Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/hxqpc0gpgm7bwbc/SolaraB.zip/file was found to be: Known bad.
Malicious Activity Summary
Umbral
Detect Umbral payload
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Detects videocard installed
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-04 14:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 14:37
Reported
2024-07-04 14:44
Platform
win10v2004-20240611-en
Max time kernel
329s
Max time network
327s
Command Line
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Umbral
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\Downloads\solara\SolaraB\Solara\solarabootstrapper.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\solara\SolaraB\Solara\solarabootstrapper.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645775250209471" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/hxqpc0gpgm7bwbc/SolaraB.zip/file
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d620ab58,0x7ff9d620ab68,0x7ff9d620ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1008,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4112 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4716 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5276 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5436 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6032 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1900,i,10967429269763175380,9129700827579332423,131072 /prefetch:2
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SolaraB.zip"
C:\Users\Admin\Downloads\solara\SolaraB\Solara\solarabootstrapper.exe
"C:\Users\Admin\Downloads\solara\SolaraB\Solara\solarabootstrapper.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\solara\SolaraB\Solara\solarabootstrapper.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" os get Caption
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\System32\Wbem\wmic.exe
"wmic" path win32_VideoController get name
C:\Windows\System32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\themes\Aero\AeroLite.msstyles?NormalColor?NormalSize
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:443 | static.mediafire.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 172.217.169.78:443 | translate.google.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 13.249.9.41:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 44.241.19.5:443 | api.amplitude.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 172.67.142.121:443 | g.ezodn.com | udp |
| GB | 216.58.204.74:443 | translate-pa.googleapis.com | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.211.254.3:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.72.120.129:443 | ad.crwdcntrl.net | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | udp |
| PL | 18.244.146.43:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.19.241.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 3.254.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.120.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.146.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| FR | 99.86.95.82:443 | cdn.prod.uidapi.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 107.151.11.18:443 | ghb.adtelligent.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| PL | 18.244.102.59:443 | hb.yellowblue.io | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| IE | 34.243.164.181:443 | hb.minutemedia-prebid.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| GB | 185.239.172.170:443 | ghb1.adtelligent.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 25391cf47fb4e73a4ba0783ebc5ac85d.safeframe.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.180.1:443 | 25391cf47fb4e73a4ba0783ebc5ac85d.safeframe.googlesyndication.com | tcp |
| US | 104.16.53.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download1326.mediafire.com | udp |
| US | 205.196.123.14:443 | download1326.mediafire.com | tcp |
| US | 205.196.123.14:443 | download1326.mediafire.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.95.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.102.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.164.243.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.11.151.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.172.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.123.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| ES | 52.84.66.91:443 | woreppercomming.com | tcp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | 91.66.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 172.217.0.67:443 | beacons2.gvt2.com | tcp |
| US | 172.217.0.67:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.0.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 142.250.200.3:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.213.251.133:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.142.163:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.251.213.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4048_ABBLNVDBHUFDEBWK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 64d7569e7e9cd59b61724e5ca8024d2b |
| SHA1 | 7e567c8f3a278f528fd7d85d462cce4e56bb8e79 |
| SHA256 | 8adde9c0e5b89d0b9041d73f1c9ef531e668cdc1d020e7625e45f7063569ab1c |
| SHA512 | b4425d6dea07aaa95039db3491ace66ff0e4e64232309b2c7dfe29200823454c3f91391db09b01b83edeb298dd3a9ff1dd0198c13230763553160e5a2607efb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53c66563430ba5e3a4dca73ad6a3eb91 |
| SHA1 | 6b814baa3d0369bb5aaa85ed5afaf17e82b7bae6 |
| SHA256 | d48feeb24201def4391bd36ed157a1e4a6fe069d488f0c4828a850bef19bba32 |
| SHA512 | db9a4c356e13f74f3b0db174eaa363faaacdba8128e6edb389b0e68dca034504cf1e5b067d4d9b325777c91cd3ac7e7229328db9b26a8182e7c3ad7b428546e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6d0b15ecde38413c681bf2bb64e1ed5 |
| SHA1 | b536fea555ee8b2b878c73506a68300b5c910869 |
| SHA256 | 26a0c847cd68a4cac93769c09865b8f3ca2d071d769c85301273ad1986a26028 |
| SHA512 | 88e27c7731463343108739ea73990f49ea926b09304b09ec96e1b002605789bac8c59fffdbc64adae55c089cc3e7f7f1079cce9582e55bf4b4b99dc8de0efea0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 40b2a987d26cc979cac45142e8acf320 |
| SHA1 | ad7156eef04cc9c458cc0424b55d9daa474233a7 |
| SHA256 | 13870b1a3a891d8aa63284972b6a7c6a3af9c09e6eb52ed1cb33891661137bec |
| SHA512 | 5ca28fecd1a229ec695a480448dffba637afe2b4326760377bee7c89ae48d30245c45dca682498d2cdf0e9dd76be36a962d900ac457a28da04a52933ff10c07d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3d033f7d43ef0456a680e732d740ca24 |
| SHA1 | 46bc9a3d4f28c9d3b66b1309097dab1b342bc347 |
| SHA256 | 2bb160ca1f873ffadbbc798e2bc5bfddf7d5c730e44d5174e40f3b419c30940e |
| SHA512 | 3446f7642063e76414f4b4d5d1554bad63326dc86d93eeea28b7f9376330fccf479e705798cb181e8ea0941d526b0092fd15feda6e7aa361491cd6195f24e80c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589100.TMP
| MD5 | 96330ab3514789261a0019c810358f2e |
| SHA1 | 8151f5e74cba0f8bf5116a4bd26b976c5debd4e1 |
| SHA256 | 3222785b22289ee8d17bab94f444a85a2e2d8712243981291910f1753d582d13 |
| SHA512 | 16a18f4dd443bf79b66a76e365cba4c88115038d274f6b0bf429992f414d7e05e4e7e0d82f342503baaab48048ed7b1bf7e33bf5ebb3c4bd7aee453313fa6582 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 33f8100ad7442f1ddff3b7feac3f5310 |
| SHA1 | af3ad4eec2d0be58718c37867f7489890794bf31 |
| SHA256 | e76f63558de7e1b01dbd551e17645cbae131ed6039267665da058a5f406a56c2 |
| SHA512 | fe57ba8a78a916408ba2e62436ba5411d0e32ef82b547be6d47f4ff950a4e56bb1c0a64ee93bf1912986034450f88714ae6d05829304ebe583febd01af1f4ce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d0dde625c87d5b806b04f751218f08e1 |
| SHA1 | d4ee33a9b343b881ebef2d9fcaef3a9a8f11974a |
| SHA256 | 63c828365f1b20c45531fcb5164b2af1cda68716a4019b0b795542b04baee472 |
| SHA512 | afb87c9513af37fb8cd59137489f1800701bee97ce56f68f0a10f9a1eb83c8fdfe8f03bf3df0f1d0c0599b99b753a268430265c014c10b41dee8391737515898 |
C:\Users\Admin\Downloads\SolaraB.zip
| MD5 | 7f42c91fafc04ad8d042ead2a320042b |
| SHA1 | dad159fcd6e671e09e3a21c3a6aea352e369237f |
| SHA256 | 4365a41e819356d28d98a69142130209876c8635111239f17f61808113eb61c9 |
| SHA512 | 2bf38c4ead27ab9f2f4a82df6c76df0ef2baa09cc444218abf7047c03acf3acb1d8ce40f4505af7903139a364637a86b2150bbbd60ff2bd45cad21ae33d47a38 |
C:\Users\Admin\Downloads\solara\SolaraB\Solara\solarabootstrapper.exe
| MD5 | ebf1358b8496d5c895f4b8f9298f7f96 |
| SHA1 | f0136d66bf877934376858064344c2038b998fd4 |
| SHA256 | bccba62c31f689715d01f4e80edbe2fe6a816edb571c4a409fccbe2d5b789b65 |
| SHA512 | ca82e5838c7e8b292f46e5b20684b7fbb861f449678fc6283bd5c587c0958c069800e94c9f65b239609434564a394f8ca168d83d40bc27c96ade6c18744beb6d |
memory/5496-252-0x00000255FD710000-0x00000255FD750000-memory.dmp
memory/4824-253-0x0000019E48960000-0x0000019E48982000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lxosxvqf.qdw.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2979eabc783eaca50de7be23dd4eafcf |
| SHA1 | d709ce5f3a06b7958a67e20870bfd95b83cad2ea |
| SHA256 | 006cca90e78fbb571532a83082ac6712721a34ea4b21f490058ffb3f521f4903 |
| SHA512 | 92bc433990572d9427d0c93eef9bd1cc23fa00ed60dd0c9c983d87d3421e02ce3f156c6f88fe916ef6782dbf185cbce083bc0094f8c527f302be6a37d1c53aba |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 4028457913f9d08b06137643fe3e01bc |
| SHA1 | a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14 |
| SHA256 | 289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58 |
| SHA512 | c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b |
memory/5496-280-0x00000255FF550000-0x00000255FF5C6000-memory.dmp
memory/5496-281-0x00000255FF450000-0x00000255FF4A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 9b9d94c5ec9bd55164b92335712542d9 |
| SHA1 | 688c037881c3746536549f1f8abcf18cc604aa9f |
| SHA256 | 6526264ecbc6e2762a4e80a2a64f483d4b8d536a4f38fe342252daa6a805f8d5 |
| SHA512 | 0e35996a7a456ae4e03223b7dd32b84cfa71e44163527d7ffec7c48798c164439fb511001b9df8047525fbb78703363b7f1ee260c8a0beaabb20c2ee9cca6622 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 40c69fd9a8a119fe7b8981b545ec5e3f |
| SHA1 | d0fc08dafab78e31b07d894947ea4bfe5e24589a |
| SHA256 | bf2a498a8bd5f7a702ac9065e10f6ee52636fe766e4840f22bff1c047e221033 |
| SHA512 | 77a659a5c89770d5f6011271c24adabe4d05e30e2ec487ebcacef4fe770308b59408766738417459a468968f5bd6d9ed663c203790d2ee6540fe999d3d7afd81 |
memory/5496-285-0x00000255FDDF0000-0x00000255FDE0E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 5d1e360af360294018bc3047d239689a |
| SHA1 | eb93f200e5de932b58ab285f29cd71257095c12c |
| SHA256 | 1135d207fd34f13f8ec298e1d8b032fd2aad695888ffaa0a5108b0f81d49a0ab |
| SHA512 | 3c980d8c85be7ae4b012e6e5c12c3bc90a4660ba5c28da00e95a1f3a9bb5d27ef9cf470c4dc47274759b1f633e88da011d826a57a610c8a170df71b020ca70d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5824a6037c081fda5d46de274b6e2799 |
| SHA1 | 526367a09300cbde430e8fb44e41cbe7a0937aac |
| SHA256 | 4d610d9cd32a20279c7133a726ff61820d6930e5aa18253ee1422f3a6f54953f |
| SHA512 | a109b150f730cda78d5bee106bd232f9dca7500dfb7899c6919de2bd542e345ca271aa11809a24ea0a27dca158067ab3a2d5688ac0a2325185143245f1665582 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d3235ed022a42ec4338123ab87144afa |
| SHA1 | 5058608bc0deb720a585a2304a8f7cf63a50a315 |
| SHA256 | 10663f5a1cb0afe5578f61ebaae2aafb363544e47b48521f9c23be9e6e431b27 |
| SHA512 | 236761b7c68feca8bd62cba90cff0b25fac5613837aaa5d29ae823ace8b06a2057553cf7e72b11ccc59b6c289e471ca1bbac1a880aef5e2868875371a17c1abf |
memory/5496-320-0x00000255FDDE0000-0x00000255FDDEA000-memory.dmp
memory/5496-321-0x00000255FF4A0000-0x00000255FF4B2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 45ad40f012b09e141955482368549640 |
| SHA1 | 3f9cd15875c1e397c3b2b5592805577ae88a96cb |
| SHA256 | ea3b59172f1a33677f9cb3843fb4d6093b806d3a7cf2f3c6d4692f5421f656ce |
| SHA512 | 3de08f8affca1c1450088f560776cf3d65146cadac43c06eb922c7b3cea436e519966cf38458303ffeb1a58c53f8952cffda6c34216fda7594e014b516e83b33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 529cc367747e8b9440cebdc45eac8bfd |
| SHA1 | e0079239221a397087d3be084abee6f30d105fe7 |
| SHA256 | 3ec91c6be9c0b6cb825407939c587127bfa799354fd7d74099194312e6dbb3b0 |
| SHA512 | 6c3510ba67be79bf154f42a8de9406d9ac7a127e839f5abc1a50c611888f3ef592f352c0638c45e15a9e865e24013ec0f3fef3fab0993e898da6df9b3a107b33 |
C:\Users\Admin\Desktop\CheckpointPing.mht
| MD5 | 72d6ba0a76114f137be144d68c357567 |
| SHA1 | d885e70971efb1141dfa1a1dbe11de5998b8edb8 |
| SHA256 | 74b366145bb9069d1bd65285a845398870ada5fcac4c8e9ddcdd10facc24c461 |
| SHA512 | 6223518a219ab706595ca09816c5fae2d524ea45f0331339e9762f204ebdfc0eaae7e4456e74650d1d19773c39c97b31a67293165af02799a78150f2a8e338ba |
C:\Users\Admin\Desktop\ConvertToUpdate.vsdx
| MD5 | 4f5376a7fa907281836ab0131bd8d64e |
| SHA1 | 9fb971af78bdd7dd601e155bf4a702329dddf02c |
| SHA256 | e965ba387583a2798b5f34fbeefd6bc2e09e8f14a0a86275a003ac37aa20f3d2 |
| SHA512 | 54c0ef10e365e47d6b5cc7ac417326de4d3cae3f826c43842f4f7cc2880921e020a44a7367a6e9e1e8ff671e46bf984e5c29182c259cc76ff3ed5337097e5277 |
C:\Users\Admin\Desktop\CompareCopy.edrwx
| MD5 | 86006583bc300672c9bd9d1734ad8b7a |
| SHA1 | 73de2d449d26a2af6ad053c49427c6cd23a54ea4 |
| SHA256 | 9952271238235bfe4e72dfedba1e5f3719a6191074bed388efb7dfb186238194 |
| SHA512 | ca37cbf6af58fa1b1e35519471e631485531255c61c54344e1c9d5b564753103b0b0b06e4b0b334290ab2f80a3957be00178390c37c9fc84fba54c2ac6b92fab |
C:\Users\Admin\Desktop\DisableMerge.rmi
| MD5 | 2c6d26acb4e630c30b8436df559a63b9 |
| SHA1 | 1b4ff510c7f369e2848329947bc8873e4e58e4db |
| SHA256 | e301602d8ae596ba7733c21d4537c2bfe895d0e2696781b144e23740f0120d5a |
| SHA512 | ef6754ca5ca7459dee0258485e34f13461bf080ca8fe7aa3bf642bdfdc0f733fedd25fe5486ac86ef2a86fa0c33300d074f32d8cfcedd88d73819b90c35ad161 |
C:\Users\Admin\Desktop\ExpandConvertTo.wmf
| MD5 | f9efb2461753ed1c636d0e76b67900aa |
| SHA1 | 3a37667a51526898bcd3ccf57f4dd291f6664084 |
| SHA256 | 64ebba78e44656adfae96c9c4914a84fe4993174fb20f50c9177f7997d341db3 |
| SHA512 | 7117df9d1b14d5208fd3a6e2fbc5fff26719e3ae5d71cdb01573acb8cdd48b80641b202008610e28d054a932e2d491aeac868f887406c84d3572d79af7b0f3f9 |
C:\Users\Admin\Desktop\EnableRestart.pdf
| MD5 | 093799ae6dbd69870f525f909a36ea9e |
| SHA1 | fcc6cf058445343f359ecb3d515d92390ec57d26 |
| SHA256 | b03f96cda376da4cc91d4e2edbef96d6b6fd6cdfca5820732a6a1cfeb8105822 |
| SHA512 | 859f5f938b8f53b9d2264ac91160e001ab919697339043478803dba9148195aa6ee1c844ff78f552b14457021e5c4b9c6d62d654399ceb83bb1a805557262e1f |
C:\Users\Admin\Desktop\ExpandFormat.pps
| MD5 | be9362a19267c00fd9301813deaae482 |
| SHA1 | 237e5098b510577abd7f54a9a0926fb165edbcaf |
| SHA256 | 19124cf01585b9c859fce5ebd530c1b1f6ac81d5b1218e7b97d625f97b9b5c17 |
| SHA512 | b2f4023b44af1a091c5951ad36e1db6c55952c2f8b40064a15bc2ad5f06e9d7f0507ce03f7fc91aa4736d305ac3ff657fdbe27759804d360efe49fdac2135b7c |
C:\Users\Admin\Desktop\JoinRepair.kix
| MD5 | 514c95312a2fd6bdb38358f8aeff480a |
| SHA1 | 51ebe1276266cdf8d350a8939edea95a0cc315e4 |
| SHA256 | 338272effcdebd5527ac4cb6ace93a4a5c5bb7307fa83e73ae937b43d1876904 |
| SHA512 | 505c69f7595737a5db5c817610e5c0091d41a5bbdd2dd160365209730ae4202749d7b457c6b246ae40e6cac74a0b8a9e7bb108e368524ea9c4db16fc9f1b2d59 |
C:\Users\Admin\Desktop\OptimizeRead.xlt
| MD5 | 0e665ce4f20c3b877e1c1b5d41035430 |
| SHA1 | 76f69cd2402a92267e36c1aa44e85416075e80e7 |
| SHA256 | 1904fd5761ed36c4ccae38b76baf8c73595a0af4698b3ffebb74d00b614df327 |
| SHA512 | 68c800269dd6baae5af51eeb0e71bd5857237a683eec2f10fae46ca41ca39dd70874bc3d6f9cac6af9bcbd5faa39925c4063070561b71f366e13857cfb8e25a1 |
C:\Users\Admin\Desktop\PingInstall.m1v
| MD5 | 0266e9ef7c0d0de4739e3462cde9f27a |
| SHA1 | d0db44820b5f99e9c2b3bc130449dc1e36f6be38 |
| SHA256 | cd2e3099d38fc3a162690d711afd56e609b44047e58a7f640ea8a21283181e9f |
| SHA512 | d30c8f4b58e0418f3f100857a12ba426003a44e4371c8b9c7c576fb458ac5c46ff7056b24a70b1c1c78ff7c5fb5aba446c26116a67192890676c2cc122f95d1d |
C:\Users\Admin\Desktop\PublishNew.rmi
| MD5 | 1bb9a49965cd136f135a097c4da96cae |
| SHA1 | 1ad9c43e51e969f3cfdcb7f69e3cb6d22c37d752 |
| SHA256 | 0b3f2742febcf16d61cc2331d3fe2f23ba2104c2e76ef72974d2e8d4d2ce51e9 |
| SHA512 | f032d1a71d0fd0291c982895e9ae00515c2ee87c43c13b8d7db844cd6f78417b2ce1fa02c47087a5a8fb3b795e403206a62bc29f0b721293f78964f295920ba5 |
C:\Users\Admin\Desktop\PushCheckpoint.mp3
| MD5 | 117487b149fb85a865d019408e09ce67 |
| SHA1 | e942d3ef1011acadcb710532ae616db4e68d3110 |
| SHA256 | fb37baf790bfb736726c9328ba8e97f2da5001d586bf4c271351332ab6bad22c |
| SHA512 | f6a817633efebee1dd33db1c27eae67f7296d03b0639acf662d60c435239f550a6015514a8317b5f953fc2fa97dfbd38e7e50d9da2e421f12bc8921e21ab5ebb |
C:\Users\Admin\Desktop\ReceiveSync.potx
| MD5 | 13ffbfcecf64a6951b7ccb5cf7580111 |
| SHA1 | 8ce6d4a853da70c7dca233d5f49da22a7139df59 |
| SHA256 | 96132d12eabb1e2f46becd6cc6b84283e4aea772336ec820c85067b9e99535d6 |
| SHA512 | 021c9e2fe4fd7c2448110f7cd39b1763530d25ab10711c45ce7c8c214c2f801e2af45dced9aa486dc3e434b4df29e09b602c17a6675c275095eb53cdedd79f70 |
C:\Users\Admin\Desktop\RedoShow.odp
| MD5 | 8a7137a72c111041a1664478bc529be0 |
| SHA1 | 42e838558da5344f7e6fcf287e750c5b6b35c872 |
| SHA256 | 6f7f68422eb5e4c4cfac5381d0d43eb3e39406aedbe3822c8f1b50dfef25f1a9 |
| SHA512 | afcd4d6c5e304e0008a65941ef86c53f09b89964adb36dbf36bd498c233b5687f80f4baa1c9c94606af802d125b96261f8a5bdd5d5f012fd1352bb2112d22411 |
C:\Users\Admin\Desktop\UnblockSend.3gp2
| MD5 | ed7746d1aed45fa2bf1f948e6a47844d |
| SHA1 | 19d59d2c029471c015e69de3ea233f6a16962982 |
| SHA256 | 48032a5de6568db449d4422f54615c29fa4e90c62734b8f3054e116a19eb072b |
| SHA512 | bcd075f15710534fa760198342fa30cecd33a5438b301b09724c0e622a3ddf7c9b66f8993c8f5f49fc01f90d593f84c5d12a2b46cb5246926d7fd1290fc2597d |
C:\Users\Admin\Desktop\UnblockStop.vdw
| MD5 | f948d5fb6e01f3de6b1fea71a3bfaf99 |
| SHA1 | 24027f4e85e1b372b242ba622ae60e4dab3afd4e |
| SHA256 | 2984aec7006317c2a23eb4cdfc0e065aad4fd25b377680dded9bc007e5d03066 |
| SHA512 | 31479fd068c52d05bfb0f4b6fdc22c3d6295624fdab2d7517ea15ab1900068207a078c99752d1f2033f8b38f0cf8e8f98bfb9337bef1baf19e2e925d4bb7d461 |
C:\Users\Admin\Desktop\SplitMerge.kix
| MD5 | 403a63401251075752e0241cb873ee89 |
| SHA1 | 3f4f77ef465de332bbbbd3e9b5ce46660af02547 |
| SHA256 | 83c28ea79dbfbf600d46356a58daf651ad7eb7f6f7ecb648b2a2d295565f4153 |
| SHA512 | 78f0845f56ab8480a8e05e4221a55e8d28dede1d2353bd3ec9500465ddc724ddb3402844c1e9d87db2ab9965b80ec22e4dc13a31cbd23340412b59ac03e68fea |
C:\Users\Admin\Desktop\SendBlock.mpeg
| MD5 | fb35d51ed1ccf7c675bff05b4e685749 |
| SHA1 | 3f9858a37527d7bada03fa3adfcc06ea7307450e |
| SHA256 | 2e95d9147f1fedf2c4cba999d2d5bf611110e2bd9abdeef11281a391b657a6bf |
| SHA512 | c44859b74e1edde51843472164d9c273fa9c54cced81f0c971bf0ac74e7e2e56a31afdb780679cd15b5e94e17964284f2793f683990d6b26fbdcaa264afcf2b0 |
C:\Users\Admin\Desktop\RevokeShow.raw
| MD5 | e69b6de88f921fb009b7e9a4053fccd1 |
| SHA1 | 44a91aef4efd4dc7d0eb2ee94780a286aad90642 |
| SHA256 | cf25bd91dbb7f44ebc163928d2c4c05a9e842497d8ace25ee04caba74f7092ea |
| SHA512 | 149945cc187875284834bd38563b72cdc86f2432f2433a53d33ace53391ccad44a697cb44e33e5003c3be84d8bec6eae359677a3884ddddf2a24e2b36984c47f |
C:\Users\Admin\Desktop\RevokeRestart.crw
| MD5 | 557a748073f1bffc3719bf7b247dd6b5 |
| SHA1 | c26994f53f0f8c6f1faeb5415798d1224def8256 |
| SHA256 | 392eb27f99346e18aff1975402506aef7e53a27b3437cca58d4057485a469a73 |
| SHA512 | 30558d101ac13ed4a6c3edc1480fcf2764f0ea54cba010c233fd1be8145ef030480233119f70e33c3fd89ff439658e1e84ca3cbeffca5634fb9ab7be0cfa7dee |
C:\Users\Admin\Desktop\ResumeStart.png
| MD5 | 3ef9b2d5d99b52c1f8647696db4ddff0 |
| SHA1 | 9373da329b492f47c3cd757c40a9308a283c528d |
| SHA256 | 61cdd7c67ea116d6dcd57e757763ace6059bba2d16b02fe2e92eda474bf1d746 |
| SHA512 | 3cbd93176b06d56eba2f520a9487c415b6b4a10f264fe5b0a37b1ca3500ef0bb8d51e7c2376a9813c8f9e063c7ff27d058f4157efef637bdb2e8e44071226580 |
C:\Users\Admin\Desktop\ResumeRedo.pub
| MD5 | 51d05b5231caab1531dd7299945612e5 |
| SHA1 | 16877fa56cba6725eb2cb8b9f8b580659f21e4a2 |
| SHA256 | 174151ba457f8ec7b3e1cf1f635354b2e6f531c832d64e1628ad9c45a635888c |
| SHA512 | ffbb754db3d8644d4adc7b3c782197f611e4eeb994e432503e045001b23a1add4674b9d6e679e878123f5600cb52d0b910a6e2bca24623c258281159319f26e7 |
C:\Users\Admin\Desktop\ResetUnpublish.dib
| MD5 | 477777dfba10735c11d4155659ef2fa4 |
| SHA1 | 5387bfe710cbd12f7fdbb62b1ad20597c5427304 |
| SHA256 | 4828a2939200dc4d76adc4e1ed6ce3243d0b72c6c04cc6e472023471bb48eb1a |
| SHA512 | 17c226a48ed63b9d99012f3673a8fa23e8027a882d261c0c2779ea99cf63d48fd9d6f7720056aa719d1332eb13b949095c4f2c38c0c40b3801a2fd719ba2e51d |