Analysis Overview
Threat Level: Likely malicious
The file http://google.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Runs regedit.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-18 15:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-18 15:14
Reported
2024-08-18 15:19
Platform
win10v2004-20240802-en
Max time kernel
223s
Max time network
203s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\stellar.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\stellar.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Desktop\stellar.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\stellar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684677179282396" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaba04cc40,0x7ffaba04cc4c,0x7ffaba04cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1780 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3472,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4364,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3312,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5448,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5436,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5616,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5608 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4960,i,6087172147491423804,11815500262774506771,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=952 /prefetch:8
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac24646f8,0x7ffac2464708,0x7ffac2464718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,15920708449052404632,10973343040432934445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,15920708449052404632,10973343040432934445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,15920708449052404632,10973343040432934445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15920708449052404632,10973343040432934445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15920708449052404632,10973343040432934445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe"
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /watchdog
C:\Users\Admin\Desktop\stellar.exe
"C:\Users\Admin\Desktop\stellar.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.201.174:80 | google.com | tcp |
| FR | 142.250.201.174:80 | google.com | tcp |
| FR | 142.250.201.174:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 216.58.215.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dle-rae-es.webpkgcache.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.178.142:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 142.250.179.99:443 | id.google.com | tcp |
| FR | 142.250.201.161:443 | dle-rae-es.webpkgcache.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.99:443 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| FR | 216.58.215.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| FR | 172.217.20.214:443 | i.ytimg.com | tcp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 214.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 216.58.214.66:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.74.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 216.58.214.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| FR | 216.58.215.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| FR | 216.58.215.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 142.250.201.174:443 | google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c15.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 34.105.225.79:443 | e2c15.gcp.gvt2.com | tcp |
| FR | 172.217.20.195:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 172.217.20.195:443 | beacons3.gvt2.com | udp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.225.105.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.68.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
Files
\??\pipe\crashpad_3044_LBCSSXYUAGLLDVTF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1521ef93b8ebbea75a7c6dd4280ec0cd |
| SHA1 | c90679beecf65383ef036a3187057b058c99e796 |
| SHA256 | eba21c46629bae56fe4efaf08295612761c8f91615b50c0147f82fb0a586a4c1 |
| SHA512 | 6d05174137e38d4e5677a3e982ab5a7b704c5519f4f1a5f5034eb80bfb0c565c6b8fe665078070ed311b24dff4245cef48f561e20085f91237077254301770aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eea07de49f9c7cdf8e340fe712329dc5 |
| SHA1 | c981a9dca4055d1cb326ddf217ab061edc3883db |
| SHA256 | 4d53f1c61efab6ea1e80a3097ece0d830b63842f803de1b98c9589c418235d88 |
| SHA512 | 923d814b45a310a914b4c287fc97c2ddacf0d156c40f01501e19f931723452365940e6511362f0d25d13da8ea073069e35250e5fdd5a1141d9303895e4292e9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e46c29f89a60a6c07ed8192eaeb70a8 |
| SHA1 | 3cb32a155d946bf694f409d5122dd68902eb95b2 |
| SHA256 | e04140930557eaf23714c79242d91d4346b3e2dcc2e87ef93cb56d314f761585 |
| SHA512 | 5fbc38bb3a4d1f7a38cffae09b19ec87800adbab94b2a08973031b7faf7cfcd891449c361a557a1f676fe90c685820ad181c948b640253e64af2d17ef5e471f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c69d6c0b2b1518a77d998b083e975d49 |
| SHA1 | 8540a0bc78375cc2eb3267988487446ece32d3be |
| SHA256 | 58f48dc57c7fc5a901e5e63b636d4481ecf713b1e6f2460672561158a7ddead4 |
| SHA512 | 51cd9860d491152a0d4eabb172c6c0729a472c0ca9754ee58c2061813af7731f86d5c99fec5e27e97a34ad7c10a4f93b234246c55e1d93eeca830e897ed27f07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a442948d985747dfc877407e847684d1 |
| SHA1 | 9f331cfc1dfe117e6d9d932dc8d55354071e20c5 |
| SHA256 | 19d48f6d7c9dede2ad3cecaa9d461c754a6463b2bc3203890281417770a9eb8d |
| SHA512 | 5f6dd1a802d703214ddda83bda0c4d14298a8e7182e988ab8e8a98368d6891806567612a72247f4f499935a8051a0d546185c0ae92ce08afbb6ae95f7f0b545e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1bcc32f20f623aafdf1a9c0e6d77b33e |
| SHA1 | e2d545ff0d01caaa8f272d962950221fab8f446a |
| SHA256 | bbf1d2732653a400426c46bf37053ac5aee8164ed108b6b549d9d0db6105d877 |
| SHA512 | 4b56d9c72715d8f4e6e6364c2baf4d5c47e19a5053fd07a7a11cc5e44f4005c1746fd253476ce6529773916ec846b75c3123d03a5630b6e87dfc57aac34ed1d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 62ce04d9d71ad4000667f04f9479d7bb |
| SHA1 | 1a77e21e3b29e2b0c2af6445a9c87fda056a9009 |
| SHA256 | 3b630bfa3e85c436a478a3278091353966f175c241c23cc1501a1403bd4dfa87 |
| SHA512 | 0264bdfc902548ed868ff5c0a4ea7daeea21d8cbd30a9c92c3fd171255f28f52c5463f1303e4bcccd780b2ca208b8b2c08117e7f4fd6e00cba43c5a107eaff44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e339f8e9ba616f690c938c3ca7c89039 |
| SHA1 | e5971a327eaa9f162c2a450631de4eef3fddb79b |
| SHA256 | 92a17b39d8482f699d4f33dbcf02fa0722960a7ebd2dff4545edd2cabf24ef90 |
| SHA512 | 10bc84ef975338a896bbb89f411bffd1587a7ed45f41918f2882c7872dbbcba7ac3ca377d95ffe35950ff5dab6426e7d568e7a99bbf595b8c4fe54bcb0508163 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | a7a2f6dbe4e14a9267f786d0d5e06097 |
| SHA1 | 5513aebb0bda58551acacbfc338d903316851a7b |
| SHA256 | dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc |
| SHA512 | aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe581cba.TMP
| MD5 | 758d9528f5f2c9105b7547fa43935a70 |
| SHA1 | 92cab81182bbc477b524296be8557bca35b9e832 |
| SHA256 | 72bde326e9d91fc13f1c65b9147c842dffbbda612d5aecf021679e5132c0025a |
| SHA512 | b8cf4c67c4ee309bd6467fa0ae92044a6918bcdbe9a269c11ce7c021ebf0018aea01fa88941c5e7dc40b60a955d450e03c39c17b3a932862b233739ce15159b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 22bada46616e55485fa69a224bd3c037 |
| SHA1 | 21276fcaaacc675ae8c5ec2229bfff9303b79ac9 |
| SHA256 | b036f914e9a1049a721a16f7a4c7930c5668e0ed68089925925b3d3b123b090c |
| SHA512 | b503cfd428e5849fa1d3c16448535e5c59dfc4fcd3e4da3320ee22e5790ee6c3db9166895c1d677d89acc17d193bbad3e9b4f2ea5ac72a61e81b952baa26f295 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c97a2470478d8d9f1e603965aac4f9d0 |
| SHA1 | 5fdea81269ebcd5b7593927c785d2d5f2198c45b |
| SHA256 | 4b75da130a91c5422d96bd2a0caa5b54313ea1040d1686546ec85ff38949b094 |
| SHA512 | 5563d1d6b6374ba78ff8c3f6855415be4d8dd42762866da8ca41fa7726d7b2e6cd8f43348f42c5c17d1d0982e302a008f8c3ff2be5595fe4dd4dd74b5e9785bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 525ae40bb0fd6f51931842a0306ff483 |
| SHA1 | 8368fcf240fba981fce7a05be21114df81f2852c |
| SHA256 | 59ecc6a04bce8197c7aa8e4b314ddee7eb1b382eec6775f89067a30540a04efa |
| SHA512 | d735b6f1bef0dc8c3089df141132395d84b6d8d0899153346ae9f90fcdfc942a3ff7a77ff818ac56c95a9cc5eb47936a64c5e9eeb672bd9f6ab729e4b5410d69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 674fd3f1c787e0a014ad0128b42b18ac |
| SHA1 | 36f90596c01b8e4bbca189aaecb26d7ee6330660 |
| SHA256 | ee669fdb594020773ddb1a8f79243334ea8d1a4d88164799fa829a014f2924df |
| SHA512 | c426c8f612752e7a539cb1f31a1bef0888b1a19fea88f048c761a8025a3a97209279c3afcebca2d3c475b9780e804beb97888b882fb5fd6015bde265a562fe7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b09f67ac08bdbe6fb219f7c39f759f82 |
| SHA1 | 5856f8c2410bbf7310fc5706547ca7020d84f441 |
| SHA256 | 335fa8ec0e5b94cc0f1be3f8a55378860dd30c9febc3e0f170f8a381aab1a948 |
| SHA512 | d75915869700a76d2fc52ed0e672cab82ad45258b3b3502fc100fa004401ae752456ab975f48127bc95625bc76410d45c43738460a90283fd87325e458fae35c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a0a257f4d3645ed4f805f44a3d65e7d8 |
| SHA1 | 2f1d3945a774ecae8f4a843a31fc8344a23a15db |
| SHA256 | d462857298ef7980c84ba31e4f9188edece3d6be7e316172aab015b14acf7dd8 |
| SHA512 | 4df299cb1e2d7fcf3833137ee182f4f8788dee446db015829bb87b465e922c26cf5745fa4f05b9600570d9cf443459cf787a09c4ef88d2223833801711a1068c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfb078539d832c31b6679f41f518b16c |
| SHA1 | cbdbb38d28619967a4b38968ea22d1b4d5bbd148 |
| SHA256 | 1cdded2208e25fb0af48feaa4e6b90ceb22dfb9b7bdb7b2dbca6fb5415df67e6 |
| SHA512 | 4b22164e549efad6c2174c63fafe780aee952cb483003badecceea27a291ecdac8df57da6bb3c85616fccbb54261bd7489af07af7b680ae64142ef8bab6cc459 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b68387f9ded7476ccd296de79713442 |
| SHA1 | d1324d6a79acf16ad3d4c239a9f40e1e39ce487f |
| SHA256 | 456b29e02ae16c25de3804b38276e4c7ad0bf642601e8a9b1582945b84d0e3c4 |
| SHA512 | 95ba079a3a2de3e1d6bf591c42f26d8d33ec17bc48f7be6356afb307e5fa14651023ed8a07fa90a8b888cff79f40bc4ddf5cd25fd682ea1665c8ccfaf6ba7aa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c5da6c4d00a77704676d4bc1d2435928 |
| SHA1 | 7d122c2e0df18536aefde26b53b349cdebe1700f |
| SHA256 | 637cca8184977c90e82c940ed28414f05ccacd47a0a0eea104fd42217582bfcd |
| SHA512 | 4f5091ed2201563a40f5475c88cb4765ed95aa7537d5eb92c1a2a51cb4622a230663772aa1c3a074c8fcbaac55f8a26238c8d722a645246f0fff0d1bc5f52655 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e5e65ae23865678f8c649798b1f98a9 |
| SHA1 | 30665f0d912f0391708f6324b28785cff9b0a1c6 |
| SHA256 | f1f13b812705a3cf37c92f4f95a5ed7738a23d6ddd1728e11e0c5b720db39af6 |
| SHA512 | 6411914f5ccdf919fa084a2bc3c732816c8b4cb74ba1fd37f43d3311474a60fa7805f48e662edb32d6e222d1b599d53691f4e96ce6a0183cc53eccc9c1e386ca |
C:\Users\Admin\Desktop\stellar.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5bd6c2a39d80fb7331d4c0ba1086824 |
| SHA1 | 54d43d3ce2dc52b20f669965db2276104b3cbaf4 |
| SHA256 | a708e7d1a9ba106b208a8fa0e6b60c98d68067f4566e91202be1ab720e92819f |
| SHA512 | 2037bd8f2547548038f7d74fff608de92aa04ed7f04cdb8ecaead3472bbc883584dd13a6f37b42c41e44c2dbc4755fc8e138b68c6909032035336031fe06091e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 738abda230a256ec784043da376beccb |
| SHA1 | 20586b16c08dd89c77136f5e30d4b057b45d1ec2 |
| SHA256 | 16a28bbbc5a0d8bcc4c89500ac25a4874507e38942c4a77743e1e807162bc61d |
| SHA512 | 08febc6c856ecb7e290ec7be6f1d804b2f680eb926c758fd5e0a1f76da822335ada2188d1494a79f53f42540ff3cd177c5578ea56158092db07dd099dddb04a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee84e52fa99f306d1a254febbebd30fd |
| SHA1 | d608e96bbe38728b2a54c9da85567a95227d57a0 |
| SHA256 | c037d699d794d3096656930cdd10c40f63d202164f05eec0553c2440c59b2acb |
| SHA512 | beefaf896fcf0cbbc6dd6b4b01870c642c5e1c9d6d2e439bd3591fc638823890b2942015d8c7fcb502c3c40c09e30ed26fc380b50fdf12422bdecbe6cf8a86e1 |
C:\Users\Admin\Desktop\UseReset.vsdm
| MD5 | c64735a077e1dd558186ed74c5bb8b15 |
| SHA1 | de440acc212c7651956a97e08dd10dd2e57994cb |
| SHA256 | 7f5a6fa8a591a9f5f8a470fa94aa189d8780ccdea0f0fc3da6facbcd1c788c81 |
| SHA512 | afcb70b8893f5e155a885b296af72ab483dab4c2638a58f44b9551d2e9139c088ac6189e71fb928821a508b7ab9826093e561c749f0d56dc7bbecf07a2749624 |
C:\Users\Admin\Desktop\UpdateGroup.dwg
| MD5 | 1f14a604da87d6f292268e9b97de6d62 |
| SHA1 | 49dfa08918fa7b0296a6b9629d34e08fc0eb20b5 |
| SHA256 | 581bfa53d6d36cd7381a189db1602e1b836ef359a9f78aac1e45688a30ec06d0 |
| SHA512 | 35487f3159d105d1235a8d2c15004491edae25b6631cdb52ac64f1307780a4f441395d5a484055889862fd0b6a02e45048ea6226bfba7ad0b317ce9ab5607c09 |
C:\Users\Admin\Desktop\RedoRestore.docx
| MD5 | 1c4b6700e6e94ba590012b10c425ab97 |
| SHA1 | f8d565fe3faacf2074f38c1a4e774bc3a0085df8 |
| SHA256 | c1b0d6437a520275cefef05c9b64cd7c618733f3a208b863bb17baeb42a1b20a |
| SHA512 | deb2d7d032476715f052740c1dc25c2cc2e542789c639849a94970220674a881514a7246146721ab6320d47d0042fffb2d770075b891fe6c8d39336c9e156466 |
C:\Users\Admin\Desktop\WaitUse.lock
| MD5 | 9ecdedc0d9f101815ebd193ca0b5147b |
| SHA1 | d809bf4dd28868382e466ebf236caea9b5309663 |
| SHA256 | c232666a2369e26f7be0cb3ad282c92e3ebb2f78c758b849778cd206ffb42a23 |
| SHA512 | d49e3cdbe4ef650f337d2f6c6cdb9f022eef86efedd590333c371da5d1adef4fab4316dab904372ba2e246458ead152f013575bd3f5316587dec1008ec032a16 |
C:\Users\Admin\Desktop\WaitResolve.wmf
| MD5 | d5a6680555ebe968518241b774160c87 |
| SHA1 | 98fc21969e9c06d1b9d14a46dc7fd740e93d1e2f |
| SHA256 | 77af62d1dcc1d648e4f95a71954102c6ddbb3e37d6099c4a9bc2a5981d59caee |
| SHA512 | a519bc90951852aa7d67de3aadb3cdcaaf5c646482606488e829725aa7a3b3d654a21f76fa1e36233ef1f4c4d89e3ec0b2cf319d3757665ff30c8d6a430c5baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd398c6f4a6a47e0dd3927e3aebe7243 |
| SHA1 | c4cd421104119d37ab1a74e1c09ef0e59fd3eff9 |
| SHA256 | 6d929eaa79023107ac9e3ddd7d8542f664cb7917353108610cf16978daa9b91d |
| SHA512 | 8ff03c4604a850542500131f700a4129392494efc7429744501d4ee8103733985032a6dd91f2897cd945043cfa9640f0df475d9c9157c7da7d4a9941e62e9aef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abc5ff82711d23e1b61e542bf300310f |
| SHA1 | 034e6b3050106f7268c96fe3a16d4b3f2d3ee7c1 |
| SHA256 | 558ce87e343adfd9c028b9846802b12dcf63ce6a9cde755b88d5987fb27c5b6c |
| SHA512 | 4b106a403a16d8547f08e62e1dbec41b09fdaf4a675e672b1611fcca038cb5ef46be5bb304d60d2c00cb856300ec91cae148f4b52facc04350ccdcaaa127e3b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65e58c0e227f314ab8711822b3888f46 |
| SHA1 | 045d8b7183678ecf2aadff9b8da4a2d8211c6ee8 |
| SHA256 | 0b72f55a40bfb0f8bd650fada2eb3a26614e97822d176273ce3de8c749747987 |
| SHA512 | 3c61e7b132a3ea509e896c7e782badccf880829e8c1947ab74a15e5e59a3a032e9453b6311ffd95df611b703e93816a80a30bf4ae3d0a55955d11577e672817e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 876237ecd62c8a95e85f28cbc4c30840 |
| SHA1 | aa7138ceedb958ab0ca8dafc53622c10ad5869b2 |
| SHA256 | fdfb2f773c82646f4041584bd6e256b2c2718d194236bb35e4e53c375c50e675 |
| SHA512 | 6631eb6e9ea8b87ed969e01fd22e437ee6a3a1bc71198870a358ec1ddb2196c253ad10ec1b8b76a4472e1b6a8f52736db0fd2e7c56b670a244f420a279f8f5f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87616b903626c451f07bf45c885df9bb |
| SHA1 | b64eaeb27f0b2cb2af042ccbacaa0fc4f4cd8006 |
| SHA256 | c83589ba6d5d2df2517e07d005945fef06c01461cab5e777db5828b1d3d23736 |
| SHA512 | f20e5b3ab15b43579d23b766624bbec2d2493ba8b45babf13d7b79dfcca31af279f9f3d2f73c20c1e78ee9b827755f7a23170843063a576a3363308a1a98a9fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc67033381ab085fd45088485ca6d268 |
| SHA1 | 4d7d3376a0b37d212db870bd291e83841138d216 |
| SHA256 | cb00c1ce6bff26df7e915ace1fdfa573c003ee8de7f717d568f366985c2850c2 |
| SHA512 | 71a4a7c5f8764bed31baeb3cd1e6faf8867d5855c1272bb08a5ff4938a751e59ebd494ced91d96a50422e715cdfda6cb0d813a2facd585fb8a64f31991dc86e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4606a801a8a9370cfdec8e1d31ec14c9 |
| SHA1 | a6ead6e0ed881669509d9a5ef8cd4053dd4400fe |
| SHA256 | a714da90e412c3b6a0ed0c6ee0c9690384b00617bc8fb5d8f52677bb57f75ca2 |
| SHA512 | 33f04fc16ccaace2f6b3abb782bf0a2b0360f1400bb5501c9d4c341b617a970b931ab61afcc363b3af339a33d02373e27cde13ef4a4795ecb6df12fc9349a5bb |