Analysis Overview
SHA256
662dd415e2796635702c49586fb99ae62a3c6f595976d6923ec8a4e7c23fa8fe
Threat Level: Known bad
The file dlllist.txt was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Power Settings
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Opens file in notepad (likely ransom note)
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 16:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 16:17
Reported
2024-07-05 16:23
Platform
win10-20240404-en
Max time kernel
354s
Max time network
317s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1292 set thread context of 4948 | N/A | C:\Users\Admin\Desktop\g\[email protected] | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 4788 set thread context of 2248 | N/A | C:\Users\Admin\Desktop\g\[email protected] | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646698899523987" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dlllist.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe5449758,0x7ffbe5449768,0x7ffbe5449778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff731127688,0x7ff731127698,0x7ff7311276a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4768 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5052 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3172 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5608 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5856 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1612 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1544 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4876 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3508 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3136 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4492 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3040 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5976 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6388 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6408 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6324 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6676 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6644 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5128 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6628 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6648 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6932 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7216 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4496 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6416 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\[email protected]"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\g\[email protected]
"C:\Users\Admin\Desktop\g\[email protected]"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1868,i,5596093981160366661,15847550392877182182,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\WKMCWL35YMPOXKAXYZLGE.exe
"C:\Users\Admin\AppData\Local\Temp\WKMCWL35YMPOXKAXYZLGE.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p1404753551733818025492326517 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjAFQAMgAzAE4AIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB2ADEAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMASwBKAFUARQBsAHYAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMARwBkAEoAQwBzAEwAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjAFQAMgAzAE4AIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB2ADEAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMASwBKAFUARQBsAHYAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMARwBkAEoAQwBzAEwAIwA+AA=="
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk7131" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk7131" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\g\[email protected]
"C:\Users\Admin\Desktop\g\[email protected]"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\AppData\Local\Temp\1E9DEX69RVRPXJ3IQGO8WAQQQY.exe
"C:\Users\Admin\AppData\Local\Temp\1E9DEX69RVRPXJ3IQGO8WAQQQY.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\g\open me - 1212.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p1404753551733818025492326517 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.102:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | rr2---sn-aigzrnz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 74.125.175.199:443 | rr2---sn-aigzrnz7.googlevideo.com | tcp |
| GB | 74.125.175.199:443 | rr2---sn-aigzrnz7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.201.110:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 74.125.175.199:443 | rr2---sn-aigzrnz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-ntqe6nee.googlevideo.com | udp |
| AU | 74.125.109.103:443 | rr2---sn-ntqe6nee.googlevideo.com | udp |
| US | 8.8.8.8:53 | 103.109.125.74.in-addr.arpa | udp |
| GB | 216.58.201.102:443 | static.doubleclick.net | udp |
| AU | 74.125.109.103:443 | rr2---sn-ntqe6nee.googlevideo.com | tcp |
| AU | 74.125.109.103:443 | rr2---sn-ntqe6nee.googlevideo.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 104.18.111.161:443 | tinyurl.com | tcp |
| US | 104.18.111.161:443 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.111.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 18.154.84.20:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| GB | 172.217.169.78:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.43.101.88:443 | api.amplitude.com | tcp |
| IT | 157.240.203.2:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IT | 157.240.203.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.101.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 35.203.240.157.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| GB | 172.217.169.78:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 104.21.87.79:443 | g.ezodn.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 172.67.142.121:443 | g.ezodn.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 52.50.240.62:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.16.78.59:443 | bcp.crwdcntrl.net | tcp |
| US | 172.67.142.121:443 | g.ezodn.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2284.mediafire.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 199.91.155.25:443 | download2284.mediafire.com | tcp |
| US | 199.91.155.25:443 | download2284.mediafire.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.240.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.78.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.64:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.198.247.158:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 64.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.247.198.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | 46ad3a7f2af575d679ca8899bf6c5fc0.safeframe.googlesyndication.com | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| GB | 142.250.180.1:443 | 46ad3a7f2af575d679ca8899bf6c5fc0.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 23.227.151.242:443 | ghb.adtelligent.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| GB | 108.138.217.61:443 | hb.yellowblue.io | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.255.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.202.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.151.227.23.in-addr.arpa | udp |
| US | 23.227.151.242:443 | ghb1.adtelligent.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.187.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.187.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 172.217.169.66:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | tcp |
| IN | 216.58.200.131:443 | beacons2.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| IN | 216.58.200.131:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| IN | 216.58.200.131:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 131.200.58.216.in-addr.arpa | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | google.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | completedhallweow.xyz | udp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | 198.93.21.104.in-addr.arpa | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 81.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | completedhallweow.xyz | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
Files
\??\pipe\crashpad_1280_XVIRHBDGCIWLENJO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 207c74d00dde97f745578ef202e56038 |
| SHA1 | ccfd142508ddd43e34c4aef90058b5ed17c08367 |
| SHA256 | ee06a4a66c6c34beab3f0d00bc142fd67b8baf24f52a566ecc9e1d582b6529ff |
| SHA512 | fa8d773a50cee6d5a71e9cd4f52a8eeb8e7db8ae45469e784c356671f90b5f8db481b0235e4dd7cf8a2a431bf56ecd045125520dca7867f1c19066679fc48937 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1fe2f348272826fe12d8a02c8aef7451 |
| SHA1 | 32e2a8c76f7db4e584d82fce8a5d7af9ff01e2b7 |
| SHA256 | 3921780819fb0ac60849a151277bd64fc07d6a8cd7e4619f8e704f9970f49d79 |
| SHA512 | fd9672b9b95ffc361cf7b7ace84f05c37743b915116b958603628aeff6a94b0e491424538b7a16662bfbbeedb0e4c7ddac81122881fd87058c9ba48f17849fe8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 25aa067febb5d4cb94915cfd0c5333ba |
| SHA1 | edf0c1c179517230e3d992299e7039ef38b5c368 |
| SHA256 | 9ab35eca2f8f25b2ad3fc8c2cdf24afbe2239fc10667e13ee65473003d413407 |
| SHA512 | 1c50e3ef5d10260c851cd6b2c5bb8d43bcd70f9175a757d29732aaf38b007eef5ab2da70e7382f0ffd2076389bce5c4517a972d208d0c71bb0e691b8edae10d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 574172b84628d7abaae86f14b7bfc0d2 |
| SHA1 | ae621ba2b903e8d2e6104c64473fda79b448eedf |
| SHA256 | 87024c0d249ff15f1dd7a4950c10906848aae26a1952b06a1c8832fe21de6284 |
| SHA512 | 513a726f1a9b8a84e4e49eb83faafc4280cb7f52e70c8eaa80f1bdd80cc1f319c7557dda5bd83b488d3c0cb3447fef3fea41f1f7f936c339688392c86cb0c57b |
C:\Users\Admin\Downloads\Unconfirmed 470433.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dd8de94c8954f35170cad0fcd26060af |
| SHA1 | 150d3b94d486e7475f5e7220d078bc427846be87 |
| SHA256 | 089e9830d879b827896c5e1fb8ba02e41f57ff67995ebd5a1c03a71a4d09e702 |
| SHA512 | d324a9e8d24e23ed10491dd38186dc3139b1ab96068d7cbeb20a725edd27543cb4fc46fa41e98b298cb845ea6d49277dcfd4ffbd564d1193b6ae5b76c5e8080e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07464c93c47208fcf12224f669783f8f |
| SHA1 | c14238105f5b5537d4669fc4a56653f6d26bdfbb |
| SHA256 | aeba54fc449f579e2466043824e02eb46d661c68db7f90a88e4ddbdaaf65efa1 |
| SHA512 | d473e50ee4186732f0e144fb1ef845d058bdc18786a16e441bd6404f9aec51ea58c13b05025c6480bc3bab7c567ae249b991469b616de6a9512fddc356ead9c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 06a9d531b9dc3066b4d830b79b56e801 |
| SHA1 | fd92dff4f8f86d5ef891f7cec52347d13333188e |
| SHA256 | 1ef9e6e1218968285ab9f517403fd91c826b6343fce1cb9b191be0fe65f8d345 |
| SHA512 | fd2c6f8cc7582f55fe6052d9b1b94822353fb6187695f207227b220d0023a55e8b598915be8b8cae5be080296e8ecf7c0467612cbaa67d66068e3d6d9eb242ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5805d7.TMP
| MD5 | 8ca61a9015bd36106b22052e0025814e |
| SHA1 | 45342a0fcd5049e74ca2fb63715aa1ab1d5bc8db |
| SHA256 | 51ce88c288b9211db1843bdba039edc9578b978aedfb7812c924c6987972567c |
| SHA512 | 7f1733459807e11ea45c37804ea5c10e9d4d85eb25fb84a9310b83c8101bf7d38b6fa3f3fcea2dcffd03252d28164b7e78671e5a7e5e9b688c53825caf9988f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eaaa6e1887f97002f4ce915943fb60d5 |
| SHA1 | 91c331a4d6377ae274112204ebc55aca254cdadb |
| SHA256 | 42da38e1f61859bd504e72b7e580d5a9be7c32cb4581ddefe722fc010ac69817 |
| SHA512 | 2c3d522cf72144658c7fcd7b3fe00b758d32a76a853db6ec03904fdcdc720ee252ceb4cb375e3fab70bd9a9f83b16b5d37716ec7ff0b20337ce7356c906c116c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 62237aa252521ea2ea2a9334ee8a0586 |
| SHA1 | 8c91e2fb178385d40fb64d2d495f69eaaa0aa76c |
| SHA256 | db65cbe4f3a550efffa15e7c6c34871a5f948ff4aa971f0ac9d60ea9ce19a842 |
| SHA512 | 1a7b165309f7ef80d3aa100483a8167aa083b04566afa877724026a7b53875fefef8fdf608f1cf2793da41b891d6987d80ae1ec0b02872929eae473e96984338 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58240d.TMP
| MD5 | ed6a50e7604c2a56dd0d4ba050a91e0e |
| SHA1 | 3681deb47108dad6528a5e38b59776cb2aae2d19 |
| SHA256 | 5c7e656ffd200454548212de7feb728acbb600f978b893495920dc47845fecbe |
| SHA512 | 7f87b98b2865a7b62d9c1c3e12903915e1406889e96d0e7f28076a0b8788874ddc05fe6e5be4ff5993dea92c00d5cc9109e5a91ee61628231504ed18f99b9348 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dc035ef8e84f1527449f76c1f975d548 |
| SHA1 | 8af3b5445c4581858961623025da886802bbfacf |
| SHA256 | fc94447c6550d0967ca18556bd68d1ac03a033316ae7aec5a7d91785dcb380e2 |
| SHA512 | a8d45c0c9192405c1d3e61ffd70a655278ea1445ecc0963585e922070262eee820a4425ec76c5e1e40726e26c1d9559558ff873a0ef5ed4dcca5d81106c0732d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 78f5afc18020bd32d2b544e0b4e3d19d |
| SHA1 | 9638545b698d6974dee1e39cb0471b3bbeb03230 |
| SHA256 | d606e6381012e9e8b0bba728afec23a01b90cdc2453246f0fed3a68a680fa385 |
| SHA512 | 0349da1a2bb739a41205daaf3b9f6949971ec8de03b931bdc9c7f5b12bd96feda5a48c3e99ab728397f0af8332278302fbd9aec39ed6811d0eecad7e805476fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fc61bb0dfc0b4b71b39a7e82f1f44b0d |
| SHA1 | 3d550835be50b3e94d4ba7f8cda5ce4c9ffca4a2 |
| SHA256 | d432e591248c83376f603e6addf4661450e62cefa284167211c99ddfb380eb38 |
| SHA512 | b15751c13515be4bf437b7661578ba322ad9308ebaf50c9401616967593f486156184e72926929865884e4d52c3333fd7c4b07d0cbc909242db17a84547b11d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2f7bea0210b79683ff825102aa1a97ad |
| SHA1 | 259a3b84f987e5db20dea0314cd637200da4e534 |
| SHA256 | 23bb41168ecc54ebc7871a3fd6b97fdfa31e31d3ee47d6c802e8f9aa57cc8908 |
| SHA512 | 6db023fb6f2b2463ebe494960de35d5904162ea8a36328498b214c5f127039bd0d092e8a1afd67239149fce7167476af4b61508217d57823d78bc1f1ba18fead |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | 127b7a9f7009939d0ae5dd1a48386985 |
| SHA1 | f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac |
| SHA256 | 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962 |
| SHA512 | b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3f2e3dbd38a6f035189598baab701970 |
| SHA1 | cbb71860c91b318743b3d255e838103baa150d6a |
| SHA256 | 23c61e706ea93104db3a7ab0b94ded2ea994dc778461d3e0115a5ec510386511 |
| SHA512 | b8da4cf7320a22216c6806d036184a226dd2057c433948c32b57c799dd1596ed4b1396c857a93344c01b3dd94e61aa512e4264f52cb6a20fabfb64a9cc9b7a91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1280_673865800\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b51d82f-d516-4265-93b4-7430852008d3\index-dir\the-real-index
| MD5 | 837f8823f23717edd2b514d2deceb8e3 |
| SHA1 | 7561d0418acb960da6dbf536ee074c24b3abc4de |
| SHA256 | 57443cba0e3c14310f4106114037dad4217019f507e82e6e870b6a566856f7b5 |
| SHA512 | 368bc23ba3d197f0ee3feb0596df74fec35ae21ae42ef51c72e1d46a0fe94c568356ad31ee9570c7c756a7584f58162951aa7f9adcc94fd47d3636743c031d8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b51d82f-d516-4265-93b4-7430852008d3\index-dir\the-real-index~RFe583989.TMP
| MD5 | 5a31cf8f895179e7a20487c9951bbc9e |
| SHA1 | 3842e2b71c7069226f9766061c2febef9f3d6923 |
| SHA256 | 6e58ba4afbf7d937d6de7eafd4584af73bd19ad8ac3e703286af7db10c449739 |
| SHA512 | 7ea7fb1bb977d0f3619d3caed3fd0d6a3ca1d8b6d81d9a49abcf5e4f68fa78baa0b71afddccf3e891945eb6b3f4f7ed13bc0f597cb72b9e50d8feebf8cf1819f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | cd3756106418d9e83a2baff9904ba221 |
| SHA1 | 4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a |
| SHA256 | 57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee |
| SHA512 | 5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b51d82f-d516-4265-93b4-7430852008d3\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 70656fe3ca9bea5007b0fc4420b378a7 |
| SHA1 | aa82c73bc24ad40f8ae2b61fc2ab8154fe81545a |
| SHA256 | aef583112d67dfe5878b8e483c9d89a1004753d9cd112b2e3d0a68ed013dc2cb |
| SHA512 | c6e5a6dd9fd07f7abfdb5a6a629e55110ddf1c9265ad88a314175ce95f54bf6b32a93a0c837df7e652d55a2259685ec1660109fba1f83778e914e10e50320fbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 46483c9771749c97e4112d56f5fb0df8 |
| SHA1 | a9ed6207ceca540a3722c09f87ea60ca5d5f1d62 |
| SHA256 | 36f74ab4ff65d80a809e524d34b5ba537bdf27255ceb545fb65159491eb69055 |
| SHA512 | e28927ee92c73a33b75820b7fff785199bbf4e7ab774e04fd54ccc01a18b0b60baa6f81317285efa31998167c19d6abfedfb15524b9a08767d6536edf7e169ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 50c2f04671e49212197f8cb99bf697a7 |
| SHA1 | 760b409ad6a8beba6548278b853f5204251622cf |
| SHA256 | 8dfeeb51b82d98f37d8f3c12087873ec9b34e4aba1a81dbd2b50682ee603cfe0 |
| SHA512 | f9deaf62b88b815da929ee1e832f80c17d5ddb8deb1565574e1a4d4b05552b45294dc049f7256584a8c18bcb8677b6d2f408b27b5bec109f4ddfd3aaf5384e4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83e6cce817ae985ec4eb541df8be517e |
| SHA1 | 6ba63184bf67ed3f0f95c679d41d21bb5bf89a81 |
| SHA256 | b1fc27562d8e3aeb5acd4194cd23b753162600a971abf484ad9f71a013e91cfc |
| SHA512 | c0a668554481542a65ee7f0665bec607d7b95360f0cf8c54cf4106064f1e6eeeae7d2a95c09e08d001f98e001d2ae15cdb8410b0c706f9892698b3df306c0bee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1f1f2e3c86bc1d94f31991f516ef5f4a |
| SHA1 | 8a8cf94cbbf31543c90000b6507ef189abe2e749 |
| SHA256 | 97940d922f80246b8a87f5bc227225e483004c8aae13ae43c74474d11266b8b2 |
| SHA512 | 3aff271be93efc79a068259860b57bca7dd3c8c4237e6d4fc75d8523572a1589e535c74307b443d14f2979df017784ee1013b693f2acd8306cee053bfc58d640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | e09df5a23acd241007ec35851474a7f9 |
| SHA1 | 9802085247211e3c82c5e6fefc003e7c1f21227d |
| SHA256 | 846921a45a6d2203548059f9b22a5a5513105e43098da955bf402e681020bf56 |
| SHA512 | 765b7cfa03aa7d750a18ad63c072c069329f4a7f7a594051c01700934497533ad07dc503c8b3892d5ac97f14b8b85a6f4868c7e5a1a4d2e40a7ae4f7514d1009 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | c0637a08f2ba40c56260782d2bb3ace4 |
| SHA1 | a2bf4298414a764ff1342b3f48f45b4dc1669a96 |
| SHA256 | d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e |
| SHA512 | 736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | af5bf693b92c0d2c8441b3a6640c4ad8 |
| SHA1 | 12ed4ac73239e542ab8d7fa191dddc779808e202 |
| SHA256 | b9f2c3f2ec75955d96309f759eaf9fb6bf576c238377491dbb92de1768a26012 |
| SHA512 | c2ef099832fc5e8f1e67acbd550b0590c0fb5c291761280a2e74e6a97763906b9c0c1a2295f285462ba3a0ed7cd5658f296e5f0f9c5d11a97ba210f352f8a438 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28b166c53235ba31953f772e3fdfa11e |
| SHA1 | 32f29f6e6d44f427b6eb4c0ec7ec57718f888ccb |
| SHA256 | 41c669c4367e5f76d37185c45d8c0756f201bc4ee73a578c1e48aba2f6ca828b |
| SHA512 | 4650de471c7068e4be68d160aaced6f28ac5a54911dfff3ab481448247c2c4e1d6dca896195dd48bad8410af61e055f0a346e3971ec21ca6335e3484e66a70dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | daeeb8db0d7d67665e7c30c812fb44d5 |
| SHA1 | 733ca5cc606a6bac044a3cd8e823cbfce5db8a8a |
| SHA256 | cdf11394ff3180eced054ea01d7d72803e49c180b538fa7257004c64160fa27c |
| SHA512 | 668c6cf82ee8cdff2aa6d421ef3d1fb74400300a7171a44c7ac13d457a33603ebdc99b1e65bdce36d595769804c59b15b0a595beb7818b07db0a7e1c3d1ad51a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d97820c894338b62ece249d1b3a3e33f |
| SHA1 | 07b94dce3986a8caf58aea2a98e8bab117415db3 |
| SHA256 | f753c10e3cee2e68a87f08e4bb87d4f5531f52825d00a7abeabe5a4e9cc5b917 |
| SHA512 | 77812a6c52853f8a52dedeb01b36a08e7dd7ff0092598b6d38680fbd5a06ab60d4d43ac9c2663538570091613371fdb9e19c97bbd6973afb9d12e15b64e33309 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 675cb66bf44402292c9f513e881cfb31 |
| SHA1 | d386b8b985974dbcc333a5b4c4d6b249a7ba649a |
| SHA256 | d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025 |
| SHA512 | 9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 510e606763439b944bb60372cda2f2f3 |
| SHA1 | d54246ea737e70d1a62cbc035e9447fe575c6e48 |
| SHA256 | ac8efa245597596a101fe5d0c27a6dedcce80e22360105f9c79f7d937842c6bd |
| SHA512 | 4cab693d46b9aa0440fea2104b2729167e80c2a968ac1856cc68a49cc6796b9636e40b633dd05035e71bd0d1e7f4282bb5e0c759a5dde58ee061e264a3d88407 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 919c013bc435691e83bd74dc4011f259 |
| SHA1 | 0e6b1bbf074f55ada01a0879aeeb92d488a11459 |
| SHA256 | af25acb6dd48273df1f6a543fa7d746c3d8e1eb19935434d14c0748f36c79914 |
| SHA512 | b80b79082c8fcdc18eab00bed608edcf4dad6ab748751e7a132c537e72c837bdd2271feb83da8a5cbd9fc3eca5a615e1bac9a3f2fac4c14325183a1bb8838767 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589035.TMP
| MD5 | 87e22e600705132f865da8b8084ee2f3 |
| SHA1 | bdd447b05ccf25d87695fd27fe0736240462bb76 |
| SHA256 | e98f8381b449ad70c317354ab6fcb6787f4746923effa1eca96182a580ce8927 |
| SHA512 | 9614b0a0864a8c54a763219c5adae6039a14e696af179574de15b06fa86b4cddca76be24c58d5659ad6a9e60f9c3f890eeb3c23f022becfe08eac4e8b0b4e620 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 1a007201f7057d45e77da4d58646fd33 |
| SHA1 | 2cef93fdaa7031376761dc859b762c919f9a683c |
| SHA256 | e61f7e6434e21723b819958b9b2667452caf872042fc75aaccaaca0b83e5479e |
| SHA512 | 8c6a78ebadae8c9f666718d3fa93070723c66e6c6b3476e598a277b5f3ae2381400504d96f962f18bdd1dc960f89829d087d8a66cdfe477391ccfcee6ae6a85b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1aa9b3ff242ced4708800ebfbd76911d |
| SHA1 | 6ec004005c84ce4fa9471e6b87a3540f98641e1b |
| SHA256 | c44091abedf635819aea3b08ef06ee823bf34ba7a1ec105254243dfa1ed7d34f |
| SHA512 | 364ccb63d7b59f2dee30a5f457bdf0ef276b2b62f1dcb4ac05d190d8744a4b09442cf813aeaee82f63cfa05c672e6d9c5ba5034808ad0d5bdd80d57a930ed783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 119b1cff70ad33591bf424a3dc2e4e44 |
| SHA1 | cde562dbc56922a40ad09e4b7c68e4a59da638b5 |
| SHA256 | 64eeaa110fd4d5b5f37da344ac7b6a2d5c55c4cdeb2fd2ef7c498fbc4f38381c |
| SHA512 | a643277ddeb0bc0160f8582c0e940ac92a925d8afb792ca898a9de5d0024c62d41cb73dc45287f3bfc7b8080e5b2344771bd97989618608899c929731266c2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05136a26-9310-482f-b6aa-d581a257b03b\index-dir\the-real-index~RFe589bed.TMP
| MD5 | e0f22f78275801e1d8992b8aae6878f3 |
| SHA1 | 04c5e81fc09f41df0e87fd2544eed8049be2a005 |
| SHA256 | 1b2b0e612518d1aa58693a07b998ab28982a5e9ae9eb15e9e39f2dabd5c23263 |
| SHA512 | 708b6d70804d6e1905a7239318cc11915c456743830433d5736a799a3baa2e8ad12e3093afb19fd43f47de6ed3f4d232a93932f6a1e18e07db024765663c55e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05136a26-9310-482f-b6aa-d581a257b03b\index-dir\the-real-index
| MD5 | bf3c132f763e844b6e2dce8762eaad43 |
| SHA1 | fbac683411ea33ca77d580175a3494ea9f44dd99 |
| SHA256 | bc05ef6ba25c777cb44041385bc10ab549f533dc4bd6f5d9819b31d2393c3827 |
| SHA512 | 22be5454af1fd016c5e270b5b0dadac62da850f7e06887b7e74b5ce17b17a0aabdaa4abc2738eafd0837707604318234b0456289bcdd974265bcf3dc40bb0088 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e7b5df4109426689cddd4b6bf3468746 |
| SHA1 | 06cdb29a6ea6c1a5cc72c5576b75a972aa845553 |
| SHA256 | fd4d56786700a545c31430185a4bf5f56382f62f53d08f2c757d66a2bcfce070 |
| SHA512 | 7fa50a9cede851e66400dbad53bc20d04cf3c77591a322ce93acfaf2ea09f2bb917deefbbf55767af4ed308043e03690b754d29dabb2da8e23037bc3a9a74aeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 14a0786ae496e490e557c521c9e41798 |
| SHA1 | 89a2d216e5a29105342928228d2f377c9cb88a0d |
| SHA256 | 96d0e16733f0617e9a59f320614bdec37d75b02138e0819f292a0df158f40bde |
| SHA512 | 186e0e86d8129184764654d7ada993100c95abd2497ef25e2d17c59c2b897cab17143196fa60c7ab8559d4ea1292bedd81bc960b2fc8603564f110838eb5231c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 2a0541e3cd0884d22ef62ada2444edaf |
| SHA1 | 9eb53b176b8ffd4b462b4060f56c2c394b47fae2 |
| SHA256 | bc0c84720df8f75a831ae3a395e0cb58267fe81ceb09ba56589f4f85b5dec160 |
| SHA512 | 84de6886d633d35d57534d4dc331b3533bdc5f861f1b8d57c9e4596115ea1d61dd6e6dbb6e6e17912fd19123724d4bb58d9add2dd0c2117fc0d8ad7a2f6259f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14fa9e25-a557-4f72-a35e-4aa3387c1a06\index-dir\the-real-index~RFe58dd8a.TMP
| MD5 | ad89ac5decf3ab8a1424525622bd959b |
| SHA1 | 595fb97950c5fb7e0c072ed1e5250dcf727531b9 |
| SHA256 | e66e344b50266e5ad321145aacb9f412dbc7aa76db60aa4c5457edb01c7603e7 |
| SHA512 | 1779420ce2d8319dc647f7f0f7087f8cdc0fec7ced354ccc7b01b5d3f1787abeaa8118a8a805166076050ce90bf76769680cae520a59ab5a611f6c01c777a501 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14fa9e25-a557-4f72-a35e-4aa3387c1a06\index-dir\the-real-index
| MD5 | 33cf4bda37e462b62eb2aae3baea0fbd |
| SHA1 | 3e8bca5b0499bf599c6217ca933deefd8d71584f |
| SHA256 | 6f3a56e45e2a9e8363f050afdcf7fb3414ba9603b67321e797c91eccfbfeea74 |
| SHA512 | 62995ff338d069694918829046515de98640a1e76bdf1e8cc856cd00e0602d625ac77c2f466a5ff8bcaeac5f264944f2151e1a817039c90c38fd23534700d586 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 60a72069c6b23d96aa934b7041dab181 |
| SHA1 | ae988d09a66c823be444eee74237ac3ee4f9e649 |
| SHA256 | cadf497b0d37b734219efd377ed3a5f519b175571cde49471bd94e943f184e8d |
| SHA512 | 66464a192a06560200d0c4a4fa8d86e96dc8e15d638fa981ed1abd16eb1fe136d3b3102d8f5b5449a667108febf258107742b6ea2148853d2e30f2a9ddbbd680 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a7356dfb822ffb462e9decda0ce76d1 |
| SHA1 | 08314d8ee25014c8b5060cd30350429c16ca3f9a |
| SHA256 | 1b49127c86f9d120708c6697d41909bb508e9c11cef57d277450540641d8892f |
| SHA512 | ef27a760cce24f4e4bfe88cd99aded9dded7c4c06a43c4416f2fe515fc25145814695f5f1fc1252315ed37ff4178648c9172afe97ecaa3cd0856fd6958a25472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8e3c132f6d74a640cb076f2064b5823d |
| SHA1 | 4de57cc5a983738803409ea00497af4b75631a39 |
| SHA256 | c91f18847242ec94fba124a24af56fccf2366d7d71ef1b2101836a45586f62a5 |
| SHA512 | 2b63d8a47fad5627fe4493d2ad13210f9f495a106ade10f1a0404c91c3be3789ada275fbfc95d835b5f57ba4c33057aa8b942676cd6c47282812823e8bb0e60e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b3bcacd0e670c98dcde8d4b52ad8bf7b |
| SHA1 | a7037e03e03df2c7e8e91028edbf15b6526efb8b |
| SHA256 | dd058e8318c3bab46a9e760dcf4a891488df72f5bde211fb7ad797c63719b6cb |
| SHA512 | 6f58a5199d676b298d3045ff6f4f7f98ac86a027630f6e2f9afab1783fdf0ddf03e91b1d05358cb1bcd793badabc192d5c643323282f4221a7008ea4798d655f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 268c0d198d8aa69f5e627899fe77c0cb |
| SHA1 | eead79e582dfeb5b02c9f0a758c19f65c008ce98 |
| SHA256 | 1b9c852806f69bca8c1d9bff59cb0dc7bbb93e1b3358c0ecec23a41a01035f4f |
| SHA512 | 237053223b5e6b1034891398fafb6a45e8fe3e41cd3048ec77d9c8c4b29af96aad7afa35ee6b185dde76306b315e878d6d9f028b73bf3c86cc8392983e81754e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8a6d569957844d49c7cc9547e582bb58 |
| SHA1 | 8126f872767475d462b5a2147fe03a5cb3d84f0f |
| SHA256 | 1abc21fed2248621806b519ef69a96823b946dbf7e953c7e600ff57ba5808baf |
| SHA512 | a7d5262ed9e2e4dc5f15450617f88491ff04ba8471342672aee02a137f163673be48f1cdee1d2e5a49a9de6f8143082e1b90fd6a1651b364ae8e56aa360c550d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d05099f7af424a64757cc1d08de70766 |
| SHA1 | eb91685de3553f49773a39ebe944045e429d83f6 |
| SHA256 | 15c70893bbf6b342d15a1847d7954dee27b6e60e65556352849c8e4f48e06202 |
| SHA512 | 12aabe6908ae50564a5588d797552f96fc5f28c018fc91bdabde6202ae259b50d99cc2de1b6a7b5fb6a8a94255b574b89865ce80d64a4cc35c70d1c6cc1b62f7 |
\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2768a5426f55c020eec2466c723fe0c2 |
| SHA1 | 7a2634340833047092b95f3d2bde8b4146a98afb |
| SHA256 | bca62e0abcfc03483608d383555879b1195cf442643197972827eba6fc450dc4 |
| SHA512 | 7f10b7401c937807d21ebcfcc100757457b6f1731d7b652873b2a26ee3dbac8621bfd16d14bc2e5768e5f75c56826ae61b22c6aa0e98bbef00bdb755733c1369 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 79e8ca28aef2f3b1f1484430702b24e1 |
| SHA1 | 76087153a547ce3f03f5b9de217c9b4b11d12f22 |
| SHA256 | 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7 |
| SHA512 | b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438 |
C:\Program Files\7-Zip\7z.dll
| MD5 | 0009bd5e13766d11a23289734b383cbe |
| SHA1 | 913784502be52ce33078d75b97a1c1396414cf44 |
| SHA256 | 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129 |
| SHA512 | d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b |
memory/1292-1842-0x00007FF6D8E30000-0x00007FF6D995D000-memory.dmp
memory/4948-1843-0x0000000000580000-0x00000000005D6000-memory.dmp
memory/4948-1845-0x0000000000580000-0x00000000005D6000-memory.dmp
memory/1292-1844-0x00007FF6D8E30000-0x00007FF6D995D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 923d82892bbfce310e0a9cd95f8273b5 |
| SHA1 | 4ad97c743c36aa99d78a1f2f94a68c0c711a3adc |
| SHA256 | 39ef9f417ff0acdc3c07969022f34b9d32949c1e3dc08eff96305aba85c90c04 |
| SHA512 | d662a03465aa29b54b95b6424cc8765ff78ce9e38a1c2963c2368bb2968dc48f2790d5513d207b5a8b56b6087e99372d14b308c3907c594cbcc56f1407c35954 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 203b0c9ac8fa8e0182ab93256f0ca9fb |
| SHA1 | ebc596ee679a3e2190fc191469153e030038596e |
| SHA256 | ba60baffd78b1f2422b4e7dc14963fcaf04fff89864649e910a105f8c8371f31 |
| SHA512 | 04da576f4fd7ccdf8585b64774b022b1a4ba7b988f59894186140b6634d0af20d521829fdf63604211f9149ba17d1cc3040852d0f53876eccf136c85c65377d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | 51e6a3d7c6f602712c0507bd982aa53e |
| SHA1 | 8826e627c241bce1aeaf6811d513baf1ceb39d47 |
| SHA256 | ded5edb7984ca4e03b686c0aa6a7960594c9ac31f8056149fd1bf2dbf195b1a1 |
| SHA512 | 720996570825b061547a8f8d01f3618188309a8bd83248e5b18ff5621eddb18374eca0330e5d7fc7e242488239372c518123fca3ee6aee7868218006e087ab1a |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
memory/5828-1898-0x0000000000A30000-0x0000000000A3C000-memory.dmp
memory/5828-1899-0x0000000005770000-0x0000000005C6E000-memory.dmp
memory/5828-1900-0x0000000005310000-0x00000000053A2000-memory.dmp
memory/5828-1901-0x0000000005290000-0x000000000529A000-memory.dmp
memory/5828-1902-0x0000000005470000-0x00000000054D6000-memory.dmp
memory/5300-1905-0x00000000072E0000-0x0000000007316000-memory.dmp
memory/5300-1906-0x00000000079B0000-0x0000000007FD8000-memory.dmp
memory/5300-1907-0x0000000007900000-0x0000000007922000-memory.dmp
memory/5300-1908-0x00000000080D0000-0x0000000008136000-memory.dmp
memory/5300-1909-0x0000000008400000-0x0000000008750000-memory.dmp
memory/5300-1910-0x0000000008340000-0x000000000835C000-memory.dmp
memory/5300-1911-0x0000000008BB0000-0x0000000008BFB000-memory.dmp
memory/5300-1912-0x0000000008AA0000-0x0000000008B16000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2s10wuns.0d2.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/5300-1929-0x0000000009B60000-0x0000000009B93000-memory.dmp
memory/5300-1930-0x000000006F310000-0x000000006F35B000-memory.dmp
memory/5300-1931-0x0000000009B40000-0x0000000009B5E000-memory.dmp
memory/5300-1936-0x0000000009CE0000-0x0000000009D85000-memory.dmp
memory/5300-1937-0x0000000009EA0000-0x0000000009F34000-memory.dmp
memory/5300-2133-0x0000000009E40000-0x0000000009E5A000-memory.dmp
memory/5300-2138-0x0000000009E30000-0x0000000009E38000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8f929927d0e7e1e287ce2fc2f02f6020 |
| SHA1 | e9fab08285ed4aba77fe6960774380a0a67704f7 |
| SHA256 | 9c26a63979331dd7b9e49b8c8cdf236e3d3174b187d03361bc8108abc7f07b3c |
| SHA512 | 0885f99f5b3fccc910f57c77ad686d3927f11ef8957db2af51d3df7e499d55a2d32c4fae986913984ca890e7a463f10c6a2d7e8dbc30e74ed29e60d7c683ff35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f6a1cc309f7f5d733bd647db3051df1 |
| SHA1 | 12f884ebc3782fdab2ac55613d3411f2cbc1ee70 |
| SHA256 | f594186d7cfc3656057985269caf63fc2d378519f1ea6ced2abda9a2ce1e5c9b |
| SHA512 | ca929e53101aaa72d71807e05877bc444f2ac22d3f8ec3859fce33caab8dcfd6b31dd3d83baf751f8ddb2cdd6a383354331f42de83718e49d5e9ddc20edb3d4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 09aa9cecc64b55e68e7dd951da9a15a2 |
| SHA1 | 177f32a32a93b74fc225532c14b9c40fe0ffc241 |
| SHA256 | 3c58ff2fb834ccd154a1e8892b30c55f4ab7f386a7e5987a6c998edbf41c78d4 |
| SHA512 | 0d3bff1bc138b19d8089c4aba0a6c2c934bb9774fe485295dd3f0c2fc43e7fb04135608eec684d0d72dcf337f0ba66ddd45754f2938a50219b93edf49a25d951 |
memory/2248-2265-0x0000000001000000-0x0000000001056000-memory.dmp
memory/2248-2267-0x0000000001000000-0x0000000001056000-memory.dmp
memory/4788-2266-0x00007FF6D8E30000-0x00007FF6D995D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 893874465a8d9f68f0684fd61e9f1d3c |
| SHA1 | 866a58255ebab05d4ee2f2ed8383a6555ac1df03 |
| SHA256 | e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0 |
| SHA512 | 1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7 |