4f8 |
C:\Users\Admin\Downloads\Flash_USDT__ZerodayExploitware.rar.crdownload
| MD5 | 2fd43a4cbc0d1a1d0ab8feb4975bbafa |
| SHA1 | 929f892d0cc09b3e06a2abe56126e99b9483cafd |
| SHA256 | 2ddaeb628e70b156acc59ffb0dbe5313da7c46b0c8d8b852e8ae10a3fe69c13c |
| SHA512 | 648152b3de9b7c80963f6644473adcf753a554333851574e6b2a8e87127f8828caec815d2779dfcbeb7aaa6f957f8647224b00195de625e81a3655cf02ffcc8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7634e7e805d0b793ed434cbbbc9d0678 |
| SHA1 | e04703226bf5f7abfc874b864fd6e3332c54fea7 |
| SHA256 | 978aaaf0712d5868b4d889287e8785f89d1365827b0473ab46773b7e7efa5011 |
| SHA512 | 2711744aa0937d0c93eb700e00bf812f892dd2aa33702f68943328bee7b1a8e6c8bae3e2b96f1b531526b8d61ebaf6455dfb9c1c9202ffbb2fb447e25d8ab304 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d18d4b9f9ec60a14c9c924d0df536d83 |
| SHA1 | 3845c278ff9af189ff297a31803ec42e3ae2f405 |
| SHA256 | 59516c23e3f6fb0e0f4613c48ff0dddbf2ef4a49914115d325ece34d176b62b1 |
| SHA512 | 6eeda43c2b740e6efbe26c0b22185acbd133c9346d6110a01a5668d2b1bc820c67f43252a6f9b2e77c783a75dc47334785d1d4c8f1e869fb7aad6baf58acbfe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5992e0.TMP
| MD5 | 894a5cdbc381cb9d931ebdd3cb9665f4 |
| SHA1 | c5a092fce711328db9222fdd7b86094fc2c682a0 |
| SHA256 | ea76dafc33d0df6cff0f21831448a261e3e05f32aaf26b97eea1e94803131dfc |
| SHA512 | a25da55594e27e09c01b294002f341bc84644d5eb4d2ebbf805327b1c63b9f17610cc26d51c42e55e06c3420bef13fe92e955507dd3c3e7374712089af4bdda0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d0015529b5b5f788eaa966cd59c5ac8f |
| SHA1 | 2ba3e51b8732dc8fbc5d3ff165fed9fe45f8a1d5 |
| SHA256 | ad607de374e2c60748cb1f8909b3f7b6c5ce5debd4f4453d10b4faaff468cbfb |
| SHA512 | ee0fa82147660688676a7e257242c5ea15c684562916e314494689c9fe8c886c1c8e96808bc73bc2a09b900094ac47025cda629dca3108d26b81e59a13a0b7cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d539370eb6bcb098f7d21a20e86e9a83 |
| SHA1 | f37bbdecd8416d633cf562e6784a34987ebefdd3 |
| SHA256 | e0a00d7a79f745fce1b56c2acb2e150d4c5a19c2abc7523e07f5460c7363229d |
| SHA512 | 31e70f65ce4402f8752602d4ecf495ff9ed2f1cc923bdad472dad03c2d5297823e322f955ff1831a7cfff3b4aad23ef85b89f8dc884d3f8c42ed4f71fcb8542c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 195ceb660ecd21dd3a59484d6c565b8d |
| SHA1 | cfd8d786f1cf6b66fb5abb67636890e543793679 |
| SHA256 | 05c3deddf1953d6b2020fe94d9106dbfe7d828ae8f9c458bc34b8761119b1dd9 |
| SHA512 | 29e02407c6ffff93a242ac196fef2f7438ef2d816edca047d15bd2443858f7d6f47bc2b94b86eb82cdef00c346edecde8a6ce65547b32e45f207c3d615b6911f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bfde230e2edde024c333c3f707d9697 |
| SHA1 | 306ecfd74a6c1deadb5840c5027971b1527e024e |
| SHA256 | 18e74a55a74f2f291063ec7905516eeba3983097a60f67fd0e40a9e8ca2e2e8e |
| SHA512 | 0a12d590e8c7afab4dd4a5b7f00b4c30840b4f243e6626bf4c8ef5987ca9c6860c2ed3e61af645a9d807b85e3d4abe9477114a0ca7a4db8140dc4403d9c87678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0c5912bb718a9a4b36a43ce51795b9f0 |
| SHA1 | 276fdc10965c49d88162f7ad7e7a21f8dfde4410 |
| SHA256 | ae939469f7258c6d4b7bf0601a855e6ccf06d1597b93546afaca4f15cd765ab3 |
| SHA512 | 8daa5914308cfc1cae10079a7915bb4c5fcdd3a1d74a217445e8fc3efb8863b4a6558997713d0b900d39340b34789f6b510e5048def5aecb1ef0c4f55e01c799 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 117fe3e990560a897180cd4bd2607eb4 |
| SHA1 | 0b3ffd189f7d993b0659c586b64d1c68cbd366f4 |
| SHA256 | 419f524e3040425fbc882b4d9f70025cd7f5c16b1aba6bd42a5c4ec284b7706b |
| SHA512 | be6e8005e30fabdfa77ba05364fd0130ade9e120ed4eec0ad03a49604ed15c27eab5ccb826109be7c7208dbd0ab35b7cb9b9229ad89c791586db7609cd5cd102 |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28ae1940aa3351c7f88f2ba23144efbf |
| SHA1 | eb31aa847846b9237b9e7f19fdd75c8fa87c4e2b |
| SHA256 | 2148cb64691b60ace473ff72293cd3530a9ae262cdaf3dd46ba1a666fa3ca50f |
| SHA512 | 5984b068a2f0c18a225e74ee7dae0c89305179cbda374d417568a109ace084b9bb0eb028b6d602c682ca04f5c4599290db50a9e4c43956735af6d69e1835fab2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb898a19ef0da16f35bb68d4f2a3bdba |
| SHA1 | a33f7cdfc686da87725921efd674296e97e327e7 |
| SHA256 | 51c1e58aa0cb78b3329cf68de731f8b6493bb58093a131b2738231175f7437a9 |
| SHA512 | cf4ae053a18d246810ebded462249366b4693eda3b18a41d704924e564f42ec79b268d2d8a18e215037ae66e7cd65cb9f37ddb12defd9405ff2bb73f68bb7861 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5916a34930db7142508065b0eae4b970 |
| SHA1 | 6993aea203146e3fa80687a5af2f5ba67722b144 |
| SHA256 | 8b1b2d61b8a1bc793a33998e54c6d7a7b874f45bb9c714835d14f57c4cb31b48 |
| SHA512 | 10c1bcad3823eb5a3c736c737fc664edddc8533844afa7072077bca4b896d20cf37496f664c5d2083fea404276f5fd2fff7a67c9bd50e2a1f7af145050814c7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac2924e7326740186ae476edaed53558 |
| SHA1 | 0f22d7e070415a6e4484c3d3764c19de3fff9e9d |
| SHA256 | 686813a85d2e2c1f2604046ee53ecd410b2d5bc303366b44b29456e412c4b23c |
| SHA512 | de975e4d5cf934ce0b450d36407fce1c750950a2376cca5c6679873b0f18478a1f4536abfc2f1e92086853293302fe4555648adf83e8120034efaee57118b512 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1b2affdca98fa43f342f6e0cec6a830d |
| SHA1 | cc8b651f17572635722198aa4f24e9ffce44680a |
| SHA256 | ca81f0f9f25ccfaffd051022ff93870d3f0b80d9d0776b4563c453367d9c5b21 |
| SHA512 | 3ed65d4d8fda0aeec80644928e70618276425a7593fe1d56f84ee2248b98e4b2db406f7c331f47c994ccf11a191672799a3f1920855253374bf27fcc272d4c93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | ac2b3f747f6dcaf911ab07b7edae9261 |
| SHA1 | a4a092594067d950a742eccf96a61a839f9084cf |
| SHA256 | 439c5f4128e6485bcbbcff7abdce9a40716ea301b5489c8918751182e131d050 |
| SHA512 | f68529de62fb73f3ddcb586091e436ac7a3f590ceae212b333b7ad2013f5cb81c2a0ffc51165945a757212fff2fcfe37537eaf4f742dfc505c666a609ec22637 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4cf235ef3927f400f8fa4e559b2c8349 |
| SHA1 | 07d2e6df2b22de19ae550844916ed0fa308e85be |
| SHA256 | f1da28e011869b7c0779b7d528ef9ee97ff022082b5613605967650febb8fd22 |
| SHA512 | 3a7909a7f6c8b295d5863f405666e5c3aac1ec5bb5206e2b12f5b3e68cc9f8a45de84d2d5a4cfcc2bd791bc79df56f30ec70a9c6109ffcbe47bff51aa178263d |
C:\Users\Admin\Downloads\Flash_USDT__ZerodayExploitware.zip.crdownload
| MD5 | e6081995c78ccb812b443541f822f4da |
| SHA1 | a5a03b7c8d775dc94e2c5d2e96853d73fc4769b5 |
| SHA256 | 916cdac1b7ba59d217cfa89b0b3181ac1ebd4b5e45d5000382faa517decdb5cb |
| SHA512 | d9fa77cb2ffa2b578ec14ae1c5fcd1a7fc5ee0418df782487c3222b2bea21615e03a9da49c3e466100fb7ed1074b5dd306a1334b1e9227a1b98b26a563361020 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6fbf3cf3052cff82eb31e32bd196c75 |
| SHA1 | 78404ebd2c2f9a67f355b9ce7776f7d39a9ce78a |
| SHA256 | 132c841166b5bce4cfe2974db34169c79a09994bcca5c682514847c3b09ea879 |
| SHA512 | 9e2a1354adfc8dde9637cb80803566737122cd7586e1dff026a67d892515814741f42c93f2e7259d5b1a4c9f53a4406e44eb3cf23bc36b828f7f33253be07b78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 92d12b84b38dc1731840156914864599 |
| SHA1 | 0b206048fb2b6cde717e0ac2aaa135a9cf64d481 |
| SHA256 | df14b972b9e777d9ed85a528283760ab55c20dec3cd51433d2677272bf60ef98 |
| SHA512 | bd16b5770f6143ad9aab49550d82ef88d09d265f6cf7877058d1714cc422e85fe46af79a5a179d9a59069609fb591c8b062fcd8cca68aa3348ed0f5ffe2a4bde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7fab22029c7911ab21067d5b7920e48 |
| SHA1 | 49a6a93c733c2b9a8d3937c74c2413925df1f440 |
| SHA256 | 7f750820c5b1794eb9b6c3ea0479d9a941b56fe0a34884662aa228f125825fe4 |
| SHA512 | bfc5735fc870a1922193de383acf9e3e1c3c1194d0492d23c3a947805ad2f8e961f57ec3f0bc25f5de917d076cf1c217d804e5cd436458522216892fc59e36ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a4a75b1de30c83e1665485cfb207f315 |
| SHA1 | 8e84cee453493dff900d47846191881a14dee12d |
| SHA256 | 68bf615197dd94b73d7385b3410807bfbc18fdc10aea359cfd70b12a6c8b45ac |
| SHA512 | f64767a79df764adf11d74f947973a27592d99e9d47050130d074561e3bf772e2edd85811a340f61423e35c974f6afa5b64e4d5552355385da21da7fdd3d6c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 50e68c38fe748eabeb26985d29c8af2d |
| SHA1 | 7157546f06f022a1b58ffb9dea8727725a82750b |
| SHA256 | e4aed5daa8650029a940bd7e3e5aa4ff9c781edd9159e35f2894374415492725 |
| SHA512 | 51734a69910c899816d3a8e8da7a5a106adc32a20c9346b0ee54d460ce53a9ca699a29258209ce77588f59d33503f1ab4d609c1814ad59e28c26e65a004de76a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 445935c3e9cf3550214e0b8d724510cb |
| SHA1 | 4691c61274473da0ccbf73e26b25f196c6ba77f0 |
| SHA256 | 71825c4e8a1c1a5d0634f9590bd03044b3d0e8ed9871da1bc003fc476922c581 |
| SHA512 | d3977e7c62dd225c283b342c0431971904c73040b1a369ca85bea095279affea313f7d4027ab89d67d7beb4d871a952e651b625639487e7046d6c270011e224e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f798a2bad6ee861d69c5a3acf91c9481 |
| SHA1 | a83c359d91c6217f049c9cc9813619da5e447fde |
| SHA256 | cf6c23bd5ab8512c5e5fbb847d7b1d5915d6a519417e147c8d014b124322c6e4 |
| SHA512 | 2f6ef32e4864a99c8aaf74626452a7017d45a3abafa6cd3882bbe68e8ed56ca8bbee0cf96adff6cf694d0ea0f39f75f3af2590a24634e8b2d3b59c10fda66420 |
memory/4876-515-0x0000000000FA0000-0x0000000000FD2000-memory.dmp
memory/4876-516-0x0000000005A60000-0x0000000005AC6000-memory.dmp
C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\test_importlib\extension\__main__.py
| MD5 | 14ecf70dffdc7864f518117261e2f415 |
| SHA1 | 44076dfaa493a1a58c1970a2eadb75bbbc13a578 |
| SHA256 | cb9a3ce8f18e7d0a0cadb73cc9264772462de953499534736998d3c54f8c7c3c |
| SHA512 | 8c471291ee94b3fba4b132fbd832700eea718369bf1a229e3801c259ff67c7fc20d469bb82e128d41ab49b8cc7b005fa5e7af11e511daa55517d01028b610eea |
C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\test_importlib\import_\__init__.py
| MD5 | 573f3e9529bb06f937daa093920c0875 |
| SHA1 | e49852d0090cd26a41d4d2a0073fb40fc8e1f064 |
| SHA256 | 8962a375442bddd8d49865f3bf601c2c7a741fe947d8ec667358bb640cd0d19b |
| SHA512 | fbce919c98b2e65ff00163011f2754bb95c8b1ee0d5c82c666c8800533c78af58e932ffe95dafce526d9fa4345c7dfdd92483a526c7b40603e720bdefd475ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | 0dad4da4e0036ccd1112aa396743d7fe |
| SHA1 | 71dac163866c596e44f5610e35d9eb8d4c958988 |
| SHA256 | 8d4a595255b8321833bf4000d79bdefb1517eb36e02db320f33a0199d5ddd946 |
| SHA512 | 5613846c032d973781d228096f244f050fc99fa04922970b2c1fa1aac4c5b62a891cff0a865c5d456cb65ab418831e4e3a7190161bc1c42f92b9ae43467aff78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 8c345aea24341326e0eb55841915422c |
| SHA1 | 7fda23d21152bc1a21559abd887d30016103b47b |
| SHA256 | 8a0cc3b82b951b0819c438d90689d119efc683cb4a5ae310ddf57597b8d5548a |
| SHA512 | 1ecd074bd842f1f883e086f857c30f6a309f3afa7a25f4bfa05baf4453bc07e3d33e815cba642bd822d6e8440cac723e1298d3e4ae56f3a5ca0cba5e85692e41 |
C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\System\Process.txt
| MD5 | 7488c848a40a162d70a07851768d645d |
| SHA1 | 938d585103fe5e33f42686563b713c1bdeb58103 |
| SHA256 | 1d361ffd7af4bdc3877999eec1842e5dad0146638171b57b6aa2b84e770b54e6 |
| SHA512 | c8e38a29cee350b8c3bd02bd38efa4a8c0ed7d177cc9161cb400ba3c02364af10662680505033a01c2240998bbcb421019ce3b6a478328f07a10372311efae70 |
memory/4876-1996-0x0000000006440000-0x00000000064D2000-memory.dmp
memory/4876-1997-0x00000000069E0000-0x0000000006EDE000-memory.dmp
memory/4876-2006-0x0000000006550000-0x000000000655A000-memory.dmp
C:\Users\Admin\AppData\Local\9699b2808e6b167b717d8d17073267b0\msgid.dat
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
memory/4876-2012-0x0000000007320000-0x0000000007332000-memory.dmp
C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\cjkencodings\iso2022_jp-utf8.txt
| MD5 | cc34bcc252d8014250b2fbc0a7880ead |
| SHA1 | 89a79425e089c311137adcdcf0a11dfa9d8a4e58 |
| SHA256 | a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b |
| SHA512 | c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f |
C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\lazyimports\data\module_same_name_var_order1\bar.py
| MD5 | 8c80977e5e24d51b250997e9ae14a8b1 |
| SHA1 | a3beb5b7de1023cdad0f4f34cda6ae025a4cc855 |
| SHA256 | 38f1d816d667c230ba71b157eca7bdf543deff3f0e5b751e722c7530a016ef6e |
| SHA512 | 46dbfed0dfb07ede6119bc4eaf0f2579a0c2042de0cc2c8f394254f024144ce19c2a15af86f88689eb54b07f53aa4b4ac2f0745182cdb1a95dbfeca8db13836c |
C:\Users\Admin\AppData\Local\a1538dd99a439b91e0128c825d99ffd4\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\test_compiler\__main__.py
| MD5 | 252556d9ed28efc9e0af57e321c95ed5 |
| SHA1 | e5ab287817aebd0e09cbec20604ddfcc027e160d |
| SHA256 | 6bcb5e28f18a600d16d803f16bbf9b8d8bbdb792768e0741766e54b4c67f9036 |
| SHA512 | 4823e89f96f05e82c400fa064bab3a5ed8a6ab6ddb1e510fddb53382e1170513591e9e90bbbe036738b869dcb850e9c55ee6ed175ecda91c8a7092e711f7c992 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\concurrent\__init__.py
| MD5 | 8050103761d3d3985d56e36a4385803d |
| SHA1 | b8308251f83b242bd06776af11050e0e771f75c7 |
| SHA256 | 87ad5c8954dd56fbbca04517bf87477ff4dce575170c7dd1281d7ef1f4214ac8 |
| SHA512 | b9ecc8090e676bbb2c1cb1374d62c1663f4e07bedc638de1a8cd1638bc543db7f26e174e7d89a31afe8a46282dc8f574e8ce217fa884ddfb2cab2a48d0557d64 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\lib2to3\fixes\__init__.py
| MD5 | 97781d2954bbc2eebdc963de519fe2de |
| SHA1 | cf12053424c6424239b2be611606585142816d88 |
| SHA256 | 836cdb388117cf81e78d9fa2a141cca1b14b0179733322e710067749a1b16fe9 |
| SHA512 | 93effb114ab9b9b67b2082abc7023d290c50e82dad11da28965c387a4640935d24cb6d91462f0b5a0ba9184a1d21e13851b23d5a145b826e3a4e9d9f287cab61 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\cjkencodings\cp949-utf8.txt
| MD5 | 4ad57dc71cd0710481e757484c6d1197 |
| SHA1 | 44cffb5117f62e0697f27f9d2537de3108749df4 |
| SHA256 | 175e984c0c7bd073f037b0aaa6df4d8aadacb6f1b8898484a567b5e70f5a5837 |
| SHA512 | 4a2f934f6f907cd2b3c70e3614684460f253e29ce554a418cdc53555feb26252607283d4d5c27221cc8205d002febf4c73b49d5ac0c6b7376e5dade72e9fc9ee |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\cjkencodings\euc_jisx0213-utf8.txt
| MD5 | 856e0cebae566258f572e27aedcbf34d |
| SHA1 | 9c4e3bafcc4a0c146d4bf21dd126484bb454e789 |
| SHA256 | 21cb011018b58c87f2c824e08085d24f9379244bcde6fbb6b46da2f6431540c7 |
| SHA512 | 21e996c6470367d7a74e6cf96b0105ddd93fda0c20fa4053842c3504f582c83688caf04fb64f7fa0e28378d894d29a7b1a39b8bfa7869f710fcc804a6231b3b8 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\test_import\data\circular_imports\util.py
| MD5 | 753272e35afea3f410be588978b4cf02 |
| SHA1 | 1a669955a39872d7e1577a38008ae03db9d8ca69 |
| SHA256 | 60f11f6f1c53b1e906df7819fd26fee3ee1e169741435ef6dddf9ad6dee31e48 |
| SHA512 | 9ecb120e1f7d788b30393125e6dda03a64fe74edfd995bfc4198ffda2231e4f7e40877cc4fc51b0a974730072a278a0b188993dbd6b188038aa13112f3b82a64 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Lib\test\test_importlib\namespace_pkgs\not_a_namespace_pkg\foo\one.py
| MD5 | f67abaa2a49c2b6af381bebd2fcc98e9 |
| SHA1 | 9eb56f198857fce06955242bd68546a962c4fde2 |
| SHA256 | de46da9948a760db50b2abcc66b858f5b0bcc48f364f483f60721c75c13df51c |
| SHA512 | dc1d113e17da0f6f1f99412c43d606c9aede0d6e8bdaaa128bb0aaa77e11fbbbbb48eedad8d710a470e181b1eaacc2647cfc5656a25d9d258abcbaa29691528a |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Flash USDT @ZerodayExploitware\confing\.github\Python\ThirdParty\parallel-hashmap\css\colors.css
| MD5 | 471342f37682ec782494e4159a922190 |
| SHA1 | 286c46a3ebb6a1ebf3acef8e0977982e9fcdc405 |
| SHA256 | 75fe5c7acedf36d2a4d450f2c1b30782fefb72d1933385dc50dbc323135ea633 |
| SHA512 | 7faffff599c0777bf1e4c0e44fcc9c3afdc1609fe2f4ba8eb5c1389c6332beb007e815f495e10973545fef018e63827ca5931ad94b471291afda1082bba43d71 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Browsers\Google\History.txt
| MD5 | 9b0e7e8380d7376110735325a0025674 |
| SHA1 | a9992aabcc00280b96caeccc59360fd624400935 |
| SHA256 | cb5c6197e73cc1cff0e1d8ce1819193b6333cf6a88608e630c394ed7fcf4dabd |
| SHA512 | 7b8e607543de178cebf7dbb309e328a060782527fc6ff105acd2076083a8bbdada422ed26989b43b340d2d547b61519fe6a4484d879c29afec8ac45b580fd8e2 |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\Browsers\Google\Downloads.txt
| MD5 | 41af0f54be5506cd102e1a72284a9bbc |
| SHA1 | 59b0b61747b4f59d7885c97644bf25fece3c020e |
| SHA256 | 04974e239300e84aa8e57245b441a0ce1f89a4c338ce7f43f268d9b57a24055c |
| SHA512 | b3f67c4b6a65ceeb9f36cb07a7a6109c87b594b31ed26583c877219515251cea56def1a7ead601e7b63271adf15f3a6ba21b119d74900b6183a19846ae410fe4 |
C:\Users\Admin\AppData\Local\Temp\places.raw
| MD5 | e41d7898882dc34aa98dd2c57dc430a0 |
| SHA1 | 912faa47bdae0a6f06320e149f6aefc0b1a3d0c8 |
| SHA256 | c7f8534518e7b9512d12ad62a415de2c009adbebe41ef5cde7fa3e6c531a4b2e |
| SHA512 | da3fe364606d79bd2751e6aef8b8e8171ce36df5bc0d44bf1004990d66e2f69ab5669e61949d35bdc59b63996c373d0f1ae069df0772ba7e4f4b7096eb29757e |
C:\Users\Admin\AppData\Local\38becb32be0904bb5738d02113e14c4e\Admin@NDTNZVHN_en-US\System\Process.txt
| MD5 | 2fc451d313c0426d71ebf240f41f08c1 |
| SHA1 | 582c0da67b51f4b41070d0521db9715b07464f3a |
| SHA256 | bf9aedf70d59ba76198a7f9d68a43d5d12bb13853b0aac8c40b2e0b4546ed91d |
| SHA512 | 795434ef867218be216f98b2950fc61919347ff3f3065777f7d342c6d3bb19596770e91aaba422f32336ca8f914c0e7d77d4e8eba6c1ba85772a33ddddc89a30 |