Analysis Overview
Threat Level: Known bad
The file https://github.com/M1W9690/Vape-V4-Cracked-free/releases/tag/VapeClient was found to be: Known bad.
Malicious Activity Summary
XenorRat
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 14:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 14:12
Reported
2024-08-12 14:20
Platform
win10v2004-20240802-en
Max time kernel
433s
Max time network
428s
Command Line
Signatures
XenorRat
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Vape.Ghost.Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Vape.Ghost.Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AUTOCL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\BHUEKQ~1.EXE | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\Downloads\Vape.Ghost.Client.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\Downloads\Vape.Ghost.Client.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AUTOCL~1.EXE | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679457598096214" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/M1W9690/Vape-V4-Cracked-free/releases/tag/VapeClient
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3664,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4548,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5408,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5428,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5948,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5716,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6216,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6236,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=3640,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=6400,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe6a76cc40,0x7ffe6a76cc4c,0x7ffe6a76cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1980,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3664,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3136,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5228,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6500,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3364,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3140,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:8
C:\Users\Admin\Downloads\Vape.Ghost.Client.exe
"C:\Users\Admin\Downloads\Vape.Ghost.Client.exe"
C:\Users\Admin\Downloads\Vape.Ghost.Client.exe
"C:\Users\Admin\Downloads\Vape.Ghost.Client.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AUTOCL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AUTOCL~1.EXE
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\BHUEKQ~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\BHUEKQ~1.EXE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5968,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 92.123.26.193:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.142.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| GB | 184.28.176.115:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 115.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 184.28.176.73:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 73.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c23.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 35.184.229.211:443 | e2c23.gcp.gvt2.com | tcp |
| BE | 108.177.15.94:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| BE | 108.177.15.94:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c44.gcp.gvt2.com | udp |
| CH | 35.216.230.172:443 | e2c44.gcp.gvt2.com | tcp |
| CH | 35.216.230.172:443 | e2c44.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 211.229.184.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.230.216.35.in-addr.arpa | udp |
| GB | 184.28.176.50:443 | www.bing.com | tcp |
| GB | 184.28.176.50:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 50.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| MY | 216.58.196.35:443 | beacons2.gvt2.com | tcp |
| MY | 216.58.196.35:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.196.58.216.in-addr.arpa | udp |
| MY | 216.58.196.35:443 | beacons2.gvt2.com | tcp |
| MY | 216.58.196.35:443 | beacons2.gvt2.com | tcp |
| MY | 216.58.196.35:443 | beacons2.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp |
Files
\??\pipe\crashpad_520_EDKCHSUFODCRLGBY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 8b527312195f1d9c1b9287876b8bc3d7 |
| SHA1 | 30a134cb95dff036b38b0b28d40f1a409f9d58a9 |
| SHA256 | debfc0d32d9c54c93dc0471b383662cdcc99bf60d4af023cef16cc7fd953627a |
| SHA512 | 908c7f171ccacb074ebf3dd0cef1459b8f0f31719d3917a66afb717e8e8d9da2bf0a07988be654975582329d5c076b13b694a0ebf01c3ceaa1160381c42f5613 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 000ffee76cb2295755ae3cc96e4d83f8 |
| SHA1 | 47b5dc9947e361eac397c0fba271e6d7cdaa8af2 |
| SHA256 | f40c5bc63e819fe27e5c95980fdbc570379156f912581771efd05084da98ca62 |
| SHA512 | c163f6e166562b6850da13a821ca97bc3a5e7e2bb05234a54be0ba2a33d214e300705db5b6476fc17966fd8839df0b7a74b05286d6f2fa1cdc0ef95086831003 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9b1f70ee5bfae14adb8a29ff3939a89 |
| SHA1 | 92ce112bb85a95112189c6abb6b38c110c0ac447 |
| SHA256 | a075f9c83d3cc7494c407d16ecc0190dcd28ec28e0676e2ca284b0274a286f66 |
| SHA512 | aa8b67c90edee2cac9463a6ad0c0874570a1a00d444eaecd6433d7330f9fc3d2b77e753f55dc4ed259ea693f3031b970fcb286c61d747c75639d6692a1bea051 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8eba1728f37cb6e6356361c1d9497282 |
| SHA1 | 946d35d7bbed9228882c8d851e7d26af63613489 |
| SHA256 | 12bcb6c34629e02528b905e2fbc21fd89277202962082a9a972323a58d84c8c4 |
| SHA512 | 3356caa9f7e58808834aa753b0d1e4c4c71176fb40932601fbed6a97d9015560540dc3a2c9567f6ec1423aed00e2e891895ff7d52671686724a79b6184499b01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5e0630d2486de3539b183dbb464aecf6 |
| SHA1 | 62ee12c7385e0edc83c7554934ee9ae1d449932c |
| SHA256 | d7bf0b276c9ebdce4385eebc602eb1421ac3cfa14984352de0f6a78763c0fbc5 |
| SHA512 | 58633f30650b419ec1aa7d298571b6ec56213136b37356bc0a93d742d45c06272c645797aaa74568d0af6f3f768edbd566455eddd96caec259af666d4f9c0796 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d73abb243fe056bb3ea545b046834b8 |
| SHA1 | f221efa646bae92f592c8282a348d16f8d21a4bd |
| SHA256 | cbf607f55849e1815ba3c16130a3b09a95968b45c7a37b7fec716b61c4aa51ae |
| SHA512 | 253465d3bb2b0b89886a5b5746051f4b9f2a1bcb7c9d0971671df850ecd3288d43e4e49a20d13ef0d9764937bcf318d3618794fb17d0d16700a11113c8ad539b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2cd607e638bf16d31ff6a2942792c62f |
| SHA1 | 40dcfd53c1a33e68a1c219b8496283615c78ad31 |
| SHA256 | 4c1a53f94d2941eada4656fcb3d45bde352417d6826c21f3f4d81b0e8f2115ef |
| SHA512 | d5f9c4e772afa1d2becd46bd6953bbce7889d4d117d3127048465dff0725b16248eee67ab488e802e74848e710ff117714c97438cd4bcb434b387ac821a06b2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 78c569497f0efa7d3e98c8447a9ee76f |
| SHA1 | 7991809fa954991cd1c97de6fe9dd7d7d5dc30c8 |
| SHA256 | c942fdca48c7d01cb1fdfe2f39b6382bf4b2e50d483bf231def4cccadef7e1da |
| SHA512 | 391cd2a98be686f7955e0f8ae5ef48fc6828ee1785caa4bbb10c9c5708f397d3270df0a6ae23e9e30c6e2844709440879ec05867cd846706bd13a49b77026069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f8099de2777b5c68089217ac3a4c61bc |
| SHA1 | 65967b2553f9d2cd3f9edf6ffea3d8267f9ef9a4 |
| SHA256 | 3514cae50c2aff875d7b360fabd0ea85a6c190deaa50c6287786ff7e1706d943 |
| SHA512 | 4327aeb0520cfee950ed7110c079a38bb1e474a80e41f6551dfe964a9858dfc93d72eed1718e1ccd9fe4f37574f489fa52342f8c3958fcf188556f16e0719211 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20bfdcf53bee10dbb1e4f2f3c50e9c60 |
| SHA1 | 2bb9e15e7d2c137e142e86548599871e4fa5b29b |
| SHA256 | a863cf3de3d8a552e1fac6bf2a1aeb825e69f5100f573d9524b172de3fbd0ff9 |
| SHA512 | 875e36cac687da2de808b27b3baba486c17fd86b089cebceeb0b65bdf5179e36ebd88b59c55fc828caa7a0179e2a7f7c0ef1a91b527e553fd7e212992eafa9d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff1cd406df4653973ff66baa7130225e |
| SHA1 | dab1bb36e931e86040e911144323f5a1cfa4e971 |
| SHA256 | e4523e450847e837ab950882885c2f12eb9b3b600d1f5c6400c473df84d45202 |
| SHA512 | 7cfab10510cc6e7b388931349ff85b24da91256c550616352998e23e8f7e14cf02253bd5068a4564c10be97cffe39d7d338636ca12948a093249c157565b71a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5ec601071ebee8d75413dfb499b9edd5 |
| SHA1 | 437ecfda67a220c1a0564dc0640f244707ed4eab |
| SHA256 | 35dc0f5a68f1ba9e62cf4ddaa4926486073fbbf35d545b4c552db8aa6805bfcb |
| SHA512 | e38761e7a7b9b2fe37cca9c1fbd7766718ab85dab5ad2aa3db4c1012d4bdf8005b2b15433dd6b8bf2df5d7f236aaa013f8ad8b7087a22540fba0603dd231d308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 419ca4a987118c14b3ded897c3f003ee |
| SHA1 | 8fb85776526d922cffb321c345d5d3108b0a95f5 |
| SHA256 | cc3a41ce0efd1deca009924d7d1b92dd59001eeac5f04583eb1ddf6bf981c215 |
| SHA512 | bfc44958295e31be87bc4e6cecb643142366df0669040b44de48dc70a4bb00dc33a7d31f7e11bd08a96096a71887d3546afb261924c8eb3d161145c0ef8f30e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f17a21b917762338dc41a95aedb9a3a |
| SHA1 | abce2947061e2ffdd6cfc14ea544938b93d31c32 |
| SHA256 | b683fa330ae31890e579e5bc56902d0b5556a4c0f322a09c5792d484f600dc5d |
| SHA512 | e8e32f6d0e903fbfd118f05683620c5a64d0de7536ec0ec64252b90973ec80ed47c127e4581f767352eb2e00721b5f74d2e50a052de76009d498967a43ef18dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5513fb904a57d4f9d239d84f2864e50a |
| SHA1 | 79c596a1440ff240c54e2e914d3cde021d65c9ab |
| SHA256 | 7dca5b89d3f387213a56824845556b52bf55044dd20bd0bfbc25200c55560c95 |
| SHA512 | d5f64b0331fddf0704c0c74253ee138395e1052c4ad1282e01916b994fe0763b9f92f04d4e3471a4b00f52c4e8bd1330325b9d4fe675d4eca702037fa25d6fa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d00135f0e7f7cdb0f0c9da853afc212 |
| SHA1 | aa2cfba717d3c996cd806c5cf40c55b202b864ce |
| SHA256 | cb5fda8b6e81de63a8b026e77a46501a026064bf35091b4c513b10432ec6eb28 |
| SHA512 | d7603694472cc0130062fae939b2c709ec43f2cb121100faca6002a174ecbf87397e7aa735e9bf0aa158303cd0efd97413bb79bc7daea5f56de81ae54bb2535e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5084ed941594f5c585b9db7d1e4b5b70 |
| SHA1 | 787bf99dc4822d7657829d65663336615b6e070c |
| SHA256 | c750ce3e4aa096b83cb4af890d6ff7b182fc5deac77d103aaeb4fe0435da2e77 |
| SHA512 | 32a9d9662cd30116c2dab9c6a9c8118dc69bae47eefbb4376104e5276b45ec3af7fc2deb1e1499edfd528f4123e623d4234ef62b1521e9b4f85de5811f9895bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 664da61b80b2cba221c493da1a9fb102 |
| SHA1 | b07430a98f054801eb3d628b4be4e2a63ee0d644 |
| SHA256 | b1386772903852a4602ec469628460ccd6f6c9014b0334c90f71f45fe2930fa4 |
| SHA512 | b90fd1d90efd8720bc772141d3f6f5983d0922563963131b231d4d85c22a4487d753e16dd0624cf08f97d78d33b66de4e13ab327fc93949d415c822d8910a547 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67f9a71f73f82a6d2d48987d7304f9f5 |
| SHA1 | 26d538c11ce80222b0f2f0c2a3e59a7190c34b96 |
| SHA256 | 30344833bf58775dacd7c1e29662a3ca8b773cc2c9a21c7171a84ec6cb4d47a3 |
| SHA512 | 46641ee6025600d504f4d01ffbd54362cbde89c277f60c867a31c802dc4d73807fbc54d72540b504e74a92355cf09267bfefef18586dd5be1adfbea646da6c68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 50504c38b8fb994902365fe675d01d71 |
| SHA1 | d8c444aa2f513e65245f2164b245f376115cd896 |
| SHA256 | f9341b7314af043aa79f82c0c0dc69e1149ae6eac138ce31cde1bedfb2000a08 |
| SHA512 | 787c583bf814627db2ca9a0d48ad237eab5d1206dab2935371dca424d386d9be5e688d53c1953ff5f1bb10e276e08c82b75caf805d81890ed18e87fe8c92a7e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b8a03d8671f83696ef7e4a67de60fc3 |
| SHA1 | f80a0ba75992e89564b8e7e5a5ac3904ecc4fc04 |
| SHA256 | 45c051b6a5ea75858aece0b52c1906f7b7d7bba37d4a29c60b6a5971737d240d |
| SHA512 | 7fd45cdef0e53565b68288b055dcb295568361a88fb9933d8a5deb3646583104b99af559c3d899891f5e0dfd919a9a8debc742131d30b9ab3b50a134f9b62f91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c7527339ad6fa3c6894cf78fd8a5cc7 |
| SHA1 | b14054ee3427291472ad25f9a05bddb388621c05 |
| SHA256 | 9f288449f910bdd6948a4a05926b84236b407a4034e3b61eaaccd950ea5d9176 |
| SHA512 | 372f203ed77e62fc6baddb486e665e3b9cbf4dd68395a9bcfb421bc21c481fab88d9efd0d291648cdcfb78a0c138c129a4a9cbbd98f77d263ba080f0f7456a02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9589e8021ebb2a8ae1563393bb995581 |
| SHA1 | 7ffffbf2b4b8d783f4660d81d2bb59097f8e4ac4 |
| SHA256 | 3b7facf9ae80747403a391296b0a3fc290d97c0a9e1ae78bb9c63a85151dffdb |
| SHA512 | 6a378051c5657d79ca55a487de12b969969507b6109a4987c62b6084901b7e1fe301c7ac0d8667204401c77c1942ada4d37ff69047f76b33e20670a0fb96abca |
C:\Users\Admin\Downloads\Vape.Ghost.Client.exe
| MD5 | 35df05b7c1961a0f69bd99ea78732656 |
| SHA1 | 0b6c342574f28ff311232549db6c4f147db779dc |
| SHA256 | 1da503b09db301240e0e884cb784c00ac36bed73ff1589706db852fd21dc1b90 |
| SHA512 | a19686a1d3b4366091a931d2270c8c263c504106abb9b302de6c51df271cabd6523b699c37c4333135f61699d037d640f07a15e791c220ac1dd5a190eef5eb1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67f495ba669a8ca1ac0345c6e981dee8 |
| SHA1 | 25dc65bbf278a43c50fe872ec65a908b4c32cafa |
| SHA256 | 557c362fbe3071d9bdfd7c1164382d5334509ba53a636386547aaa9eda1941d2 |
| SHA512 | 33c515ce080fa1bd1696ed40e55b5ad7b332d6f1d13c4f31559e43cf197464ef926db4075124bf087a90dfeffe5f348fd61027b383d6c4806c6acb38fda542d8 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE
| MD5 | 244c234696a4a686ba7b6e4652d6200e |
| SHA1 | 09806d289fb39ed2997eadceb901ba8e2e5616e5 |
| SHA256 | 2930b9f36c5719b27475da8bec4990528fc2aa55d768007b06b7d4c1cdad2654 |
| SHA512 | c40b6c8e1ec76e0018c0a15d0192e2371445a8250d42de78ccbfb3b3a100f9c21261ad7bad20ec92dada4d67ca05ae6474a9555a414167c96a1e479d93ac07f9 |
memory/5968-327-0x00000000002E0000-0x00000000002F6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7610e4265534247af23282e644b6bdcb |
| SHA1 | dc69fe43b33eefa1806add5ff9795ed62316dc8c |
| SHA256 | c66859519901d86440f0d92b97fe5dbf736010916a8216e6f85a5b610cdd6d0b |
| SHA512 | 058b8f6ddf2f2e550717e77323866cfa0579c99b9cff21887c23628ab8e3457b53481164037bbaa96ac36b103e22c583a608ba71a143899ebcc59905a65004f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e16907d891ba94ad640a30e8bcf9987f |
| SHA1 | 291fb2e2562e121fa0f16f8366589900a8dec044 |
| SHA256 | 979b4a43a75192086f29d2275cbefeb25511136e143c294c54befbd38df17671 |
| SHA512 | dc0f13702ee81dcd3e21c8d06dff5e7e6ead580d8712073679acc3aee4310e3b888737f7b605f05b41d6c3c129f90fff6f057f08c0d793c574b823597363f40d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | cae11ac4eac2127beea083a681039b62 |
| SHA1 | 50e48d3012581f2d8d7c95f94c8cadbfa8030a2a |
| SHA256 | b6dffbe31be0e144f77b5c46a13c1369d3154ae12b3d2ef33170fb6a30a93ffe |
| SHA512 | 054b720ffe7bfecf7c338d3cb6ec73abd5cb9d8462e2b47b7ceea8c79c93b8cafb2671f34196399ac892eb2daea65faec69ca78556ed0cdfc4be3bf89e83c68b |
memory/452-440-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-439-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-438-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-450-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-449-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-448-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-447-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-446-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-445-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
memory/452-444-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE
| MD5 | 7fd68fb2d8aa4e6f3590e3bd4fc022ef |
| SHA1 | ef29623916a7df347fa5407c69016a12e8d8f0bb |
| SHA256 | 14b85053b82554c954450d5010ca5cc3fc90fcdb63c0f391317d795466ddc137 |
| SHA512 | fd246076b7bbbca062ed7e8e7ec5f45c570fa36a00f7171499aaf2cd72b0443cfd9cc19683886a259e547a442073c338d558df099bca746f911a9fd84bad4bbe |
memory/1672-454-0x00007FF7058A0000-0x00007FF706407000-memory.dmp
memory/5476-457-0x00007FF60D9F0000-0x00007FF60E557000-memory.dmp
memory/5476-459-0x00007FF60D9F0000-0x00007FF60E557000-memory.dmp
memory/1672-460-0x00007FF7058A0000-0x00007FF706407000-memory.dmp