Analysis Overview
SHA256
92b2d2a44e57ae9d47806eba7e62ef0d0e3b152e822803845e9bfe74adb6efc3
Threat Level: Known bad
The file rbxfpsunlocker-x64 (3).zip was found to be: Known bad.
Malicious Activity Summary
RevengeRAT
WarzoneRat, AveMaria
ReZer0 packer
RevengeRat Executable
Warzone RAT payload
Downloads MZ/PE file
Drops startup file
Executes dropped EXE
Uses the VBS compiler for execution
UPX packed file
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Program crash
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies registry class
Suspicious use of SendNotifyMessage
Scheduled Task/Job: Scheduled Task
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-04 09:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-04 09:36
Reported
2024-08-04 09:42
Platform
win11-20240802-en
Max time kernel
334s
Max time network
339s
Command Line
Signatures
RevengeRAT
WarzoneRat, AveMaria
ReZer0 packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:Zone.Identifier:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Floxif.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\Downloads\Floxif.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RevengeRAT.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WarzoneRAT.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Floxif.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672378331592958" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{559D059D-6362-4271-AB27-F3793214B25D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 697326.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 164165.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\eicar_com.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 541586.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WarzoneRAT.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RevengeRAT.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:Zone.Identifier:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:Zone.Identifier:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\jFvfxe.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff9d782cc40,0x7ff9d782cc4c,0x7ff9d782cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1740 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9c3ef3cb8,0x7ff9c3ef3cc8,0x7ff9c3ef3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x0000000000000420
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3268,i,11398843976841578623,2025322416962073372,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4676 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\k3bmlkbv.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1F6B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3A896E3053084F69B96A68307F26CCF7.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ee9dck9q.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2027.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD2B52FB37A04BDCBB31AF353A62A764.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nxigbbem.cmdline"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES20F2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFA453589352402FA03817936642720.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5jwqvzlb.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES21EC.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9B31ECC0956C4AC5A37AF3F8B6DBB8A4.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\eu11thc8.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2305.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc608456825A9048EA9B41EE5B931FF864.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\0hqh-zg0.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES23D0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc40D98737136B4C5F828B8DD67BCDA4E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jov8drdj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2641.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcED786C3793434B45A193DBFCFCC6ACBF.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bo7cjnaq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES276A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2FB52A19AE114B61B27F944C5A609F89.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cyraiuji.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2845.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD9284953CA2343A98C22DF6F264D1828.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\h44rc9z-.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES293F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc33BE2C67AF6843FAAB795784F753DAF7.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2rb_ujje.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES29FA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc32B70BDAFBB64ECB97E64107C617D29.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\azfg_x5x.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2AB6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC6EF7EB270D04A60AF37BDCD6F9BFD2F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ojshiveu.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2BC0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7100869494D43AD806154D1EC1D4F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\33tlyrj4.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2C7B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9F6FA3BCD1514B6599F89F31C239C8A6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xck2f8rv.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2D46.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9B21BB1ED1F6433CBEF62AFCA8574CA0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mfbzkkvm.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2E40.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA78A6DFE78FF46AFB3F825EA614D99E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\609k9cam.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2F0B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2D4E5E3E2E054559B5699B70A65FAAA.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ycsn-7s4.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3025.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA7385C8245A4895B537874ACD11960.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sa8yqtel.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES30FF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2F0567BF7537426885ECD6B93A26C0F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\d4qbu8jk.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31CA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7A5A0BDCE95D4631AD3641CEBBFC01D.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sqec5faw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3296.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1840D106E9194024971CCD93C0AEC42E.TMP"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1688 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sgr7kwii.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC62.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCD32A8EDAA8D4B91B1B6A7A259EAD36.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ceyk1hw3.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDCEF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc731AEFA850F94AE1A114B0A028944E55.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\9mqnfm3m.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDD5C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6B1E7DE2A8004CB88EDCEDCC769D3BFF.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\spgwihal.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDDD9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF51473FCC7AB45C7A1DBC1763B11ED1C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kfb6d6wh.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDE56.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA315A11FE7114F238226DAD2AE6BA4.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\khlz5cxn.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDED3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc77AB973669D94D2D8D8259E2FBB74EB.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\t_y_flfs.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDF50.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc91F0AEA4EE5547239D9B4A47BA15589.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ksb1m8en.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDFBE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC2E5F2CBAECF478FA57FB6278151F2C8.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vg7qumws.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE03B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2A52A23E3154238B49CE61462AF9A3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wopkkf3j.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE0C7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC64E2EC514C48338F9A958FCA393C9.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3780 -ip 3780
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 456
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,391836685898478641,7324230528213866135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
C:\Users\Admin\Downloads\WarzoneRAT.exe
"C:\Users\Admin\Downloads\WarzoneRAT.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7B81.tmp"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.174:443 | chrome.google.com | tcp |
| NL | 172.217.23.206:443 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| AT | 91.212.136.200:443 | www.ikarussecurity.com | tcp |
| AT | 91.212.136.200:443 | www.ikarussecurity.com | tcp |
| AT | 91.212.136.27:443 | matomo.ikarus.at | tcp |
| AT | 91.212.136.27:443 | matomo.ikarus.at | tcp |
| AT | 91.212.136.27:443 | matomo.ikarus.at | tcp |
| GB | 95.101.129.146:443 | www.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 18.89.109.52.in-addr.arpa | udp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| GB | 2.17.209.123:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 123.209.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.211.222.173.in-addr.arpa | udp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 168.61.222.215:5400 | tcp |
Files
\??\pipe\crashpad_4340_GFYQLFYCJHFFUYTB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9147c5fd7a4be4934769212928e3e4c2 |
| SHA1 | c0c40f4484d2cb046cd31451e98711766cfc123b |
| SHA256 | a5e5759efc615c44f36d944865be4287c1bbc3d269223fed3d11516d456b63fe |
| SHA512 | 1aa03bd2a9b96bdfc2cd6c8ecbb9a3561fb4597129e411f4aeab6dafb7286c16574a92e6f2a553b83651383a60296c823d82377e94663f9c1d349c9755e793f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4295213bc8305ff7e57188fd9915d92f |
| SHA1 | 85765b0c48497e58a9cf01be75dea3e4447df7f7 |
| SHA256 | 1d2798a675410f73f615d92af6839f55f95cc8ac12400f9a5705179258c4a925 |
| SHA512 | 7e2685b49549b3fa72b080934e5cc16c3296a4256c2cdf4b5e7d551cea4e25a92977d7cb4b337865810cec4bfb82083f99e9d68e45740bda0af64f8e0b89ecc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a1c93768ae6401d5e069741970ce252 |
| SHA1 | 993530fdea647dedbe7b026c6b37025827a8e827 |
| SHA256 | 5e90aa2832985c916a91ba5a25bac933b8d3c6521dcb2d972991458941b6562a |
| SHA512 | 4b71662a9bdffffad1650e010f36fe213eb5b24d6b7696fd21c398edbec5f4a063c9150b61de5fb416e3a8b197a362e3df7e35ecc73253ed1c125084488834c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | bab4c3cae6f115e5848c32f313537323 |
| SHA1 | 94fbefd1b85aa60ef0616b5f16f874dd66d80dc4 |
| SHA256 | 21eb92545a8234dd7f482a9631cabc9c47abb8e3fc9a4fb3ade0d1580df5bd11 |
| SHA512 | 0e2e3263444ef1d81f9c543e83832a5096e892e88ccb4f93a29ec6d8176a0fc7315ac24902f7e52d7d3765b3866336b3303d1b67f9d192c54e187ea7506eada6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e8115549491cca16e7bfdfec9db7f89a |
| SHA1 | d1eb5c8263cbe146cd88953bb9886c3aeb262742 |
| SHA256 | dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e |
| SHA512 | 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e2612636cf368bc811fdc8db09e037d |
| SHA1 | d69e34379f97e35083f4c4ea1249e6f1a5f51d56 |
| SHA256 | 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9 |
| SHA512 | b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2f4fb4e9653acd5f01434fdf7f53c90 |
| SHA1 | 0d60cd25ac6addf92e07403e227f5c911e02dd65 |
| SHA256 | 7e03febd5598105b4b5b13efc8b884cfb20abf731d3a227069611ac5a82e4d20 |
| SHA512 | 43a8f2f12658b7da3f082b364a2d31e9071281938963d1418a58f351a9cf5950dfc52850bbf39d381b4183f9ecdd9726fc938b82b9df9bbe8ca5879e860a8acd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ca1ef958ab6f4ccd09e8a2c4363847d5 |
| SHA1 | 7a4b65854b4159860ffb0c46226ac738388e4ae7 |
| SHA256 | a6c61219d2b3fc1d6ee3ddaaca4acbac70838a9993edcfc3132a30996102548a |
| SHA512 | 95adb7549e74fda8f697a27afed3b0d486baf170383bb76e60a1949d96d60017de90a860f177d3606adcdad7363050528071ea23f4301d429fb8bf4ee87ba604 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | da1f703d2149a0fb1f6d1ebcefa4bf29 |
| SHA1 | 9a135cef139c305d02f68c07b6348c544fc45cfd |
| SHA256 | 6b286c7c345b58435039d3a9efffafab67af19a6e1d2b3c10bb06c689611e259 |
| SHA512 | d4419e22b1b723afc3eba66bd6d381f957c543bdd04c9dec3ba840fbac8344fa29ad735bc7590b3e833876f28459be803603d20fea0461908ef70f295e90290f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fa9199f5dadf05415e912d9e7acd7a9 |
| SHA1 | d1d9a0f98b94c7468568dba3643377703df7cc26 |
| SHA256 | 20c4539e5bf7f4ccdab84aaa42d40b67e5405b43ee6b4249c5e7780504d44397 |
| SHA512 | dca2ff62462607ed64987bced8c9754c9b7b6756c5c58e6746d276617f057e0c10f66d0922431c302e1f425e055c7a5d65a4529d667e60f74a0dee2e0b5f0c1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1784e0ea152976410aa17f7b2c85f662 |
| SHA1 | cfac61604387304305ed8d582962d3476b1620a2 |
| SHA256 | 1d647ffb559f1378db3a1cebc0f93e6495712a71cd4f34c6584b9e8a0657a53f |
| SHA512 | 53659b2f1605e8ea2f9c5d6a57a05aab1a82039b42855d3ab1d0ba51b94e4f04f3bba8aae055ebfa4ef0616a29240332da8012461fdef434882209fe419d9d9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 197050f6558411063aa68b20cb1788af |
| SHA1 | e889ff15477e074d719eda9684aa950dbb8303cf |
| SHA256 | 4d8c0f87c203e1ae5c1e3abbc781aa7691a160638663bd052bde7997a647f5ba |
| SHA512 | a82070513eca364456bbdf5bf2913bdd067cfc7531cc36d2f840d301e260217cd96ff10fefc407c23f630f14189846d485fa349aaa8f66e6671a3ae5e933ff40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c3fa35bc81f52f0f99e6fcb07266b0e |
| SHA1 | d42e1311aa9f435dc3a9dbb1cf582b513732525e |
| SHA256 | e918fe73128191e2b149a7b80bead93c180ef330530ea82c94b4e2c9e9de7a8b |
| SHA512 | f73742ce210a0cc376204a10a295f169ca582b699cc237f4b93c823d17761e3f333e5b922e3446ca79a28a45ad271c0ae9b255a8160428e5ebad23ba6554eb40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b4e78c93b78dd991b24ec67f5ceda49c |
| SHA1 | 5a775271f3a9271e8cd1bfc0b995a335f39ca184 |
| SHA256 | 6f7453f5480754566f374bc3e8d0d1dda7189df4c9c2d850121bb80cb65f84de |
| SHA512 | 6a3279bd559de24b490b4a32a0b1c91d447c2bca9955a419137a0a6d59555ba91a23ec20e1838dd8232d49053d43f5e638cc5e47f40183623794f08966d88430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da678b22b90151f09939fa025e70aa18 |
| SHA1 | 1fc3ccc614c0ad564b39bf1e155b76d9aaf911f2 |
| SHA256 | 94f3bd6fd894c61dc56aab15f32581ef4aca97655edb46e3cd7a916747443de2 |
| SHA512 | 3958327e981a79d72b04e075fc5f226c0f6bc0047bb7e3d649844e15d1833764ca1aea548e375a4c902973ca479b04933891bf65bf16d9e940b2a69e0c3825b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18f96b59003df9a88f0c12475f7ad36e |
| SHA1 | 7982fd52146aa1ee16ec905841c800dc2c4aa5a4 |
| SHA256 | d34e72dee3bc7bba43b4f4baa9f0d85f746904669e0518692030840f8a637530 |
| SHA512 | 3e54197cf4c0ab014b14deaac66cdd635a33e856622efa852e420d405161a9c365c3cbcec925eed74bdd58d4d8438e4ee04dd0f7060fb7a1a98d79027c11bfc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 667fef083f0606dfd0b961f8bb926108 |
| SHA1 | 7b7fbcfdbcc91141c4ade7e37e37e90920b657e8 |
| SHA256 | 7687fece501211f943fcfe5bbdade3d8ca74d8144ec015703b98af106fe0a64d |
| SHA512 | 30458a333c60fb5d8a5e40de88f4f229032275a2da7fdd6a4189401d805229893ed0ccc5d699a59cee0b37d73693766f40e8996e172e4c53f5427ef48d8aca85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24237245b96eede50b7c2aee7935075f |
| SHA1 | 36e96f3e643bac42548b74e00f2d57a77edab788 |
| SHA256 | 08fd0b9372da68c14f5f68eed4c2878b0d03c93035a520421c2dbfcf3ce095a7 |
| SHA512 | e54eba263d67c92af5f89b450bde1e0f2d708fe4fa7b6c8c0cdc4d748649cb725d314fe1ce51e34347b782d00b848bcae708e16e346c0a42c9f61966a4babe0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589c99.TMP
| MD5 | 3681e8d30f9b6f0598dd7131c0af2270 |
| SHA1 | 4910acc89bcb9fff7b8da366baa3c8b3c15ea762 |
| SHA256 | cc88eadd649d352597081bbf59a6f586a111b24b3c89c60c41fa4332170c6237 |
| SHA512 | a579b10f1fb86478935b2865fc1b02e605ba1f23cde8dd62243ee6b1a0bbbc82618805558450d436d91b77c4a38b0b087ab2ab7655e7abc0bd466a821c813756 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61ee040c727700e4265db669cfc4847f |
| SHA1 | fa9e90f8005a28f1cd85fc4ef5e6eed2bb3f8f2c |
| SHA256 | 57dc68c4988a6904657df4c7f7270d238e6a1fe28d84425b97354b81d34fcd1a |
| SHA512 | 1d82025cf9199877969a0e28424eb57cd9c1e68d0bb73830a793d075b26299854bd2ee586278c3a9c613a13628d0b2e6f32555489b82359b45bd6e51751cda57 |
C:\Users\Admin\Downloads\eicar_com.zip:Zone.Identifier
| MD5 | 6d8d5714e5765d400dfd2a4e5b325759 |
| SHA1 | bee50e3c4c190f8073ae1367d72e4be2cae3893c |
| SHA256 | 40ecd5aef9b1ca24049c881a90b31aeafbc38f0741a98785975e60bd3a1951f7 |
| SHA512 | 1fc49e20ff4b2e413ca77b6b6ac25a9f4f4d5f88cd318173ae84d5fb3d508613e0efe842fbd9af99066973c227a39aa2fe405b5a43f162b410ba3d1ed0cbbe4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1b7882da69c0725d96db6fadf5c61998 |
| SHA1 | 4d95eb2c1dfd8ff2a3fbabe0d6bb19a842e5249f |
| SHA256 | 6cddc69fc7979794337a68b009dae3345a0882b495bfe4d4e9c680739cb58ce6 |
| SHA512 | 9f9371fe239e1292ec63d46a2599c584860cd47e394c424635f2920deed64c49aa37323855be5c70a239e1e6c69f56176520c3ed9264bcb5f59b8faf6d9436e0 |
C:\Users\Admin\Downloads\eicar_com.zip
| MD5 | 6ce6f415d8475545be5ba114f208b0ff |
| SHA1 | d27265074c9eac2e2122ed69294dbc4d7cce9141 |
| SHA256 | 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad |
| SHA512 | d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e0210f86f0a3e1f2fbebfbc93d7bca4 |
| SHA1 | 233df4e378dcd0b3102ac52e59b495039965516e |
| SHA256 | 9a48883bfa529a6a3c601d506f006d35e17e0fa6e963339dd7d6147254f36106 |
| SHA512 | 1b4366b9a5d0e9f1bf5a8513b9daceb50da2bcbc5cc24770a7cd1461fc7b26673d50304f5bfc3c4c1424be6e46c8c35fb53898c94caab04b0d1b865ade51f283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 504515a794484a3dc741fcef299abd57 |
| SHA1 | 9a279774ce120edcf480a745a23096701460fdd9 |
| SHA256 | 034c7cde6c4252f847f1dcbde473408b7cf5fef687fb90da3ddab35082d538b7 |
| SHA512 | 2dd046d73474fb3979673e044b36d10c084c637ae489c512426be8fb17da3dc2d08b56f1e4fc5abe860093b510853fa9de6ccee753a97955deda772e86491604 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cdf1d261d77a89756793620d873fffb8 |
| SHA1 | baf9f6048efafafe39bca05ac667ca9f42f514f6 |
| SHA256 | b28a2f6ba434d40515850c6a3c2c523b9e0e3f702b5c95a027453b0e2c181a4c |
| SHA512 | 2f1f7d6b8e7a8995d41bfa56aac6979861bfc83fe2348d0f46bd3f268559139227d9f82979fb9f015da24dca31ad3b56875f4157fb484c46ab01450b6bd7d60a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 023e6d53e897322198a7b94bb0776289 |
| SHA1 | 4eee8c17d56fa320f2bfe9930accb4a9e83c8546 |
| SHA256 | 6b3adbf0309a1c80d078cf18d184688efd9dcbb0283a96e1fdf6f3de4290a32d |
| SHA512 | 00333561c702bf59f71e443bf7a8b4329f5e82e3b56727c84258c3c022ede015a32b60dce5b361c43e73019f72f217d746df3aad72fac9dfd640d3a803d32c65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2ebfc5e1ac8f9e1a571e05f35a42f3de |
| SHA1 | 589550203657b1643236f4f4351f9ca4719cc1a0 |
| SHA256 | a4c814682f06c919d573b00fa9fc44ddc8183e0b985b963b7f1b5c0f34d0fb75 |
| SHA512 | 98611b77023a7531c44e1855895edc17a2918c03c5a64ff94aea94c071f634ad056b6f8d591e58c0b06a5f1b63f2bedda310c5de003aee5f65ff48fbd55debb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d609648b970409d5f3f864db00e33186 |
| SHA1 | 40378d2cf0feb407f8101ea35f53152d55fc8bd6 |
| SHA256 | f86b171cecf37e8e00d0a61d49dfd7ff8175fcb05972d827a44f2f2429598592 |
| SHA512 | 450dd98a57ca48623409bb7d5afe7cd39ba826bfc5e0abea70828c98fc90ba075228f92db3597bfa3a54536d6144d6c645e99df9f1d9b69877ebb47d82e31088 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | ed3c7f5755bf251bd20441f4dc65f5bf |
| SHA1 | 3919a57831d103837e0cc158182ac10b903942c5 |
| SHA256 | 55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d |
| SHA512 | c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 027a77a637cb439865b2008d68867e99 |
| SHA1 | ba448ff5be0d69dbe0889237693371f4f0a2425e |
| SHA256 | 6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd |
| SHA512 | 66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84466e556fa95bb8242408663a37bb9a |
| SHA1 | 0c4c025cbc6e4ee433efd7bfaef4e1a5c8eaf3cc |
| SHA256 | 353c2c955b1e18f57fe075830ab83770c342fb67db5fc231f109159361c2ff33 |
| SHA512 | ced1f665309f2e994d05881bb38b4056faef885c462eab6cf46cdb8f834a0ebd9b44731bc3d74869e1c456e9f75954a93318c76f6f58ddc867b47725b41fc7e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87b61833aa52b4d562e19bdacc340907 |
| SHA1 | e0278eec67c42d602ac628fec41a95d73c564154 |
| SHA256 | d5a30afec557b14b9cf6660bcb928159f3e89a3cf3c5e54a03c0173407f6bca2 |
| SHA512 | b59a069c412ae66f84f8fa570e525550d4e0edd4f627896735ca9742c06792fcbbf62bc9cd3b5d235ee4012db8ab0defcaea158767ced6ff051ef846a50a3cbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0bb649b8820efb5a6c497963dbafc07a |
| SHA1 | eafb1fbbe7a8dcd16f98b434fba213eee6515446 |
| SHA256 | d8fa8020c5ac5c774789eacfd2aab35b3e1b8abf05f8f34fe1db0e3279539dae |
| SHA512 | 9f9894f8e294e3a075144d2ffe509e7bbf86022793a6dd0b04df0af66b768dea87408ad64e0c26144ea5d8dadf591d606ec9154dc3c036e6ebc24518e797336e |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3fc174ad8add75d9f5b59f17d98cfac |
| SHA1 | 756fabec0d87e3b9f3f2ed11e767b7871f1f3707 |
| SHA256 | 6494ad0c821b20d65ff763321a67fb981e958dcc4f4cd11278d217baa3bce4e2 |
| SHA512 | 02d617d48d69237fd83c10417c0e7337e8b1f94895645189a2f0ce66abe6a28f5ecd9af28266c580ae140a6e40849b7a4ec4fe3d4ca6f03ec001b40c790a61f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 74c3dc24780d72d4f5bd65ca80c369f4 |
| SHA1 | 60f778dd8764b5934f75fd5ad2510f7178f2f1f0 |
| SHA256 | 267910b18ed65a1e9022ba567a23c61d964268d967ae6af3857c5e1f87d667b4 |
| SHA512 | 06661722a1a4ebde3d4f05a213fc015adb5fa64da427b88da02c6d06ee8df73febd5c24caf646edcde95f99573c9b85cf5c8d149f776d90487ff65f3a76722c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1853ddef57f259da79670559d898d07f |
| SHA1 | 85eb9dc064a24e169e685cb830477d4bb6d11a9f |
| SHA256 | 68b8b6b1eae88325df30d1f9505bade6ca5fe4e5c073506b5ebc70f0abee547d |
| SHA512 | 192258031470bd5519f4b5fe6b56e05386edaf20de18ed4a9899d74f2c471719fba52a038c1f27ac4a615a60ab84742a21ca71d888b93e9b3214da544d8e5b2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 4b7865e7d728afed6658edc3b24c3eae |
| SHA1 | bc637d99deab24d7a96c42aecd53dbca2cc09edf |
| SHA256 | 572ea6c6add39c7fcf68d600744a579348b46b4ccbbfe71387fd29fb2703d2dd |
| SHA512 | 39281e9e680a83ccc264239fe47d61f8e9adf695cec445b02fbeea59be3ad2f9484ecb0dcfb81e5237e097a0fadd1b26be3ff24a1364ac8c1da5863ab30ceb6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | fcd451d100451b87ac42092de358782e |
| SHA1 | f701b9bc3fff61891b31ff0c826f33c874831384 |
| SHA256 | 116d2c6230b40ac3a295209a862f90abb051b458d16f0a5cbab293935c6e2585 |
| SHA512 | 1fd1ea3cd1d740d1ac9a25cd48dedb6bea007c89702de2799357a784680f60f649114367d9cbbb1f001e8a9edfa5c9301b00b30be5c63202fd330839be600062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | b5ab17d4f916b16f107429fbd0724c93 |
| SHA1 | 39b2c6bd172c89440129f35b481538eb6e7dd54f |
| SHA256 | cd67b64ae69f04d81477ae47f5fa7156d56a698721cd4d3e5e0ade91734084e5 |
| SHA512 | 788dd105a5bb65532e3dd64f8091481dd7e9e6d37ff897fc1ececfd23e41cbd1065b79d583713cd035fef81ee677f22cef7aa969641826b1c222ea983481f9aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 8ab6b4b0fd82920d0f19b76aff4e6171 |
| SHA1 | 7e543774e37d80d330931f83bc2a31d2b80ae560 |
| SHA256 | c51de2bf932512f2201f2a8862c03ba50efb8e2719c4290dab2133aadb75bf6b |
| SHA512 | fb4c16cab7bb40385390e872cf64ddd8d93327f0ea024ea82e546f5e5345578c663a1307b0bcb1f4c2d5a7eb809c3e4853d4393cf11a37c35d84dd2baae1347c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C38AC6B0EBDA4044A36E2ADF650F8E22
| MD5 | 5dfe4d221aad4b0c0eb3b9bd87aeae8b |
| SHA1 | c1edb09ab26f02cb087b6c00485407761206e0ff |
| SHA256 | cb9c12b11af57596d6f840c5dfa1ab650453345914758ac829a17fef8eb3d984 |
| SHA512 | 34c46d8c85c17aa5039655b87682e79511b07f772b70ab5100f4521a166dc0f3ee6fdc06abfcb9294a7a8aa77dde38f78fc6e7e9b88993f00f0482133adee992 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C38AC6B0EBDA4044A36E2ADF650F8E22
| MD5 | f593571af01a60591eca5d4013ae01f7 |
| SHA1 | c6990b290232320e295eb0e3b6b2b7d4d8c42154 |
| SHA256 | aa973698d07cac32dd33918aa44035cb742f78801b8ca974becab293bd18831f |
| SHA512 | a92b777483a519eba642e0b1f780055b3eb76d4730a15c542d06ed4383ac49e60fe59a5c0cbaf9bc41fa6a81ce510a79eb51c772d02af38f18def95585127d79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 524fe99aa2ab5c323b969a8ba09ad6ab |
| SHA1 | 091d80bc525b3bcfc1525a020a49ec98e49e99ba |
| SHA256 | 07e49306a66dda2ab671e3b6acd3299734578001da7eb2e546945200b6915aa8 |
| SHA512 | 7941bda06bf3fd647ea1fc8d2797388ee28a1c13906f33dd434f4926cd7b44d92e755f418a4231fd3df4c36e49209c840a71b1b2d47969d3ffb56bbdc19cfdf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3df4747f65e310b722089d9f24049b52 |
| SHA1 | a0de47f26d06d04c6f5fb53f1f2d639941fb164f |
| SHA256 | 3538805d5e1833aeb570a9c55c4b6f92d9626a7ab4887cefd22b962b89aa111c |
| SHA512 | 1b92b73148ee86860cef091cce163eb9f3be2967c4ea8394e3efced69a609e988bb663f541a643226f1b7f2fb16816dd7214f7eca6ae20582ef8fe8c67a14e55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a3fbf7acc77aae657d1117cc891ff07 |
| SHA1 | dd153f4c7c27562dd5574f5999fdd310c38efa48 |
| SHA256 | 14ec5951cd69bc3d7155636ef3c17a32a635e9b2db487491a47cd63287c2634e |
| SHA512 | d5a994611fd467a9bf63c5bb0e5c562b7379bc7db9738ff6b22660988c892bc1effcec94934aae7d2bd3a0ccd0bdcc34de57fcf17da093f39c59e49138f1858d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e43c182df9b9c8d6d7dc2c80bbf6d0a4 |
| SHA1 | 79090293fa05fdbfda2f1ec9cc202aa78e3c8cf1 |
| SHA256 | 2a5dd5f47d7b5ec247847830b2cdca83640d2b911c903b8d4efb5b662d6677fd |
| SHA512 | fcd1c87f0f8162fe682076f81aa94db794b54996a5f29f047ea161123e540188e8f2a0164354206dcf5f171478ad00c33a2d8fddefc604b55371b0a41b74ff02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a54562e72433bfc967ccfdd498a894f0 |
| SHA1 | ab21d865e2c7b2494c68762155c58064e5e780bf |
| SHA256 | 2e1337de4c3d2ca798fa9fadcbb9146bdf1699649184e8f26f7c158af748a82b |
| SHA512 | 9dcbd2c58e99fb00f9b8d19f023e65f95b71f898802bd35f970ee3c9efa6829bc39b799e9b90740b76755ba401e28caa134bb2ccc129e270dfd7fd9bdcb1fae1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f4a92e6a72f99328ee71892f0f92ae41 |
| SHA1 | 16766545296cb4ff5615bc6070ca9a685d91b772 |
| SHA256 | fda621eaf62df719c9a7cef3f9affdfde159f4ce6c91d1213ef8f9c777f84871 |
| SHA512 | 5b5a4e0137c92bc5dad2a8155bb52e8cb2330206d0697d1ce97b44315e83c37c47ba613af08f351ce53ccc99a16f2c9de20e212f62dea44799ceca5c0a4bde60 |
C:\Users\Admin\Downloads\Unconfirmed 697326.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1ca5d293a06b8dd41dcf04f5fa259c18 |
| SHA1 | 0f09e0ea846424e3cc7e044cd3c10cc9cc17565d |
| SHA256 | 6cefd1ee2c10e2f83a13a9fab41ae3d197ed52487e59929b50cbc1d797045b38 |
| SHA512 | d792e2eb396488d7b95be53b5d0f60d6c40b684404b46623863d4d79f4e1d487482938b7a27cfd2dcb319f6b785bfc9066c0d5e5b1162c7580a251c40a75f7d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6689c59e26e703f356e240a0b16dacbf |
| SHA1 | b79700640b1a009208c79190e57f8b850dcfc7bd |
| SHA256 | 1c6ce065a94b17396b24d14bb0f44e91648945f330d46dc7d76582c14df82645 |
| SHA512 | b4db7d2d76e4fc92bb3ae60ee4597e24b8b398660d12c94ea3558f351294f8eb275c8d8daef3d35b6f86b5c715a50d37ae247a6908e4977bacfc8454817e9170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0f8f60e0459d82ed8d86548f459b75c7 |
| SHA1 | c9dab5f9ee9def54d542d2b4b7a234c377f55670 |
| SHA256 | d044e34c94e82820836d635b7d5515f9f34a4f3c66b3c629b608c454c1a99411 |
| SHA512 | a617758c520bbd7b3f4351d76a549548123cac2dc8b555f76f07466df473e4596adc8a48251e487a68a96e5a463c19bcfc405bef70fc8b31cd06ab4255d12c52 |
C:\Users\Admin\Downloads\RevengeRAT.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
memory/5096-1145-0x000000001BF60000-0x000000001C42E000-memory.dmp
memory/5096-1146-0x000000001C4E0000-0x000000001C586000-memory.dmp
memory/5096-1147-0x000000001C600000-0x000000001C662000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a458d2e785d2fb5069112c3607b5809 |
| SHA1 | a39c531af6d5d9bcfbe220844b3b35ce18fa1fea |
| SHA256 | 6274ce1b9668e3acbb36f30fb2303b18767a873cccef5e99f250027a86f0f2be |
| SHA512 | 87694f3e33dd07808ec5605a5938c58689116e7491d99209c263b090eb81ac6695c941d38782bdd6d685bc7cc92f8fc50b97da49b675977c929267693d72617a |
memory/1368-1159-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | 502984a8e7a0925ac8f79ef407382140 |
| SHA1 | 0e047aa443d2101eb33ac4742720cb528d9d9dba |
| SHA256 | d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c |
| SHA512 | 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13450ffc76342b93ac8c92e6e0e24a8b |
| SHA1 | b99c4ea4e283833e2cd1c64319bcc89d0b15aef9 |
| SHA256 | 92f45c0901e71b11787951a9b6ff7b95a9316782aafcca4fdc0d4b8c4a6e2cbe |
| SHA512 | 098619c30a007d3ada8697f2688d37ec2bd1e126b9fad85ffe27622c5bca44bbffe78c9ae61e59336516651fe7dbc7494df24b1f584aef2189b19c5e9edfe1bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af9e8639c647a67a9642a535cd3c3d55 |
| SHA1 | 964c1d54587c49d3ac1e7462a6595797c0d9c119 |
| SHA256 | cd1dbd236de0cba6141a39cd6b9e612fa70f168f066c3fa4d32dd0bb41b9c264 |
| SHA512 | eb43a3bcc1c4f3acdb8bfe07fc097aaab8f398ebabfb32acea5e733cb176fd4e988f2fe79cee4d848c3a10495609ce9c7d9aec692ba2f6eac249a73eeea8be6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e94bc8c8dee722f512aa372d046833e |
| SHA1 | 12907968142c59d4995046a93868c25929df0f4c |
| SHA256 | d4e043d0a1bef790ffac7f621c5148db1c0bbe80e7bf8f7fdb7b16d61d6eed26 |
| SHA512 | d6bd83f6c3964decd13d58e7620e869bd41153ebd6eb391cb8e5ff3cb74ccfb1b11a3410720099bb17c79b38f84e37801f10759d0bcbda83f8ac793cac1b3500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 392f2e178715cf7abcb9bb723849a3f7 |
| SHA1 | a9bf4dabb2fe9eeb15a022d6d7081e602f2efaf0 |
| SHA256 | 706575ec1888b0481f8b6d6f80f41760380daeb2a400d4f78b3f7ee96c02b704 |
| SHA512 | 9b9c0e7a5a014f5c13d670ac7678b7058ce0aba30d30cdd490651e352a2f8890bf55b9b648b024a31d6a8d046dbed8577c31e12e25e6cea33d59075d6a359f79 |
C:\Users\Admin\Downloads\Melissa.doc
| MD5 | 4b68fdec8e89b3983ceb5190a2924003 |
| SHA1 | 45588547dc335d87ea5768512b9f3fc72ffd84a3 |
| SHA256 | 554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca |
| SHA512 | b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f |
C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier
| MD5 | f27c5acf452b6a8123583c079af7373a |
| SHA1 | f2dc1fbb364415482f26678fd20ffc078af7c323 |
| SHA256 | 92e8925c5af069c183a6258367afb036bfd186852985a9fca8af4098a144e6ab |
| SHA512 | 2c9cc3ebe5e19070c11ee72d586cc1170ae804482cbdc69a33c4931cfe0b0aa6dc42b5ac94701c8da62144d87bb3c45e10362c75fb3a8a4252b909cc516549c5 |
C:\Users\Admin\AppData\Local\Temp\k3bmlkbv.cmdline
| MD5 | b6a4452360ee0998dc5e4661aae46ea7 |
| SHA1 | cbddcb177cba33ec08aa5f38c30654fe4f9e42ba |
| SHA256 | 4140a0a34eccd7c34493082cdc2f094952b225c2d352125b4e30e58803f31aa7 |
| SHA512 | bb79311ef2551f7973940f4ce8c49c005f68fc12bd292b7fa1ed69dacae3bc8eb19e9797ef49235cc84494f3585f3726e529decf89e4993f8d662a80f9a56692 |
C:\Users\Admin\AppData\Local\Temp\k3bmlkbv.0.vb
| MD5 | e4a08a8771d09ebc9b6f8c2579f79e49 |
| SHA1 | e9fcba487e1a511f4a3650ab5581911b5e88395d |
| SHA256 | ef4c31d167a9ab650ace2442feeec1bf247e7c9813b86fbea973d2642fac1fb6 |
| SHA512 | 48135e0de7b1a95d254ae351ccac0cb39c0d9a46c294507e4bf2b582c780c1b537487161396dd69584c23455950f88512e9931dbff4287c1072938e812a34dd1 |
C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.ico
| MD5 | 602ddd0c457eb622800ec2b65d1a3723 |
| SHA1 | e322f2927b3eb868f88f61318589cdbc9b5e4554 |
| SHA256 | 6491b2ebfda073e601f99be125c6ce0c4a72162e0995c673605c673581023a82 |
| SHA512 | eb0cd42b7178ee205af959b3b811bf85c44343c2e3ead6678ece7bc340fd0efdde3067a583649d12aa2123b555a4cc2a7be7a587fb2874a9f9aa666093df782b |
C:\Users\Admin\AppData\Local\Temp\vbc3A896E3053084F69B96A68307F26CCF7.TMP
| MD5 | 84e9754f45218a78242330abb7473ecb |
| SHA1 | 3794a5508df76d7f33bde4737eda47522f5c1fdd |
| SHA256 | a979621de3bcabf9a0fa00116bcd57f69908b5471341f966c2930f07acfee835 |
| SHA512 | 32b51e82e505e9124fa032bfd02997de6d6f56e0c0dfb206aec2124199048168ec0f7927a0a289f4653662bdeb5089d91db080019a9556491ef111df99b12623 |
C:\Users\Admin\AppData\Local\Temp\RES1F6B.tmp
| MD5 | 95a27dd7c22bb84ffc15458b1b831d3e |
| SHA1 | 54d4b5288fb00110735ed4f7c4346a9d7af3535a |
| SHA256 | 28810b02a66e5ced3e07295b5a054e0a444b6a66b3b0231f2b7881d4156ab4c9 |
| SHA512 | efdfb6e945b0ecc789778c119936df2c4798fbb6941b837d45a35412bbc5af4cd69e3f476b9e9c3a6713fa929741cc3f24408c0cbc30da317604e95d8d8534e6 |
C:\Users\Admin\AppData\Local\Temp\ee9dck9q.cmdline
| MD5 | 5e191ad80e35041cbfc9c9858b116e5f |
| SHA1 | 0e4c36ae79e4f8153d96da1fda72079ac6f6093b |
| SHA256 | 3a28ae26079b8f82003da4ba0cd415dcefa688b0c6edf2e45b09fffb06e1fbbe |
| SHA512 | d6e3bb0565c0b0f7fde89c4a35ee393b1d932350cb62af04ae8c2610f724f916e615d532494f3f01569743804fc318e409a356fb80e448572cf51a45262e3b0f |
C:\Users\Admin\AppData\Local\Temp\ee9dck9q.0.vb
| MD5 | acd609faf5d65b35619397dc8a3bc721 |
| SHA1 | ba681e91613d275de4b51317a83e19de2dbf1399 |
| SHA256 | 4cfd86d51d0133dda53ba74f67ffe1833b4c0e9aae57afe2405f181fc602f518 |
| SHA512 | 400ffd60ce7201d65e685734cea47a96abca58ca2babda8654b1d25f82d2766ca862a34f46c827249a4dc191d48f56005a9f242765d7becdda1344b8741a9d8c |
C:\ProgramData\svchost\vcredist2010_x64.log.ico
| MD5 | bb4ff6746434c51de221387a31a00910 |
| SHA1 | 43e764b72dc8de4f65d8cf15164fc7868aa76998 |
| SHA256 | 546c4eeccca3320558d30eac5dc3d4726846bdc54af33aa63ac8f3e6fc128506 |
| SHA512 | 1e4c405eca8d1b02147271095545434697d3d672310b4ea2ecca8715eaa9689be3f25c3d4898e7a4b42c413f258eda729a70f5ad8bc314a742082b5a6a8e9ff1 |
C:\Users\Admin\AppData\Local\Temp\vbcD2B52FB37A04BDCBB31AF353A62A764.TMP
| MD5 | abeaa4a5b438ffa58d07d9459e5c1d6c |
| SHA1 | 69631de7891162dd4840112a251f6531feae7509 |
| SHA256 | ce174412cb2889bbf162b7ebe4476da5a9c928ba5b13111d338753ccc4c0f5fd |
| SHA512 | c9cae8bcc14661e993d97a3c7b658310a8b9c19044817589f92eab66f1bcfcecb3468b0de8b45cd68e218c23cd9c60aeef1d391af36ec03afab5c8b86d7937d4 |
memory/4832-1269-0x00007FF9A7210000-0x00007FF9A7220000-memory.dmp
memory/4832-1268-0x00007FF9A7210000-0x00007FF9A7220000-memory.dmp
memory/4832-1267-0x00007FF9A7210000-0x00007FF9A7220000-memory.dmp
memory/4832-1271-0x00007FF9A7210000-0x00007FF9A7220000-memory.dmp
memory/4832-1270-0x00007FF9A7210000-0x00007FF9A7220000-memory.dmp
memory/4832-1282-0x00007FF9A4830000-0x00007FF9A4840000-memory.dmp
memory/4832-1283-0x00007FF9A4830000-0x00007FF9A4840000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 042d411333f2e67e8d761a1bd7206713 |
| SHA1 | c43139243ad64265bebb366a3128d10225703c79 |
| SHA256 | 7a3628b6ea0ad61b0274a8b0abfe27a0b9b1d24a63bfeab3602e313e24ce5275 |
| SHA512 | e8aafbb7b9580fe81a3d355c39a0b0956b71ffd6b93b7e4372417ecd2fbe67f6519599d0c259e0f6e752338ee6a5f300f9912b4876814e72e9862d06baa76570 |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | d29962abc88624befc0135579ae485ec |
| SHA1 | e40a6458296ec6a2427bcb280572d023a9862b31 |
| SHA256 | a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866 |
| SHA512 | 4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f |
C:\ProgramData\svchost\vcredist2013_x64_000_vcRuntimeMinimum_x64.ico
| MD5 | 28d98fecf9351c6a31c9c37a738f7c15 |
| SHA1 | c449dee100d5219a28019537472edc6a42a87db2 |
| SHA256 | 39445a090b7ce086d5efb4ac35add13672fac9bf40eb481b54fa87302a3f45e0 |
| SHA512 | f5c2458348347798304393fdb5c77f4f7ed7245c0d4c7594deb0113262828cb8e210e7b48a4aa7c4d2fe1e31201b4e326cd60a6f9d4e3ba1a7fbef322dde0971 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b470650dc613f306cb82b9188e4da37 |
| SHA1 | 3f4d6e4f0ddc652928a6f602a8926ad8998a0541 |
| SHA256 | 7d85d69a24b719b78dca4184b9b3a173d7793699da6b3f82cec888d0c8dc0d65 |
| SHA512 | 8f6cfa1e321007ceaedab2370ef892f52843a390fad0347af615f8294e5043887773ad8306960fcecbe9686f25b35dceefd1a4ff5168aa1fbcffec65e064881c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fd081bde32e6f608f03028c6d7cdcbd4 |
| SHA1 | bdd76fbd7c9467fe42d8eff00b82edafcd0da55d |
| SHA256 | db5d567f6cba22e64ffdc50aa9c4240f7f7187407026f8402e4d5f58288489f7 |
| SHA512 | 70569b2edc3fbd6cc1b7dab921ac16eadf109c1d5d8e63e4553a0131a72fc982cfe1b678771ee9b343dd6a05e45639292e0b640d51c52b92442dc86f80337a43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cbb6c37cd4cf112d6ae54088349fd3f0 |
| SHA1 | 49c583c08994f81818624afa2aaa12c3a60745b8 |
| SHA256 | 3dd037efd9d79fac200c3d0aeacd14ccbace5e35c7e7a0faf4a26d54f4b20e25 |
| SHA512 | ba428dd1f1c1bb3a4516641ae3abe695179e6fce7ffcb7999f5317f533cce2d8f54445d278c8e2318b11fcaec1003da5900678ec31dee822ab2c4cb3e817fac7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe:Zone.Identifier
| MD5 | 65e461f54bc05ba66464d19d6473db6c |
| SHA1 | 0ac06324758b10528c27d715c92172c2b9daeaa8 |
| SHA256 | 1e2b9800e69a11b334463e0c2994bb2b3ac6b8279d29d8b6629a58269724a0c8 |
| SHA512 | 49e528198e9a2f3adf9f5a546b33eb8ede7afca04068870ffd0f5005b2473eacc951a8a5072019bdb255316ce51a3b3e27679560d59f1de4458bc06878a20264 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | b8e74af3c6d2b6194bafc006e444d03b |
| SHA1 | d9d92420aa65ac7a9c9992b53a0c26183baebe9d |
| SHA256 | 26eb57845f801e098195492c2671045023d731c8ac6c252cf63a78b8228c196a |
| SHA512 | fbd8c12db1343bbd57b331a982ab53ae9608676ceb133a080e46044e444ea2172107413a900aa440de0e05c9804479501e1bcad7dc8939b9375b56cc51ba2fa9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 4fcb2a3ee025e4a10d21e1b154873fe2 |
| SHA1 | 57658e2fa594b7d0b99d02e041d0f3418e58856b |
| SHA256 | 90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228 |
| SHA512 | 4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff |
memory/6040-1574-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCD66A8.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75814c49727ae9f43624b7474af01558 |
| SHA1 | 8fade7b7f97a63792086d406d4641808a46b8e62 |
| SHA256 | 61e31ed5a37389a89defcf13959ef4137ca9b785464ea85baa20531c8eda23ab |
| SHA512 | 604e67fcbab4081c1f09458bd1e37390340eafa1f7add840fcb2ebe7717e710470a882a9972f9475e82b9f52af2500c6a55f44829dd0ff411ef50d79035694d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 01480e1a81a72022e22e6265869b0e29 |
| SHA1 | 3437412beb6f5fca511d695f16a7ae5434f568c9 |
| SHA256 | f0c827a1e4988d8aa4e54dacd9cb32932ac36a171e546ccfc809bdb577cf1a55 |
| SHA512 | 051ce0f30cb473e336624fe86978d8ae11e8181ce58341198dff567ad9d6593a8163f7c335e3188b84b908c15d466633bb356c5d88233d459410faecd6153178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 08703f41340fe174c6994c2edada4e79 |
| SHA1 | 1482315aac9442fe248ba43082fb54a1acfa78e5 |
| SHA256 | fb16592c25b2a0c46ed456498abbb621a065253b5be30b67c325009ba647aa36 |
| SHA512 | 67a9e4594b68cd10666d815fc3534a92c6f9dfc6ded19a1f75ef5aca597e858f0196d43efc39d4c434dc84fd21d977c84c2eb9d3007435a712ba91963e6fa014 |
C:\Users\Admin\Downloads\Unconfirmed 541586.crdownload
| MD5 | 00add4a97311b2b8b6264674335caab6 |
| SHA1 | 3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec |
| SHA256 | 812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f |
| SHA512 | aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70 |
C:\Users\Admin\Downloads\Unconfirmed 541586.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Temp\vbcF51473FCC7AB45C7A1DBC1763B11ED1C.TMP
| MD5 | 3906bddee0286f09007add3cffcaa5d5 |
| SHA1 | 0e7ec4da19db060ab3c90b19070d39699561aae2 |
| SHA256 | 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00 |
| SHA512 | 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0 |
C:\Users\Admin\AppData\Local\Temp\vbcA315A11FE7114F238226DAD2AE6BA4.TMP
| MD5 | 85c61c03055878407f9433e0cc278eb7 |
| SHA1 | 15a60f1519aefb81cb63c5993400dd7d31b1202f |
| SHA256 | f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b |
| SHA512 | 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756 |
C:\Users\Admin\AppData\Local\Temp\vbcC2E5F2CBAECF478FA57FB6278151F2C8.TMP
| MD5 | dac60af34e6b37e2ce48ac2551aee4e7 |
| SHA1 | 968c21d77c1f80b3e962d928c35893dbc8f12c09 |
| SHA256 | 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6 |
| SHA512 | 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 811628ba12df7c33345de6f87fba86ce |
| SHA1 | e859ac61256ea21dd55687bfdcbc868f4e6e50d2 |
| SHA256 | c43cb233ed1c19bdccff82fd734ca1aa502aad0c62fc081fe8af2824f31985ff |
| SHA512 | a2744b56d24130a9e6dfa164be1ca229dd56f69777ac5fdaffa2239b9bed76896e9c0c9b4630dd0da01117242598702e090857b945b25c8d6b1ce46b4b40df62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c94970c02c08ed35cd8e7e35db99eb4 |
| SHA1 | 7d37fa9420d7b25c593bc2c3e228e61cf5483af0 |
| SHA256 | a48aca9abed2fbdbdc6cae16cf75b8459d1da077668b417d881301fbb61fad4d |
| SHA512 | be62a8e2427422c5a9966864d0be87b20c2d93a2511e3f0e9cfb9b38850160d28f8c84f51aa4985635c78cf6afbe6ee80a28a4e725cac43f24fbb98b3e5e8a85 |
memory/3780-2257-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3780-2261-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3780-2259-0x0000000000120000-0x0000000000195000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 34ff2bbefbc42d76dc7d0b6d03223f91 |
| SHA1 | 19dc79dfb6c0fbf6cd23fae0d38dba3ed854df43 |
| SHA256 | b257b5b9d157e91e495ea9e8b13b9744d6800ad78a5d972516592a27fb0c7224 |
| SHA512 | ff35f2a2371c3756ff30640c3f4e3153581a505eec8178edbe6567576c16b6570201ef1670f5c7750d390405b86d4f10f2d100cd9678e206c467b8e3e9adb327 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36d41679f2c29aa13dcc168be814f8a7 |
| SHA1 | 96461cc4628e13158869810126c8b365fac4e9ec |
| SHA256 | 43de850a8e2b1b49e5ce3643703f8145e160bcabfbeb108248309edfcf378e3b |
| SHA512 | 169bc02b05e32aa0379058c13ccff4e536e95c3071b86249228b6cb4dcd77ffc40cd5758dce6a56cfa994462218b100ced405097a78f304ad50c1168182ff861 |
C:\Users\Admin\Downloads\Unconfirmed 164165.crdownload
| MD5 | 600e0dbaefc03f7bf50abb0def3fb465 |
| SHA1 | 1b5f0ac48e06edc4ed8243be61d71077f770f2b4 |
| SHA256 | 61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2 |
| SHA512 | 151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e9a273fb09706ccc2736c8797bd3fe7 |
| SHA1 | ece15342aaea8f5d5bb9e027e28f90d17792a268 |
| SHA256 | 5a6c738650f8bbace609b8da4ae84ccdf58aadc66d0aafcc58317927da7f1932 |
| SHA512 | 26c498b18ea51b46876d66f477cf6f9dfa576e50832b5979bda9f6abf7d959abd59cba325e7b592dcfa8ab84f76c35057882b0e847e980008a6b7b674114e843 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 420f755fb112df1689942143c1fb4fac |
| SHA1 | 76adedda7db2a9fbffc1a3254001e6a1325d19ec |
| SHA256 | 186e0391b44a0ccb9b1cd6c31907db4956aef5fadc9bc5301e41fa69c69ec83a |
| SHA512 | fe4050545f3386a735366b84dfeaf6d3ae4bff0b3604d752d09c9c06715f404b98fdf0cdf3aa98b6e0e574a984b2b71c839dbf051f94029755055dc7b82bd02a |
memory/5428-2338-0x0000000000790000-0x00000000007E6000-memory.dmp
memory/5428-2339-0x0000000005B40000-0x00000000060E6000-memory.dmp
memory/5428-2340-0x0000000005670000-0x0000000005702000-memory.dmp
memory/5428-2341-0x0000000005220000-0x0000000005228000-memory.dmp
memory/5428-2342-0x0000000005A70000-0x0000000005B0C000-memory.dmp
memory/5428-2343-0x00000000059D0000-0x00000000059F8000-memory.dmp
memory/3176-2351-0x0000000000400000-0x0000000000553000-memory.dmp
memory/3176-2349-0x0000000000400000-0x0000000000553000-memory.dmp