Analysis Overview
Threat Level: Known bad
The file http://google.com was found to be: Known bad.
Malicious Activity Summary
Modifies Windows Defender Real-time Protection settings
Deletes shadow copies
Modifies Windows Firewall
Executes dropped EXE
Loads dropped DLL
Drops startup file
Checks computer location settings
Drops desktop.ini file(s)
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Browser Information Discovery
Enumerates physical storage devices
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Opens file in notepad (likely ransom note)
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-16 20:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-16 20:38
Reported
2024-08-16 20:45
Platform
win10v2004-20240802-en
Max time kernel
440s
Max time network
444s
Command Line
Signatures
Modifies Windows Defender Real-time Protection settings
Deletes shadow copies
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.exe | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.exe | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wvtymcow.bat | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Michael Gillespie = "C:\\ProgramData\\winlogon.exe" | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Michael Gillespie = "C:\\Windows\\winlogon.exe" | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
Drops desktop.ini file(s)
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| File created | C:\Windows\winlogon.exe | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| File opened for modification | C:\Windows\winlogon.exe | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683143036102323" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext = "All your files have been encrypted due to a security problem with your computer\r\nIf you want to restore them, write us to the e-mail: [email protected]\r\nWrite this ID in the title of your message: 76A7FAED\r\nIn case of no answer in 24 hours write us to this e-mail: [email protected]" | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption = "Encrypted by Loki locker" | C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe | N/A |
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffbf519cc40,0x7ffbf519cc4c,0x7ffbf519cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1852 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3024,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3316,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5052,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5032,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5044,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4400,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5368,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5620,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5048,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=928,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CMDWatcher_v0.4\" -spe -an -ai#7zMap10430:90:7zEvent16091
C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe
"C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5988,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5064,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5696,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3532,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5952 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\f39802b6817ffa5da5e9d779bb3711c5554f0373f0678bb309fcd009c0acd40d\" -spe -an -ai#7zMap27909:190:7zEvent5047
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5976,i,14683664092277800866,8372962531196856169,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5936 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\" -spe -an -ai#7zMap30614:190:7zEvent3970
C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe
"C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\logs.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C schtasks /CREATE /SC ONLOGON /TN Loki /TR C:\Users\Admin\AppData\Roaming\winlogon.exe /RU SYSTEM /RL HIGHEST /F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lxia11mm\lxia11mm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD84.tmp" "c:\ProgramData\CSCD1BAFB453BD5467DB198782833FE1055.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin DELETE SYSTEMSTATEBACKUP
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C netsh advfirewall set currentprofile state off
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C netsh firewall set opmode mode=disable
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\SysWOW64\netsh.exe
netsh firewall set opmode mode=disable
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /SC ONLOGON /TN Loki /TR C:\Users\Admin\AppData\Roaming\winlogon.exe /RU SYSTEM /RL HIGHEST /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.201.174:80 | google.com | tcp |
| FR | 142.250.201.174:80 | google.com | tcp |
| FR | 142.250.201.174:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 172.217.20.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 216.58.214.174:443 | ogs.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 172.217.20.202:443 | ogads-pa.googleapis.com | udp |
| FR | 216.58.214.174:443 | ogs.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh5.googleusercontent.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.65:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| DE | 142.251.209.131:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 131.209.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.20.217.172.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.74.230:443 | static.doubleclick.net | tcp |
| FR | 142.250.178.138:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.138:443 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | tcp |
| DE | 142.251.209.131:443 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.kahusecurity.com | udp |
| US | 75.119.204.85:443 | www.kahusecurity.com | tcp |
| US | 8.8.8.8:53 | 85.204.119.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| US | 75.119.204.85:443 | www.kahusecurity.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.68.250.142.in-addr.arpa | udp |
| US | 142.250.68.227:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FI | 108.177.14.94:443 | beacons2.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FI | 108.177.14.94:443 | beacons2.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.14.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c43.gcp.gvt2.com | udp |
| NL | 35.214.142.18:443 | e2c43.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 18.142.214.35.in-addr.arpa | udp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | udp |
| FR | 142.250.179.65:443 | lh5.googleusercontent.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| FR | 142.250.201.174:443 | google.com | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 142.250.68.227:443 | beacons.gvt2.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| FR | 172.217.20.195:443 | beacons3.gvt2.com | tcp |
| FR | 172.217.20.195:443 | beacons3.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.72:139 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.92:139 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | loki-locker.one | udp |
| US | 107.178.223.183:80 | loki-locker.one | tcp |
| US | 8.8.8.8:53 | 125.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.223.178.107.in-addr.arpa | udp |
| US | 107.178.223.183:80 | loki-locker.one | tcp |
Files
\??\pipe\crashpad_4736_HHSHBLXQCKCJAOYA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 955999334cc3f7a62c4fa89e386f5d0e |
| SHA1 | a0752fb0aa00891658c4d644f5773321f1fe8db6 |
| SHA256 | 0d8bdd71590ce101fc312b8d837ee4252acc9d7e60a5f9849dde0f2ab05f9686 |
| SHA512 | a5eeeb3c259e10d80280f7dfe75f21d1dc67f67a82466a69bf0d5e08accd1225b9871497d4cf760b0c208955f0f82341bc1e6a72a73d0f91995f080c2578cb66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a5130d0b7c8f550ad1a55e6341cb6945 |
| SHA1 | 419462bbc4b96d757c1aa046fcf1553cbf25a217 |
| SHA256 | 5a9798952072f48500059521486f5b54598a9aba70219de94bf8c910a93baefc |
| SHA512 | bbafd10fcf7f4251290cc21a90866b70df366fbfbb5d42b274361dea45bff5659eede77df144fd9db678c34e67655849714b00ad6dc7b3b9d393c57f94e46325 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a9f91ba08273da40fb5ba7ab80bb3f5 |
| SHA1 | 6d2a601eee9bf4bd48fd376a2b0e516da03d38c7 |
| SHA256 | 0f150c54c436827918f62d32843a19c7db18b1415e23c7f037b8bf17990043ef |
| SHA512 | 104003c606252d059f6f54f189a887d1a7f1278a520f236fbd4f0b7c63c326d10ff0747e4004759ccb5356d624511ddedc25b3f7a96722721cec1a657ca62fec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f53fc10df1813f96d6c51039866f02f9 |
| SHA1 | b669f340d69c7afd27e994f256beb358f9f64440 |
| SHA256 | 5aac4a3236736cc7b923d3cdccf4533a9cc025a3a23e18cb0ca22612f8d9e916 |
| SHA512 | ba96dfb7f80b46167599f6cc1d5dd952d0a5701fde083513ffe9de34ac8e3ac559463a8327192dceaa7e595184b18a11ecbe2167a6137d52a106c91c01ab91a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a3096c158b445138da4800c672ce3b99 |
| SHA1 | e12d249324d1ebf610a91cc935082fce3afc4bcf |
| SHA256 | 4f0fe0d23cbe440a4f9a728700b026d149690db7e5fa632c6a586f10ff71a69a |
| SHA512 | e2c6a1ddaf0aaf0e726e82b9c8d905169b2db4450ff682b2511dc90bb1e2deb0c26409d0e28f437e1c8dbdc138c205fde0d1d4ffa7218387a28a3c3631edeae8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9213af3908fc6091b75a04b2a1bb5562 |
| SHA1 | 503bd312b51e1afa86038aa71d4141d2c1aec1a7 |
| SHA256 | 1214faff46e4c0b965ff9a6866601d6e61b5de51f7ee0ba1721f7dffa7cf436a |
| SHA512 | cc86dbdd38735a8fa84e862f4ff62bfe4b2a7af22545e1de43af7cca424c71a43cf8fe14a9411ac07c5e52a0cada6329c5b4dbb71d527018ab93a44a9e4a4785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8dd6f75bb3ad86698db90dd3340b3fc |
| SHA1 | 15f540be5d5cd0e0336874f70488018276eca652 |
| SHA256 | 3e7a0607780bc7c408c9c45c5c93b385c16328b89c20e1fac13c71a42d57b5a9 |
| SHA512 | 6759458a554dc5d3c55e21393e3de3aa7b75e822b5cceb4713334dbdbbb0f9e584b416b7d0b342f31b5fe439acb99b8fc291e0b728d9a954e8d8ba02be38d55f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | a7a2f6dbe4e14a9267f786d0d5e06097 |
| SHA1 | 5513aebb0bda58551acacbfc338d903316851a7b |
| SHA256 | dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc |
| SHA512 | aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe585a60.TMP
| MD5 | dd2d086d4d78d6f7bcd31701baf73ed1 |
| SHA1 | ab18a4f8ade8a848c5efe4666751fa63de7fc842 |
| SHA256 | f10329f65d26ef2d3ce62a698e0db413b4a697746bbcb22123b380ac3fda3837 |
| SHA512 | ab6c8245e7c6f5325285bb83792e21f64e300dacf8e40f9db38bfc7bfad543ed320a0b02da5ad49fb7e27a9f006c06c8ebff33a8f5c4e4947b823f673cf4a120 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2fd4ca31d19f6c9fc1fdbfe95677f288 |
| SHA1 | 2c9dabcd04c340ba97263b99a8e42b14e8e8d266 |
| SHA256 | 38a5c978b4f374c30275e667bb8d81f9c75beaa5508a6dd47aa5c2253bc90071 |
| SHA512 | 152c017b53f1221bfd7dc9c227b4b74851247d416775eb6d6fdedb6acd09a16f94d0bdeb6e1f7a5f47acf6b97f4bc805d19dd1e201b8c09718de9a6929d8f3aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt.tmp
| MD5 | b524dcb46e8f00e7308693831c1e3964 |
| SHA1 | bb7c13ceda2bc6ef82d3e17415486c306ed839bc |
| SHA256 | b6db13e276c86806c4b316f0789baabc5e4d594014cdcd4a696c35688bb49687 |
| SHA512 | f9bb235104cbaf076c63c65efc44f50d68b74ecb20b1b40b35a66dd5ab4e6709637ad63893d0a873fea36a6927656f3c391427458606a58728edfa5892a00962 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eb3734b4ae61adb42765109442cca132 |
| SHA1 | 51ee9665ad69ea40ceee2935efb339f53e7f5544 |
| SHA256 | e6076682a76dd03c667c1ad310e9e9688fc567afc882dec80e37b331a67088eb |
| SHA512 | c6c1739f2c5de1caf452febecccede91a0910a52f9c76a6854134f0450f030df231f4a39548007dc8416044884df6368236b6354beb92dd006cdb5741126463f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c8f6f4aecac3f5516f21aec2769478c0 |
| SHA1 | 8f4de3c51b430270b9f3fe577b4049cb64e1dcdf |
| SHA256 | adb0f190da76587f561fd225b1302ae8a0764931f28eb4073ac1803b24a7ea0e |
| SHA512 | 3e3b0da5dd515cd163ed6a9274e1e7507a0f5ff51b81dbe2974ee76b6150a660fbd30b827953584d3e2875672f4985718cd1e590eac3f4ce1f2e73861b965df5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ed92b40efe68e534922d646842f7dfa7 |
| SHA1 | e6080414062b6c0aba2da1c1b756caa05a3f0e5e |
| SHA256 | c8a2b7c56edbde754b4aa269d61bf8e344bfc0b453f9f870b8d7c6ace04fe850 |
| SHA512 | 77e3d8459edb80e8df4f866cdee6b97cc5f347b4fb9514568fa416194478d1a7077acedf4352755b9d8225833bb1b8b248b156e393f6c2337751cb08ad6a7fb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fd03b6c84f5e6c23ca69b1f27ec848f1 |
| SHA1 | b8e17c871eeda7aecc8454053dd323f222033c8e |
| SHA256 | 122cf5af1d40f7555e8a089972357044af39dc731f4eb8fd66b6ac20cb0c9fb0 |
| SHA512 | 94050a1278b87ba9e54ec840c42c5cdca32823ca2b0cb76ebdcdf3ed2d8db172ed8f695ee2b56deb025bf284d1db98669699e00e761b3e6d5c3d397f3d6076d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28ef60053d8dc227afedc8cf126cac4e |
| SHA1 | 444b286c1be4929e8943123e3b9d7c885e72deb0 |
| SHA256 | fdd510bcf8912957a3d9e8ad300c5ce420e23b0e313a9a8ca9dd38cc6686dcfe |
| SHA512 | 484edc87c56fa0133a502c46b86f106b4a7dee2e79c744aff9c63f4d705608e6f5495b66ce81238a55ad480b4dccdde453af5e46334dcc15021ef3d32f4b1ea8 |
C:\Users\Admin\Downloads\CMDWatcher_v0.4.7z.crdownload
| MD5 | 477266ec255352f3e1d183a628e48073 |
| SHA1 | 902219e1756d3c7514d4e115c383658b716dd2b5 |
| SHA256 | df9da98c0e3e6ab223c4bc27290a51dba5628bf9468f4ea0bdd2cdaba673e9e1 |
| SHA512 | 96216f54a2052e94f321bafba0bb62ed161fcc046eccf4e1005144a75e57f01db1cf3b7edeaf0a64e1b05aa1555f6bb27df32434f851e81a20bd06cf3fcac717 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac508c37f49d19fff9f9e8f0adc316da |
| SHA1 | 1410492e8e73f5c178953920b539bdc7d5de7da2 |
| SHA256 | 7ff7d491551725c16cc7f37386ae26dc3539e9ed1b541bc02e29250d7dede7ad |
| SHA512 | 2b12ad96f5019bf7a65aba5d073a0bee40a283fb7cdec961a9815f36a8ba11a7db90afcfab325be0238a4eef9d4a405e6d15d07247e4961d562812727c7a1b86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de66d8324fde3a1bafa95e158b460fce |
| SHA1 | 614c1d51b99a5bd373bd4d232c4d8fbf6048c719 |
| SHA256 | 8bcc6277145255222844d4c5a10674f35a74fa02c3fda65c82cf205c1919a04f |
| SHA512 | 3f3379fd8f02dff01197c379ab7e138813aff3470cc31351b0eed5ab9cf367843f2ab199d80f563824e9f4a91f039e7c2508999c5b88c4510fcae2d184d782d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c905195dc8388ab91e98bfb775fe0481 |
| SHA1 | 05d3de37437cf65d81d5f0bf6761d3bd39d839f9 |
| SHA256 | 40c57566618577ca75ee42d07d12b361a7f0e01dc9381b336ba85c1df9f0a711 |
| SHA512 | 0ee697eaebf30d3f14a1f52f717bc661e5275dc3323240057352fb8be836fa45a8012b669e55acf3c24a28ea09a27f7ad2c1262ec4f9e469aee5386fd5f91aec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e8ee2117d43f7d16bac831437911626 |
| SHA1 | aeeedb9f35e012acb95aa47eb1388c450d77acfd |
| SHA256 | cb391cf8254077aaffbafd0466f4b096270d5b95f32fbf88d7a304e19e91a34d |
| SHA512 | 2639903e652884cf6269393adcca0e6d541c8233b5875eda419b0c2c56b0e3dd2ac940712694019c8f5ec4570f8b6a8c7e9f586708a2e096b0afc54a6682641b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c63a8b81400e7000992a87039f86d62f |
| SHA1 | 5807666e5cee5229076653a1542e47dc1f979c8d |
| SHA256 | ddfcf31c34e53e586b0c6a0e94fe66d70ab1fbe195eeeb256dcfe38650522b9e |
| SHA512 | 58224ddd46596106267b9bc6be76e95ccdf34cd256ce50014e61a60f59b3a465f3af830a69d17808e15d914f1b17fb72594cc6d6d4532b0ff34ac5953d1e35b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 498be0e543cb5ffc7cc742ece95a7932 |
| SHA1 | 14df86a550f63f55b5e3a76ffbe562417e7be069 |
| SHA256 | 487444a035db7171c4adba97b840dafa12da523418d236f67899efb0475c4d23 |
| SHA512 | 3b1e7a8f229be2e2f6133c48ba29b0b3b78742f2d6a7ba2a1db000ab5579a14a55d73f4106b3c30abcc213717027debd7ce4a7275a6989b8facf0437e2d0f1b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 21e21ea47adaf6067a098034d4f673b7 |
| SHA1 | 72f669cd0437bc0e4a4d517018d3b1e4b7caa4d3 |
| SHA256 | 795c71b8f1ac29c8b831652b7ee1571756b5b4058d2f310e32cfe68906a40790 |
| SHA512 | f99446a8f9a30c406f49c4ea4ffd5dcf60fc45c8b53ed9abd09022c7a2f0c5d6866fefb9b6df63ec53a7f8fd07e52a1c384041e92d3bfad146d5c7a083e5ac1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd62aa99e2a44fa65d1378a66cb22800 |
| SHA1 | a1611b23253a17f29be766a958047733470eca85 |
| SHA256 | 4b423023cfa3f673dff2177231a9c8d400fdf0bc03d605941ac01c3b008bfde2 |
| SHA512 | aa8a280235fb5ce56b4b2a3c299a8f5da493dde97f8b2956412e982070a05691040cde56f6c17a508571fe278b55e64fc829f724e2ec7480182ef73664da8f24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | 3b5537dce96f57098998e410b0202920 |
| SHA1 | 7732b57e4e3bbc122d63f67078efa7cf5f975448 |
| SHA256 | a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88 |
| SHA512 | c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d974e3f840bb9a54b23774658106e976 |
| SHA1 | 2d6f825e4b0b1ab331fbbd9c84c688135d8f0411 |
| SHA256 | 578a6a1a00288047543694502301b35d7bc1a0deda9ed5d8bed2cf09ead02945 |
| SHA512 | aa7414060d2b78b95e01e85e81693084643324f79cd9799dfb431442c72467e27daeb92ca37307aeb76fd95d9918df3a46250496afd2363b37cdd1013e522f34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f759481ee9e940cf8a86d82f3ac289e5 |
| SHA1 | b0e48eb7f7586015c145340d6283a7582ea7a417 |
| SHA256 | ec5c681cde0bafd84eb035104b83c6f36174d0501dad8925b4b0e9841d4cbe08 |
| SHA512 | 3e63a5f3a9608370fa72753723c9b6e8840361901f75625d650241f538ad38f08659f9df71d2ddaaa13995da96c686c57630a26a54e981e0b3a00cefd6444260 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 36bfd23efe0fbf170c8395890efd9e17 |
| SHA1 | 1827a887284d7b03702154bce0bee282c88e07fb |
| SHA256 | 241675655f6c39747d3fa2d3fbf490fb17620b0042573c1c85f576cf74d754a7 |
| SHA512 | eddf3d37d47a82ba43493a464955763a08b49d2c219f3b807c102ebb5088a6a5fe00765869c7959ad3a55003d97faa34d34bbbbcc17ed80eadbe64561e7ec894 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2960afa56f40ddc190a715c43549730 |
| SHA1 | 7a61ef466139fe74c273472c8af42e886a4313b5 |
| SHA256 | e58b03ce1c6ed1a4ce81ed30f37c7e67d7bb2ee3a09db442362e1f9ab67cb282 |
| SHA512 | e8349f7296d624f4a061226649956e760e2de1439d8fe6c82a22874a7f8af7d8e72359c77a9715e0844c37b5ae37f0b548bc6524c3de6a9f41c3f8c26560d27f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09487f5fd613e483a7824a63c88f8bd6 |
| SHA1 | e8a37b2cd326114a27ecca58e58ef38d53e6f666 |
| SHA256 | 34a3b8133472cdab54411c20f0b8e6c0875a83cfeb9049ef8ceda8ebbee29ce6 |
| SHA512 | c69cca696e731158a4fbe284679b1a465e77ecc2bc7a4390bfe8708e89b42d3f00ffdf5ba79aab7df08cac7a430dd8eab7d4f0d871ed66833b92aff8c6042bcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb58a2fa6c64e08aef9eda54323ec168 |
| SHA1 | bbd39a659d4ce2e1312de705151502e00d41edd4 |
| SHA256 | 9963eebed55050fa10bbe0872d38617962041e6ca3b91047319fe83c6b0f9f5b |
| SHA512 | 9f56a8c67a1394ae9bdde533145167f08feabc9a13181179526e16e2d31c1705408affe61715a0688dd4e2c358bf37d2f4b9ff1261871f8f195ca2470b57817a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6cac8bb4a941a06a105c4a48a70e5a37 |
| SHA1 | 5ada9e8076b7944c15044833babe0b75914b5848 |
| SHA256 | bb0490054b7a4a1175e5aa214ad7e65419f20ff5227b13cd82a288772f3a3805 |
| SHA512 | 8f1978c021cdab3ebdb7aa10e41e04d646866a8359cc7ec40d687c9ee7073de70282392ffe2092d6f7153a8899e96819f321f89abce64aac49e5288d44c822c1 |
C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe
| MD5 | 482abbf2fd84a712f565d48e286e034a |
| SHA1 | 7b33ec969cc501e1da26ade98309a544240636f2 |
| SHA256 | babbaa201e5e1bc3c68661e1c9f9a41430044446c127fb544b7294dab84ce6b7 |
| SHA512 | c06e49e0bdd91bff59a038bf466598717f7c7be49b06765a90642e0cce7d424a843939ea21035c53dd15a1a0e33f4e6ee4518f9a563fc0aec75d72cae1426431 |
memory/2748-681-0x0000000000E00000-0x0000000001CFA000-memory.dmp
memory/2748-683-0x0000000000E00000-0x0000000001CFA000-memory.dmp
memory/2748-682-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\B3ECAF7EF28870C436FCEB7E36B7B685\64\proccmdline64.dll
| MD5 | c591cb11e592d31487c528671d52cc3f |
| SHA1 | 10c424983eb5ef39621574ef9c049a50e9141006 |
| SHA256 | 393b930e2968cd8f1f8cf7fc33645b9f6be24aa6f24d33bf962304b0448b3def |
| SHA512 | a58655975d682c3ee8137f798afebe37bfad62d18d95b8a72fed3f72e31c0024f833bbcbf68e8baba84a59efe1ec91d3ffd36c0e31783662d71f4041bacc3497 |
memory/2748-690-0x000000001EAB0000-0x000000001EF7E000-memory.dmp
memory/2748-691-0x000000001F020000-0x000000001F0BC000-memory.dmp
memory/2748-692-0x0000000003940000-0x0000000003948000-memory.dmp
memory/2748-693-0x0000000005080000-0x0000000005096000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f8d2234912169f223b981c534b3d7f23 |
| SHA1 | 3b8a12f418bcfdd944121c6fae1df91f9d301a1d |
| SHA256 | c20d499acd86cdfdbbc858ffe70c00816ecc3f895dbc8fe9543d0bfeacaa6775 |
| SHA512 | 18fcf04c829647fee7b625b97b420aed54147661f6e23416592910c1c7274e2863a554b4074c150c65d7eddf9ce40d00ee0208e1fd869cfdf8c018a95e87051e |
memory/2748-718-0x0000000000E00000-0x0000000001CFA000-memory.dmp
memory/2748-719-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff10ff2b768af388273ffeeb2c351479 |
| SHA1 | be3ce7abd4f2c9fe5fae247a8299394e55a9b5c3 |
| SHA256 | e24b2e738ab1647cd55840bbbe322f52513022704c6e1e003f9560cd9aa72833 |
| SHA512 | 4efe572d2f69ab1e9e495e2e745829023801900800df46c66096396b0cbeffa0bf89b69f5819d6c2c9f1e53368ad716a0ba081a0c1917ffa2d885e1d89338881 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9421bf0737e2a53c78bd5d6b073c35bc |
| SHA1 | ca7139d4600a8d14caad72c280eda9d96304f2f4 |
| SHA256 | afe47fd8d5b778f2ab45641703a4df28780e5123553b6b47ebe4c6b4ca902316 |
| SHA512 | ee82850cfb6bf3e2d283ec0a5673a566494ae158327e41878889114fb834e3f0fdf9d957e0af80f4fda2fe4d5abd64d83b7c26920e9b3847e56589fd1511ab31 |
memory/2748-740-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 93acd9abaff0faa9bcbcd13166fe2ba1 |
| SHA1 | f15757fe2754f5183690d58607606e570f882260 |
| SHA256 | ea9e607e30fe355ed24d323a08cfad4edc3ce33fe02a214b86fc515c7a9f2ed8 |
| SHA512 | 6cef03bfb49f7936111060c7b82f08f97f12f93cf099fe9c424572259dcfe5ee915c6fb99382a262457950fa0604f85ee8d29bebb4d46cdd23c8241ababaa832 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 6150f70346bed6a8dfe07416a9f184fc |
| SHA1 | ba1c0f9981f6aa8587845a385b01261f07bba37d |
| SHA256 | c952c3da7d9cf52d287e91be8c2b6593fed5efe093df536d15274c7c9c499242 |
| SHA512 | 0335726493b39b2e3ba5001c512205eaca85d853deadb31c7d1224816d07cb95a9b744f74c1905f71fcc76792a22039d336c1898f3e3e53c88d838b2d1787f5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6538a735bfb44de170220084c8223b9d |
| SHA1 | 5175cffc5c2a6c2aadc2a58cb58d45764ab8dd90 |
| SHA256 | e83b08077c907d4b063d5a8074831e07125da560196ef56b2440525c93a7c999 |
| SHA512 | 1f6d22340d9d8ed413cf44aa85aa302ff97b6205f966a7e5f58de3b0e7466224ffb5f1b41cef82993830728d9296edce2ca5d149e43ffefcfea987c79f154595 |
memory/2748-810-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ef0c9286ad7e83ac6c54bce018158d6 |
| SHA1 | c03310e6f9532bd170b0af2142e887d622e6dc5f |
| SHA256 | 1142c3225572050bb3fe84b06083b58bf873a99b493c136814678d676dfcc125 |
| SHA512 | 7451374fcb33d7f370791398683e64e1cebea9ade20d8ffb2654f8b619479d00c9fe5b3fc089c5d3876c97aafd5137ee0bfb0bff83b64f5f22da81f9dce853e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d2c0a5075a89c6724a9f0b020f8dabfd |
| SHA1 | 0d6827e28c19336c4145a08cbd7649de74208a29 |
| SHA256 | 254564214d42914165658b17551f753775c9f5f3b90bf77c47ec9636d759f791 |
| SHA512 | 8f3516ab3ae217da834a6e6087abcee737d057805962e03944157528a0563d688a9720c5e45234303790f9a52c1384ba8436b7a688648adb809440e2319cba0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41a4ebffd069515d_0
| MD5 | 52200960dc4ad6026060ce41c0c410eb |
| SHA1 | 209724f89a4c8704548dd9c1c027c0009b33f908 |
| SHA256 | 263ed8338fcf297104863b3014deec9630d2fb2cefa17ae0b6cb8fe41ac9acef |
| SHA512 | c40d0af143e4a09a151952707ff6fef7cc30945548b399d7c0f0c8672b6da3d4f2be2fd3bc4ebd614d158174da53778930aae86c85009d7f0c1540e3cfb0ec80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b24f867f2d8d5fde_0
| MD5 | b6722549dc75bfd902d80da76942960b |
| SHA1 | 8c7ecf0ae8093336a0cc040565d9a799ae5b764c |
| SHA256 | 2bb4d4e30066b18f9962b3bcf4b3a6fc0c3cd12f9a2ac3f072935f027b4004ac |
| SHA512 | e54fd01851c816697bf3c4bd32646c49cba8bbc68323b1393265069db32a5228c2a89eabcd5b70685ac33f260958103943ed1cff2e23c7659f1b245ae67a3107 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 888c5fa4504182a0224b264a1fda0e73 |
| SHA1 | 65f058a7dead59a8063362241865526eb0148f16 |
| SHA256 | 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715 |
| SHA512 | 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | b15db15f746f29ffa02638cb455b8ec0 |
| SHA1 | 75a88815c47a249eadb5f0edc1675957f860cca7 |
| SHA256 | 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7 |
| SHA512 | 84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 7e927e134bd5c6dfbcdc6234dd59aeaf |
| SHA1 | aa7ae154c9d7b39b723a2df369988f9836d7f9a6 |
| SHA256 | 908cf2181b99a1026b003e76f03e5ccf0ee87c6ad70c8af282a4283644fba0d3 |
| SHA512 | 870bcbd9f266f9991a3ac8ef8bea04b3e73c706671826fa7601b87ccd432eedd470d68eeb1ac02a743cc2b72d33bf91d4098885438fa3e1dd64ca0627b85a12d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 36a10589b13ff0f7dd7646563eab3056 |
| SHA1 | 72a1512aa5613415c5dc899dc55635fab0e58c1c |
| SHA256 | e51527d3243af5c0673b263160c0b7cda5e16f40cdd111eb2765e8675d3cd01a |
| SHA512 | 11202fc69c54eb785d2dee804c4055a3c222f598fc3a82af6ac71d358e47482883c3713a25ac96c626affba9cc24883827f738f8f34c2d56baf70f0d512a87da |
memory/2748-883-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a4f51bce4dd1dae80b68c0c49d402a44 |
| SHA1 | defeaf9f16774e4a6f29c91c9f96b61e83f677ae |
| SHA256 | 22dfd10691a4326a80a28ed44f8b0431dd5fa5feed2844bd2eceb63a90526415 |
| SHA512 | 2713f1cc5f9434136b8084037e8c034579e28550b5b33953b1967b3fa54a9c64523fd8655a5c341a8fe66915be0cd0d27233cca89c6689baf39d60051707301e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c1ff22d898c94dd3136eba97101d15d9 |
| SHA1 | 5f35528012a48f3f6d9e6aafc4b34b2ca14d8e19 |
| SHA256 | 933c2df954219c6a39d1078b26fe755d3300536cdd82a82c5662ed780472b3f0 |
| SHA512 | b29e4e0958355787af9e335858e4c7b92f52da5e182cdaa0be209850d8dd7ca17162f4d350238a254bc1f0f6d54faec8d72edf20330fc04c15f2c4f356af5f2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13e151310c855d0c9dbc90ba0f03ae46 |
| SHA1 | 4452f1c0a864995e79064ee786f5c5e84d5cfcc5 |
| SHA256 | 706134311f1a108ae5a79d9f96859d259b053e7e0bb6014291365813a66fa445 |
| SHA512 | 4d0b3885fb81f5415b6298568d8470c48d1a6d6c18eab15408a705acc68e0d37c69abbfe7c0d93239cba7898b5518866d16e3cdfb2ce6d83521ca70561a84c45 |
memory/2748-915-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e31f73b942c7643003a480740b6eac82 |
| SHA1 | fef5ae68db14ad4c593241022cd635cc6501b204 |
| SHA256 | 281ef7a4aa1dbed641b5b3ce7a7b3f57bdfa4aed834ae7a8e78c8cb223512356 |
| SHA512 | 1a82dc593aae8e91b380cfce772b113148c392955a4d08da19f864e215e873dd3be8483f1f3d77b56ac78cfa36dfbd76a97bd89b1140fc9069d9db0a1d198ab6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9bdd875bd0efaac707f1a7f57bd6948d |
| SHA1 | c9615e01260bcbfd08cf8b1e406c0d1d6e573b93 |
| SHA256 | 0f4caba53d504c2548e76489ce0fc01507cf3e0f39c5bc33bb216680e7e3bf19 |
| SHA512 | 64cba8dbd1d0c784988f90cbea474209d177df29a065c6f4441670617c5bdefa96cfba769c4f27134d2468a442176738264bc6dbd2db9fcc5a62b994c2e72a1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d177b37f638d03e8622ae479b792d70 |
| SHA1 | 94e390ddabe233579a7258dd371eb697a4769d44 |
| SHA256 | e88a1bdeefc303b4b05278ddc5dfc1f71b2fe6859e131841f5e73783c83dac7a |
| SHA512 | 0b41fd27409f8fad81e85686f328371c522d1342db00503134a45a0c32b1aed8bd05b754f0d4d319d5409defd3c94bff1a47c78e4b882d9b79a95d34ab5e6a8d |
C:\Users\Admin\Downloads\f39802b6817ffa5da5e9d779bb3711c5554f0373f0678bb309fcd009c0acd40d.zip
| MD5 | 7a44a5536b2fb6ff769e4c8b5dce50f0 |
| SHA1 | 433a4ae015a10c4ef60fae8090896dc289b9e411 |
| SHA256 | cfd4d49d3b5db7b5e635d5c5586f0e08828d5f85d5fd6d5a7f3feaece79b234c |
| SHA512 | fbd8bc3d8721b729eeee0c90401c10fe46a3dfddd7cf655955c856d1500af1dbd63598ede82f97583f2c0b5e87067fe72973dd4505b892c2e8066854ce4c6818 |
memory/2748-947-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a1d864aed4cf7eb56d45165de2e2785f |
| SHA1 | cebb9e216c4dad39ff2b326eb210c22d947caf08 |
| SHA256 | 7f7d5308183d53581f9dcb707bff678d1ee3c269f6723abf5ea7824ddd43ae99 |
| SHA512 | 56a16934aa25c1f90aa906c7e7f1493e7edf5a023ca369fc67344f46b3cb454c3ca9cfb93a345d7eb001711c0f5c24ff5151e6f701e4b0fb97e45ba15d5a7b01 |
memory/2748-959-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4309714250a29b4920572405c98bba32 |
| SHA1 | ac26dd46d1f1c840446625bf3eede82a0974cf20 |
| SHA256 | cc0fa1f643a53aba09324901c60f59622b52fe30591b19e06b3f002d92cf0a4a |
| SHA512 | 0b7453ce8766ae9d73e3bf5b24522af0b5455681ac508f8de3610de16527cae1b7803641c725565722bca353187bd873fa09be9105accd288ff4dc566de180e5 |
memory/2748-971-0x0000000000E00000-0x0000000001CFA000-memory.dmp
memory/2748-973-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9228264cfe78b83616a0dca64d96353f |
| SHA1 | 2d52560c7e4c1dfc250f04247218c69bead48e7c |
| SHA256 | 5f06adb1d552e24218fc1da55f10ae46b42ea0748c3ba478d6eb8bc7deaba51c |
| SHA512 | 6c56aea84ca50c129d812c24032ee31f92c9c1b9f12e3b2fded73aff1e3da42f25eb1150fc961162e55201fe4710447b0e17d1fced5373d23751037347a16de2 |
memory/2748-983-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fcfe5c0351a4fdae141f55e9e8c7d472 |
| SHA1 | 65166f682caefe58089cc1ba6cc6d1c956628f97 |
| SHA256 | 064cb11ca57126e87fd60495084907f241ed2dedb32e62651cf484b45e7f836a |
| SHA512 | a61ad3df7d10423a23227b2576d37c7979f04bcea27309b6b1180a202cb783d95316eaf212454aca4cdff7753dad893a47cdd903cbb15fc29f12ee90dc153033 |
memory/2748-994-0x0000000000E00000-0x0000000001CFA000-memory.dmp
memory/4692-995-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-997-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-996-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1007-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1006-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1005-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1004-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1003-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1002-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/4692-1001-0x0000025B26140000-0x0000025B26141000-memory.dmp
memory/2748-1008-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9719e28fc6ce6767173f6481480d8a1c |
| SHA1 | 26e0b0a4759134b6dd2e48574c738f92ac6cbee2 |
| SHA256 | 5bb49d952d8436f3db40fb0b497245d4984cec721a5005708f5588d2dd63aeb1 |
| SHA512 | 88da54f35514ef0b7ff6309f91216fd7e37f58c5a0b0f5fd005bba9ab1f98515a4132cb153c71af96b8bc7c954744dab226204c97162993e8ceebefb4a5f5934 |
memory/2748-1027-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f710384ffa34bf60639b71d111a8f9ef |
| SHA1 | 2104c6ba37b1227574b11f203c3fb9398f3738c0 |
| SHA256 | 019a05ca2a16bb33457d2e3900e58ba1ed826fd711ae8991dd28e15177e9db5c |
| SHA512 | 99116621f52ed1343c17f4bb6f80d8e67a83c39e404ad7622d62430a2a22854f7a8a75b5ede108b77e7a8e6bcecd9cdf50b4fd14fb4939e0365c1ab2ade66542 |
memory/2748-1037-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7bf98efc4de60138753977d502ecf8e3 |
| SHA1 | a27014ba4c2449567a4f73d0665ae5849be21298 |
| SHA256 | ba672fabdad867fb450dc84a49e31875798e985b52c12ad11175cd61be3aef0f |
| SHA512 | e45870c39921ddf933c456ec5526facc064bf2e26a4e2bff08d2afb8163459686e0261296481929d90aa358db80a980e10b8cef5080974bab50878d36d524b55 |
memory/2748-1058-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a82c00ac1b013b456fcc597366b11ff1 |
| SHA1 | 6dcacc8f456943b061720b11441365bd306d88ff |
| SHA256 | c850f434174a519d5795a720215ab33c691addaad04e0dc7de7acee206a03b74 |
| SHA512 | 196942d3b31fbd500c08c594bc4203918df92c7df2c934b7fec8f0bac7a8d884ac41ea1e906e6ed2490a23ff6a99601c3db6a4a04169c816f32d4ad02ea130ac |
C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.zip
| MD5 | e02374dfa8c4116e7e998760258c94b5 |
| SHA1 | 1ca124f838426e59f231fe43da307bc97452cf73 |
| SHA256 | 6c30caa94e99cf04555454a22823441751663470420d845090db3c8fbfeb707e |
| SHA512 | cf27b63130b832615b70957f35f9ed9f7cc6c76389d50caf26a96a8cf422a1c74a617f3bc57d651d523057c823f461a9cefe78e166e6fa2c2e58cb1de28501d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f711a1709cd953302468a2288ebb842 |
| SHA1 | 1b0ac797776d47edf7112bcceafb0e3c29b702c6 |
| SHA256 | ac9ef0329ef18a3d661302a3ed54bafae2e2a30b0161ad392583655d22b02e9f |
| SHA512 | 206d7e848c42e5eebd0142806660d9c608522869166a96c9affd87f3cce199a8f58eaf4889fcc6cef6272eee61da70f8258a534a849a2f60b962ea43bb559126 |
memory/2748-1081-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 6bd343c44cf6d76070e06c2c49535e1a |
| SHA1 | aae7c4df5275e772eeed9aa0338c4685d7ae6bc9 |
| SHA256 | 12f7933b9b9bd967fdce7cdc2bfed80340041dac05612cc3f272ae1a589b6f17 |
| SHA512 | 45309f665359f6c36f8f2b62bf37693f2d50989578431af41165c9f3054f5ba20920c52f50fb4065f2fc188d312ad091bc76ee6ebb5ebf5741d7bef21d6e0575 |
memory/2748-1093-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7.exe
| MD5 | 3504dd5ccaedef6d34d7e9090458e58b |
| SHA1 | 7b73993fb07c0b16171bad449e49c9344ca87d6a |
| SHA256 | f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7 |
| SHA512 | 837d045dc044b881e969c0a4dbf34b178142733a26c38f38f56f442aab5e3bb3d2bad8094a00f99575ab4417a4bc04ebb669552d9704a32793a88e0df8e9e19e |
memory/3104-1099-0x0000000000430000-0x00000000004B0000-memory.dmp
memory/3104-1100-0x0000000004D70000-0x0000000004E02000-memory.dmp
memory/3104-1101-0x0000000004F10000-0x0000000004F76000-memory.dmp
memory/3104-1102-0x0000000004F80000-0x0000000004FF6000-memory.dmp
memory/3104-1103-0x0000000004CD0000-0x0000000004CF2000-memory.dmp
memory/2748-1104-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a1372c71a46f41badb00297dfe73931 |
| SHA1 | 8a054df5d150360c4cfa12d6ff6220712472a945 |
| SHA256 | 9fae50fc52f3487ebc14aff3263ce1d7e0817da4407460ef1e7b693381ee0a12 |
| SHA512 | 3fb34f681b7f87ff610b89d3efea85c522abbdcc101e774277c044f17f3c1263fd676bc31e9bc14a141c6d54fcee5575f0dd1178bb511f94bcbfdd5e85a435da |
C:\Users\Admin\Downloads\f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7\logs.txt
| MD5 | d2629d656fd422a1ff0c1b678fdc88c9 |
| SHA1 | a8c603c0f3ad4124a1b23a3da418e4e4c74adbf9 |
| SHA256 | b75488571b15f288ca3fe2dad78bfe2bd734848d694719ead49bb42237daec9a |
| SHA512 | a84a83124db3f04899cbd3bf7fa658d5e488eb4f23ec5b5c8153cc0cd06e2f61d9c0f3533e8f5f2c578afe8f2a1ca66a3069d1ba07348b3e783ebd87a67653ad |
memory/2748-1116-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6131f5c8e2d70f3e503070167fd1957 |
| SHA1 | 20815170468611bd0f219a067f917454c6cbbff1 |
| SHA256 | 2ae55f266186974d8679bf7e0ec3864322cbe9082d9703d4ca9e75b418306be8 |
| SHA512 | 8b8d15b513db7bb553a01833501edf7929a9530ba72b6fde8a25d2211d4cbbc300a6f22d2771d5409143a9169fec191a8d1293f84d8f00968b9f0ee3bc5a3572 |
memory/2748-1126-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1dc043e0d8a662088b19227232ea37eb |
| SHA1 | 31e79b67f26252d2f40d4f6f320b6119c7a16ab7 |
| SHA256 | 3663816dff2f4ac64a5c09e72fbed4dcd021b9e6a3600abb23550c1cec361267 |
| SHA512 | 5192af6c9f713f027225233a3b38d2f43493ff3c0b5be17c125692cc71104d54111654423760272d5afa1f4d314011c640f5763e17aa687871ef54ce0e33e915 |
memory/2748-1137-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\Desktop\Cpriv.Loki
| MD5 | 1c785b15fd54ecf6034019630ab71b36 |
| SHA1 | 5e35afe579e4e4c21405aed513f64c5d5d99fa63 |
| SHA256 | 76cf053885f43735838e5db146a7d27d096efc62f666fe5a4bd2ca330ed1aefc |
| SHA512 | 17db36eff473926bb7fc5c5e29d682048b30fd4ab250b5a86ae68bdca06dad1dead2c69d8d4bd874dbac396174984fc9e3606f79d6218cb2a7cf0f481770efa8 |
\??\c:\Users\Admin\AppData\Local\Temp\lxia11mm\lxia11mm.cmdline
| MD5 | c3e3b4a564513cc54ed9a7d37c632310 |
| SHA1 | 465622d2c6063b8b640befd1e662a1599ae88a6b |
| SHA256 | 93c9c74eac763a4437962fa20bc3cadbf8d259fb8cbd8a9a3d04c44eb06fc636 |
| SHA512 | 7f9798d965f4ce6be9047ae29ecba1c5fb29c59beadcd0698cd292e17924ccb3fd3de2fa4b7181d1b2eebb63c19e6413535f3180160f9859c2871d5ff65617c6 |
\??\c:\Users\Admin\AppData\Local\Temp\lxia11mm\lxia11mm.0.cs
| MD5 | 1c1cb94e10a99f0c467dab4104f3a988 |
| SHA1 | 4be89edc3543bc2066c43c80804524604abe4d1d |
| SHA256 | 55af44e6a4aafdfef681dcad9aadd3ad13409a026b28213534d0a14d8733a638 |
| SHA512 | 9b633422dd8ed37d7bb5eeabd2cd93d6ec89831676e08ebf9914d4a2738405b8086bf563a43ddf07c451ae3486753b7bd7c5329838cddf82366e476e9f07c91a |
memory/2748-1176-0x0000000000E00000-0x0000000001CFA000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\35huqanv.ico
| MD5 | dbc49b5f7714255217080c2e81f05a99 |
| SHA1 | 4de2ef415d66d2bb8b389ba140a468b125388e19 |
| SHA256 | 6d2f1f6164cbd331b9dc43b37948372e21b2ee45407aa99e199693835cded09c |
| SHA512 | 29a65eb7403bfc220fd057c2e6ea11b29bff545dfce2d3370ad462c66b03ae7f648efd480305423a49440de199a2a94c41214877b226a42dc2d1650683d149bb |
\??\c:\ProgramData\CSCD1BAFB453BD5467DB198782833FE1055.TMP
| MD5 | b69d74f9dbe174fa268fa21625d6b8dd |
| SHA1 | 2ec55d29918c06f29a011289976b3726e9a1843b |
| SHA256 | 9eee2ad76d345bbde4441c87b3e958b130538ecbe32101ba5dfa99640fa6be02 |
| SHA512 | c4a067a6fa83e44207e1231a767c0df9a77648c0b5673498b1e4c21b6de430ec75a7a6e227694d50d56a06e6dc9205b153cbd7ff0e747700bd9d8683d3b06e71 |
C:\Users\Admin\AppData\Local\Temp\RESCD84.tmp
| MD5 | a35519b6ed8ac0ea1a0f53464d91f691 |
| SHA1 | 4739630bbdadd5b8553c342dafdd5fa1a5088f6b |
| SHA256 | fafb96361761a38f213c7d38ad0fc2172a63ced993aa1047aed3b65d441811af |
| SHA512 | 5daaa2defff79a31eab36d332af3e5686a1e3ce2617f814a456e28263b2fc41025fc90f298cdf343a5ba331d5082229235bf43f0b14f38046a31dbae0da687d5 |
C:\ProgramData\jlh1olim.exe
| MD5 | f3fd22a2f69520f73989d87443e49ddd |
| SHA1 | bc8ae99be89a55ab1cb7693b02b1cf341810c5c6 |
| SHA256 | 41f599505c67e65d33c26c4bf31df7e7bc5f4f9642a00b7abc550e51059b9223 |
| SHA512 | 23cecb727f16dc0ecb1faf790e825bccf3780df5349c61ac8a3b5a092aa6739bbca07bf9b9c278a39311ddf5ea96a01c960f7898c260d9722f116c83033583ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24ed9bdea2f245b6766dcc5dbb52c74e |
| SHA1 | 8850a6d5a614eef05ebf648fc75a0842650186b0 |
| SHA256 | b446bdd68795955fb57a4fe8ae4ab01ea63a3c2cc4a651617cd2a0523c84d905 |
| SHA512 | fededbb403b19d4fa98411997cb13d694d278f45591242d5690718c0393f0bf4dfa54f1d2e1430965a7ed167439a6c6c643dc38be06d70fd36a9c0cc98a371c4 |
C:\Users\Admin\Downloads\CMDWatcher_v0.4\logs.txt
| MD5 | 4124a04d512a06074f423b73b053c8e1 |
| SHA1 | b03c41f580adb8549eb810de2b7b5d65af78d7b2 |
| SHA256 | 1d0ae1097febb1526548c7dead1b6c5fb973cc8c0499f66b5a2be916db21c215 |
| SHA512 | 86d556f76298c8b3f976001786f880e34fa23c684973699f7ef5a951169b0043d37141f1e871027eccf2873cb18fbbd81a6e710e029cbe4eebfe49f3bc0dc1f8 |
memory/2748-1211-0x0000000000E00000-0x0000000001CFA000-memory.dmp
memory/2748-1221-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\Documents\Restore-My-Files.txt
| MD5 | eb5795b0295395fe03049b93bfa8da80 |
| SHA1 | f04a32d19c0d190a3eac307d5c5ab137ee7fc8e9 |
| SHA256 | fedcd29b8449fcf13a8056bd9cda9ee3bdc7e5cbcb750a41408a8365fe57203d |
| SHA512 | 0abffd62c1a4ff5ec999b799e78f43344c32127e086510a91f42a4c9f4ab8c7512a7b710f0ee3799d56efe297c36b1518b7157501a174abf2d632e9232abe70b |
C:\Users\Admin\Downloads\CMDWatcher_v0.4\logs.txt
| MD5 | f92e49e3df2f9e4f9214f2217e738636 |
| SHA1 | 149488b4ba75ed13866e2a3a9de65ed8aaf540cf |
| SHA256 | df3d29bea58db0dee2a17c8e858b8752a2fe1b00bd10d2cf6041fefa00afc866 |
| SHA512 | 30b0516997a427039ddce9afb4561812142da9c052b360fd199df660f85206334225dc927e0630ea3df87d4b6413173f399ac462d836b7ff0c8eb78264b2cdeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a3ad07a80e8a4f928a74a0bd9f439a0 |
| SHA1 | 2e03ceaefb8404d4961dc394a7f9d2f7bd9c880f |
| SHA256 | 14a67725b9632e479b08713e5ccd24ed268524b87d376ec2f34b9b8ce060714d |
| SHA512 | 6f2c4af47cef667c0588c92299b82b1299a068f798cbba17e86051a2b02235424361eeb7df57fe744545d903df0c5ea9070f35ef86a21055e699db27bce8da16 |
memory/2748-7948-0x0000000000E00000-0x0000000001CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 166076d33ccef830268eef19ebed373b |
| SHA1 | e86614c5db99b78955e529a270b3a362cb450758 |
| SHA256 | a5f79218b386b1066d3fed6e3c7335a829422a8fc991d09cad1417a558138263 |
| SHA512 | e6c9ad146f50b510f9d41d39e16be5a0c7af98b63a3ee1a4ea29a848308c573f294222c47351a1d7a0817ea96e8cae94798f47c9a4099b5fff6abdc3029ac1ec |
memory/2748-16313-0x0000000000E00000-0x0000000001CFA000-memory.dmp